Developing The Secure Cloud

Developing The Secure Cloud

Edward Snowden’s revelations exposed National Security Agency activities that have given many people and corporations second thoughts about taking advantage of the cloud, which is the latest term for the Internet. It was bad enough when developers had to worry about spammers, virus writers, and criminals bent on gaining access to private information. Companies also worried about losing information to corporate espionage.

Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) platforms like Amazon Web Services (AWS) have allowed users to flock to the cloud to host everything from Web servers to corporate data storage. Most have been built on standard PC enterprise hardware that has hardware security support via TPM, virtual memory, and virtual machine support. But much of the communication between systems, including storage, moves over the network where software is used to control access.

Verizon’s Terremark service recently announced that it will be using AMD’s SeaMicro platforms, which employ a hardware hypercube communication fabric that can manage partitions that feature computing, communications, and storage (see the figure). Also, its nearest neighbors won’t affect performance, and their communication load will be isolated. It will allow cloud services compliant with the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), and the National Institutes of Standards and Technology (NIST) 800-53 Security and Privacy Controls.

Figure 1. AMD’s SeaMicro SM15000 is the basis for Verizon’s move into supply cloud compute and storage services.

Still, security is only as strong as its weakest link. Any system that utilizes the cloud for some aspect of its communication is susceptible to attack that can be silent and costly or noticeable and costly. Designers need to ask who holds the keys and what locks they fit into.

Lavabit, a secure e-mail service company that Snowden and many others had used, recently shut itself down after the NSA first obtained a court order to put in a backdoor—and then for the key to the door. The problem with backdoors is that they are designed to be hidden, as is their use. Unfortunately, the security of the system comes down to who has the keys to these doors. Snowden had one of these keys.

The latest design buzzword is Internet of Things (IoT). IoT usually means connecting anything that sends data to the cloud, where the cloud servers are often running on one of the PaaS or IaaS platforms. IoT gateway tools and reference designs of various types have been rolling by my desk for months, and most have some level of hardware security included.

Most companies with these products are providing the tools to secure a system but are leaving the actual implementation up to you, the developers. Hopefully you will educate yourself about the different aspects and tools for creating a secure system because it is more than just using tools like secure boot and AES encryption. So how secure are the cloud services and IoT devices you are designing or using?

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.