Key Keeper

You've probably seen T-shirts emblazoned with "There is no cloud; it's just someone else's computer." This skepticism results from the management policy of quickly outsourcing as many IT services as possible, with the sole focus on efficiency and cost savings. As a result, data security becomes a secondary feature that the shrinking IT department must somehow guarantee.

Admins who simply run their applications in the cloud run the financially significant risk of violating the General Data Protection Regulation (GDPR), for example, if they store unprotected personal data on servers outside the European Union. However, the online bank N26, which runs entirely in Amazon Web Services (AWS), has passed an audit by the German regulator BaFin (in this respect), showing that it is feasible to operate cloud services compliant with strict rules.

In addition to the choice of the run-time environment (configured as the "region" on AWS and other cloud providers), there are several options for encrypting data for cloud storage. At the last AWS Summit in Berlin, the CTO of AWS, Werner Vogels wore a T-shirt that advocated "Encrypt Everything." If encryption is the answer, then who has access to the keys and where are they kept?

Who Can Do What?

The first question for data security in the cloud concerns read and write permissions. This issue raises its head whenever you deploy any type of IT service and starts with user management. Weaving a complex structure of authorizations that define which user can access which data, servers, and other resources can be a Sisyphean task, with changes occurring constantly in IT operations.

The sheer number of possible permissions from which admins can assemble roles and services are far greater in a cloud like AWS. Finding the permissions you need for a particular cloud service to work without allowing too much is never going to be trivial. The complexity of the task can drive admins to distraction, prompting them to press Allow everything and thus release confidential customer data in an openly accessible Amazon Simple Storage Service (S3) bucket (Amazon's object store). Although this is inexcusable, it is something that you can at least empathize with from personal experience.

Data protection to and from the cloud, and on internal transfer paths between services, is another consideration. Many admins will suggest enabling TLS. But in practice, the success of the project often depends on where the certificates originate.

While a multitude of AWS services are affected by access controls, I have limited this article to two basic AWS services: the S3 object store and the Elastic Compute Cloud (EC2) virtual machine (VM) service. Additionally, I will look at AWS key management, as well as a few aspects of Identity and Access Management (IAM), which distributes users and their rights.

Trinity

The confidentiality, integrity, and availability (CIA) triad plays an important role in determining data security. Confidentiality (C) means that only authorized users see the data content. On a public web page, the group of permissions will often be All.

Integrity (I) means that only authorized users can modify the data. Where applicable, this means that some of the authorized users are only able to change a certain dataset within defined value ranges. A bank employee, for example, can only transfer money to accounts per customer request, instead of at will.

Availability (A) pertains to how data is maintained and stored. If all the important corporate data is on a single hard disk without a backup, and the disk bites the dust, then the data is no longer available.

Protection from Whom?

When it comes to protection against unauthorized read (C) and write (I) access to the data in the cloud, admins need to determine who has access to which data. There is public access via the Internet, plus a small group of users with different authorization levels (i.e., order processing does not need access to human resources' salary tables).

Since the whole thing runs on a third-party infrastructure, you also need to consider protection from the cloud provider's employees, as well as access controls for the in-house administrators who manage the systems. This is particularly relevant for personal data, such as salary tables.

Availability is something that AWS customers can typically assume to be a given. With S3, for example, the user would have to actively disable high availability to voluntarily suffer from data loss in the event of a crash. In addition, the object store supports versioning so that the customer can revert to older versions in the event of problems.