Have you ever wondered why it’s really taking the government so long to move more than basic email services to the cloud? Well, if you have then you are certainly familiar with the standard cultural and security explanations: Federal IT managers like to be able to see and touch the blinking lights on their servers and third-party cloud service providers just can’t be trusted to protect data from prying eyes.
While there may be some truth to these cultural perceptions, they don’t tell the whole story of cloud computing’s lumbering journey toward total acceptance in the Federal government. It turns out that there are some legitimate technical security concerns surrounding cloud computing that continue to raise questions about the main selling points used by cloud proponents — that locating data in the cloud is more difficult than traditional on-premise hosting and cloud service providers have more resources to dedicate to security.
“We’ve got a million lines of hypervisor [code] hosting an operating system that we know is insecure and somehow that hypervisor makes it more secure?” questioned a senior Department of Homeland Security official during a recent cloud security event on Capitol Hill. “We know we’ve got problems with getting cryptographic entropy in virtual machines. We know that we’ve got problems with key management in virtual environments. There are a lot of responsible people who do not believe the current state of cloud security warrants moving essential services to the cloud,” the official said.
When we talk about virtual environments, we’re really talking about physical servers running multiple virtual machines on top of software known as a hypervisor. And although vulnerabilities in hypervisors are rare, they are not impossible. And that could lead to a hacker gaining access to all of the virtual machines running on the hypervisor. So while the environment is certainly different than traditional server environments, it’s not necessarily more secure.
The challenge of achieving cryptographic entropy remains a hot bottun issue in cloud security. In a traditional desktop environment, things like keystrokes, mouse movements and hard drive movements are monitored to generate random numbers that can then be used to generate random encryption keys. This so-called entropy pool is much smaller and more limited in virtual machines and is believed to be a weak point because they generate weaker keys. Theoretically, a smaller entropy pool produces random numbers that can be guessed by brute force.
Even Tom Sasala, the chief technology officer at the U.S. Army Information Technology Agency, agreed that there are serious technical challenges that have yet to be overcome. “The key management and the legitimate privilege management on a type 1 hypervisor is a big question mark in my mind,” Sasala said.
But where there are challenges there are opportunities, said Donna Dodson, the chief cybersecurity advisor at the National Institute of Standards and Technology (NIST).
“Whether you’re looking at a private cloud, a public cloud it gets back to that risk management approach,” Dodson said. “And certainly there are challenges. And getting key management right in a traditional environment has a different set of challenges than it does in a cloud environment. Both of them require tremendous planning and consideration, and it’s still too big of a challenge for any of us to really get that right,” she said. “If you look at a traditional system and all of the places you don’t realize you have keys, that’s a big challenge to to architect that out and be able to make key changes. If you look at virtualization, with a virtual machine you have a different kind of set of key management challenges. But you have opportunities in both of those environments, particularly in cloud, to be able to do appropriate sets of key management changes, which is very hard to do in a traditional environment.”