Defining Identity Management Systems and Maturity Models. Despite the potential that Cloud Computing has for revolutionizing every aspect of the software industry, there are significant shortcomings in the area of security and risk assessment and mitigation. The basic value proposition of Cloud Computing is that by leasing applications online, companies have the potential to significantly reduce their operating costs. What is not often pointed out however is the fact that identity management on Cloud Computing platforms is still in its nascent or very embryonic stages. Often identity management systems fail to fully protect all assets of a given Cloud Computing platform as role-based access has yet to be defined and implemented. Lacking is a protocol stack of Cloud Computing Identity Management and a maturity model to assist organizations in assessing their relative levels of risk. The intent of this analysis is to provide the frameworks for both the protocol stack and maturity model for Cloud Computing platforms.
978-1-4244-9008-0/10/$26.00 ©2010 IEEE 138 Assessing the Risks and Opportunities of Cloud Computing – Defining Identity Management Systems and Maturity Models R.PalsonKennedy Research Scholar, A.P, RREC Anna University, Chennai-95, India palsonkemmedy@yahoo.co.in T.V.Gopal Dept of CSE CEG,Anna University, Chennai-25, India Abstract— Despite the potential that Cloud Computing has for revolutionizing every aspect of the software industry, there are significant shortcomings in the area of security and risk assessment and mitigation. The basic value proposition of Cloud Computing is that by leasing applications online, companies have the potential to significantly reduce their operating costs. What is not often pointed out however is the fact that identity management on Cloud Computing platforms is still in its nascent or very embryonic stages. Often identity management systems fail to fully protect all assets of a given Cloud Computing platform as role-based access has yet to be defined and implemented. Lacking is a protocol stack of Cloud Computing Identity Management and a maturity model to assist organizations in assessing their relative levels of risk. The intent of this analysis is to provide the frameworks for both the protocol stack and maturity model for Cloud Computing platforms. Keywords- Cloud computing,Risk,Security,IMS I. I NTRODUCTION A. Assessing Cloud Computing The collection of technologies that comprise the Cloud Computing platforms being sold as services today have been in existence for decades as the basis of enterprise systems and platform deployments. Specifically including integration platforms including Enterprise Application Integration (EAI), networking platforms and products and servers, and strong reliance on TCP/IP, with the inclusion of data center virtualization algorithms to ensure their scalability, Cloud Computing platforms are an outgrowth of enterprise-wide networks that had been created in previous decades. Despite how time-tested these core components are, the relatively recent developments in Web-based application development have created security vulnerabilities at the application and also at the service provider level. Given how cloud providers must integrate disparate, often conflicting database together to create a multi-tenancy platform the tendency to cut corners and do AJAX-based scripting that exposes an entire application online has been known to occur. The underlying technologies are fundamentally sound yet the cloud providers in many cases are not taking all necessary Precautions in creating multi-tenancy and secured client locations on their servers. Often organizations contracting with cloud providers may be attracted to the very low prices offered for hosting yet have no idea of the risks and potential security lapses that could result due to the providers’ unwillingness to invest in adequate Web-based security. Studies indicate the plummeting prices of Cloud storage and application hosting are partially driven by the cost reductions made possible by cutting corners on security. To have an appreciation of the trade-offs being made from a security standpoint, it is imperative to understand the levels or fundamental structure of Cloud Computing. Fig. 1 presents the structure with Infrastructure-as-a-Service (IaaS) at the bottom of the protocol stack, as this is the foundation on which Cloud-based platforms are built. IaaS is comprised of those technologies which have the greatest number of years in use and as a result many of them have advanced security and encryption algorithms associated with them. Servers, networking, data centers and storage including storage area networks (SANs) have advanced authentication and verification technologies associated with them, many in single-instance installation. Figure 1: Fundamental Structure of Cloud Computing 139 The use in multi-instance or multi-tenant architectures is still being defined through the rapid maturation of the Cloud Computing industry. The build-out of Cloud Computing platforms from Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) is based more on scalable databases, middleware, Web 2.0 applications and Java runtime applications in addition to AJAX programming techniques and applications. This is the layer that has security vulnerabilities inherent within it from the standpoint of development languages meant more for single-instance, relatively light duty cycle applications instead of multi- tenant, in-depth application development. As a result it is very common in security audits to finding scripting attacks launched at servers in this area with attacks being successful in impersonating administration and user accounts. Java runtime applications are often designed with the assumption of open collaboration across groups and therefore default to shared resources across networks. This is potentially disastrous in a Cloud Computing platform as it opens up all the data in the hosted application and its databases. The top layer of the structure of Cloud Computing is the Software-as-a-Service (SaaS) layer. This is the layer that includes business process management (BPM) extensive collaboration and social networking applications including Facebook, Twitter (Vijayan, et.al.) and others, and thousands of industry and enterprise applications as well. These are the most susceptible areas to hackers as often developers, in the rush to get social networking applications out and be the next Facebook or Twitter, fail to ensure enough security guidelines and safeguards are in place. The many security problems Twitter has had, from their internal servers being hacked and celebrities’ username and passwords posted to the Internet to their site being hijacked by hacker groups loyal to the Iranian government all illustrate how porous this level of the SaaS model. Twitter has been a very vocal proponent of free speech in Iran and has as a result been attacked by loyalists to that nation and industry observers suspect the government itself. Facebook has often been hacked as well, as have been many other social networking sites. Despite assurance to the contrary, SaaS-based applications are easily hacked into and taken over as the case of the Iranian loyalists gaining complete control over Twitter for a full day before the start-up could regain control of their site. SaaS-based applications are fraught with risk due to the use of development technologies originally meant for single use, not multi-tenant platforms. B. Protocol Stack What is missing from Cloud Computing security platforms today is a unified protocol stack that can integrate access management, administration, provisioning, and Web Services into a single, unified platform. Integrating together these concepts into single contiguous platform architecture has the potential to deliver greater scalability and performance for Cloud based applications and platforms. Fig.2, Protocol Stack for Cloud Computing Identity Management shows how each of these components can be integrated together for Based on analysis and interpretation of the following sources: (Cuppens, Cuppens-Boulahia, 2008) (Das, Echambadi, McCardle, Luckett, 2003) (Gupta, Roth, 2007)(Ray, Stoica, Farkas, 2004) (Swart, Marshall, Harris, Forcht, Olsen, 2005) (Vijayan, 2007). Using the Protocol Stack for Cloud Computing Identity Management to analyze the levels of maturity within Cloud services providers, analyzing existing research and best practices in identity and role-based management, the following Cloud Computing Identity Management Maturity Model has been designed. (Table-1) Figure 2: Protocol Stack for Cloud Computing Identity Manage ment Systems TABLE I. C LOUD C OMPUTING IMMM 140 The stages range from 0 that signify isolated silos, to Stage 1 for Central Administration, Stage 2 for user self-service, stage 3 for role-based access control and stage 4 for integrated user management. Based on analysis of the following sources: (Das, Echambadi, McCardle, Luckett, 2003) (Saltzman, 2006) (Swart, Marshall, Harris, Forcht, Olsen, 2005) Characteristics and results are shown for each of these specific stages of the maturity model. Additional studies suggest that the development of pilots for AJAX and XML security integration in the Cloud coupled with support for Web Services increases the pace of maturity in this model. II. M ULTI -T ENANCY A NALYSIS A. Paper Thin Walls of the SaaS Community The concept of multi-tenancy states that an application is used equally across a series of users, each receiving comparable or equitable levels of responsiveness and bandwidth through the use of the Tenant Load Balancer. Figure 3, Maturity Levels in Tenancy Design illustrates the progression of the SaaS industry from single-tenant to full multi-tenant. Beginning with Level 1 which is fully single- tenant, shows a one-for-one correspondence between the application in use on the SaaS platform and the user requesting it. This does not scale well from a performance or security standpoint, and is primarily the architecture that led to the Application Service Provider (ASP) market quickly transitioning to the OnDemand or Level 3. The essence of Level 3 is that it is a configurable multi-tenant architecture that has the functional ability to scale to individual users’ needs without sacrificing speed. Level 4 is state-of-the-art today and uses constraint-based technologies for ensuring optimal application performance over time. As can be seen from Fig. 3, the use of a Tenant Load Balancer can significantly increase the profitability of a service provider, as their investment in a single application can be scaled across many different users concurrently with no degradation in performance. Multi-tenancy gets much mention as the core of the SaaS architecture yet as with many areas of Cloud Computing, definitions vary by who is giving them. For hardware vendors the virtualization aspects of Cloud Computing as it relates to running a full 128-bit multithreaded Tenant Load Balancer complete with algorithms for virtualizing servers and minimizing disk and memory latency times through caching. Conversely software-based definitions of Cloud Computing concentrate on the multi-tenancy aspects as it relates to speed improvements using AJAX, J2EE- and RISC-based programming languages that can be optimized for use over XML networks (Formica, et.al.). A third group concentrates their definition of Cloud Computing on the services and interprocess communication that is possible using these applications and the underlying XML networks. Inherent in their definition is the assumption that Service- Oriented Architectures (SOA) (English, 16) will eventually dominate on Cloud-based platforms (Young, Madans, 147). The assumption of scalability from the infrastructure through application to presentation layer of the Cloud Computing model is made in this definition of the concept. The use of XML as a scalable network for ensuring integration across these platforms has proven to be highly effective from a performance and cost standpoint as well (Formica, 241, 242). Unifying all of these definitions is the common thread of Cloud Computing being a platform that comprises a series of dynamically scalable shared resources that can be metered by use or computing resources taken per task. What each of them lacks however is a unified definition of a security model that is consistent with each other. The hardware security model is purely based on virtualization algorithms being developed to allow for 128-bit to 512-bit encryption; it is very hardware centric. The software security model is based more on authentication and validation of identities including attempts to impersonate and gain access as administrator or power user than on locking down the hardware or even the XML network. Finally the services definition of Cloud Computing is more focused on the business process integration areas of the architecture than anything else. In short there is no unified, single security model for Cloud Computing that unifies these attributes and that presents a significant risk. III. R ISK I MPLICATIONS A. RI of Public, Private and Hybrid Cloud Computing Platforms In conjunction with the lack of a single security model across the hardware, software and services aspects of Cloud Computing there are also a corresponding lack of security guidelines and consistency in the area of authentication, security and encryption across the emerging areas of Private Clouds, Public Clouds and a Hybrid Cloud. Fig. 4 compares these different infrastructures at a definitional level. The lack of a consistent security models across all of these Cloud types is also leading to confusion and the very high risk of one customer being able to see another’s data in a Private or Hybrid Cloud for example. The Amazon Web Services platform, designed with application tools predicated on social networking design objectives of being purely collaborative and egalitarian by default share every data Figure 3: Maturity Levels In Tenancy Design 141 element in an Amazon Web Services account. This has led to users being able to see other user’s information and the ability to even run reports in other’s Amazon Web Services Accounts (Siegel, et.al.). Clearly there is significant room for improvement in how individualized user accounts are managed. Amazon is one of the largest and most well-respected cloud services providers globally as well. With their financial support from Amazon.com one wonders how other smaller cloud services providers are managing these costs and the tradeoffs for security. IV. C LOUD S ECURITY & R ISK A. Strategies To Mitigate Cloud Security Risk And Ensure Security There have been admittedly few security models that span the entire breadth of the Cloud Computing Infrastructure stack. The one that has been most consistently evaluated and applied of the new is the Confidentiality, Integrity and Availability (CIA) Model (Brynko, et.al 3). The essence of this model is a focus on balancing the triad objectives of confidentiality, integrity and availability (Ashford, 3). The definitions of each of these components are as follows. Confidentiality is defined as the ensuring that information is not disclosed to unauthorized persons. Integrity is defined within this model as ensuring that information held in a system is an accurate and proper representation of the data intended and that it has not been modified or changed by anyone unauthorized to edit or copy it (Ashford, 3). Third, Availability is defined through the ensuring that information processing resources are immediately cut off and discontinued for malicious attacks underway on a SaaS or Cloud Computing platform (Ashford, 3). These three form the triad of the model with non- repudiation being the ensuring that agreements made electronically be audited and proven over time (Ashford, 3) (Brynko, et.al.). Given the dearth of models specifically focused on Cloud Computing security this one has been adopted and used as the foundation of system and entire cloud provider audits (Ashford, 3) in addition to fall-back planning in the event of a malicious attack on a Cloud Computing services provider (Zimski, et.al 34.). In addition the use of the triad model has also been used as part of Service Level Agreements (SLAs) that service providers use as their primary contracts with customers. In fact given the magnitude of the recent security gaffe at Amazon Web Services (Siegel, et.al 26,27.) the focus is more than ever on applying services metrics of performance to the attainment of high security levels for Cloud-based applications (Zielinski, et.al 33.). Cloud computing has in fact entered an entirely new era where contract management and the use of SLAs to guarantee security and define stiff penalties and fines if data and applications are not kept safe has arrived (Burge, et.al.). In fact CIOs are now being advised to get their legal team involved in the very beginning negotiations with Cloud Computing vendors to ensure that data and applications are protected under contract as well (Nash, 34). Clearly litigation will be an issue if data and applications are compromised on the Cloud Computing platform in the coming years. Organizations are in fact taking the necessary steps to protect their information assets online despite claims of perfect security on Cloud Computing providers’ platforms. Another significant factor in the adoption of the Confidentiality, Integrity and Availability (CIA) Model (Brynko, et.al.) is the decision by Cloud Computing early adopters to move their legacy applications online (Brodkin, et.al 2.). The decision to move legacy applications to the Cloud is one that has inherent cost advantages yet very significant risks due to the many integration links to legacy data, some in an organizations’ databases requiring open access to cloud providers’ via XML (Garakanidze, 19). The integration aspects of legacy applications being moved to the cloud is one of the riskiest from a security standpoint there is (Lamont, et.al.). CIOS who are given the task of deciding which applications will move to a Cloud Platform and when are often first to point to security concerns and the need for continual auditing of the chosen provider’s site (Creeger, 6). B. Information Security Security related to the information exchanged between different hosts or between hosts and users. This issues pertaining to secure communication, authentication, and issues concerning single sign on and delegation. Secure communication issues include those security concerns that arise during the communication between two entities. These include confidentiality and integrity issues. Confidentiality indicates that all data sent by users should be accessible to only “legitimate” receivers, and integrity indicates that all data received should only be sent/modified by “legitimate” senders. Solution: public key encryption, X.509 certificates, and the Secure Sockets Layer (SSL) enables secure authentication and communication over computer networks. V. C ONCLUSION Cloud computing has a significant cost advantage over Figure 4: Comparing Public, Private and Cloud Computing Platforms 142 traditional enterprise software yet is fraught with risks (Golden, 13). The intent of this analysis has been to present the fundamentals of cloud computing, how they are changing quickly into public, private an hybrid clouds and the implications on organizations over time. Foremost among all of these trends is the fact there is not a single unified security model that can in depth define each aspect of a cloud for security level validation. The role of the CIO is then becoming more of a validator of what cloud computing vendors claim to have in terms of security versus what they actually do (Creeger, 6). R EFERENCES [1] Ashford, W "Cloud presents security fix, not failure. " Computer Weekly 3 [2] Brodki n, J "Moving legacy applications to the Amazon cloud. " Network World 21 Sep. 2009: [3] Brynko, B "Cloud Computing: Knowing the Ground Rules. " Information Today 1 Nov. 2008 [4] Burge, D "The legal risks of cloud computing. " Computer Weekly 1 Sep. 2009: [5] Chowdhury, N., and R. Boutaba. "A survey of network virtualization. " Computer Networks 54.5 (2010): 862. [6] Creeger, M "CTO Roundtable: Cloud Computing. " Association for Computing Machinery. Communications of the ACM 52.8 (2009): 50. [7] Cuppens, F., and N. Cuppens-Boulahia. 2008. Modeling contextual security policies. International Journal of Information Security 7, no. 4, (August 1): 285-305. [8] Samar Das, Raj Echambadi, Michael McCardle, Michael Luckett. 2003. The Effect of Interpersonal Trust, Need for Cognition, and Social Loneliness on Shopping, Information Seeking and Surfing on the Web. Marketing Letters 14, no. 3 (October 1): 185-202. [9] English, J "The Future of Cloud Computing Is the Recent Past of SOA for the Software Life Cycle. " Database Trends and Applications [10] Formica, . "Similarity of XML-Schema Elements: A Structural and Information Content Approach. " The Computer Journal 51.2(2008):240-254. [11] Forte, D "Application delivery: pros and cons both virtual and real. " Network Security 2009.12 (2009): 18. [12] Avtandil Garakanidze. "Moving Data to Enterprise Clouds :Data clouds reduce cost and complexity of storing data, but introduce latency and migration challenges; virtualization can help ensure continuous interoperability. " Information Management: 7a 19.(2009) [13] Golden, B "Cloud Computing: "Be Prepared". " EDUCAUSE Review 44.4 (2009): 64. [14] Sushil Gupta, and Aleda V Roth. 2007. Martin K. Starr: A Visionary Proponent for System Integration, Modular Production, and Catastrophe Avoidance. Production and Operations Management 16, no. 1, (January 1): 1-12. [15] John Harney. 2006. SOA tools-virtually bridging the legacy divide Part 2. KM World, March 1, 18,20-21. [16] Katzan, H., and W. Dowling. "Software-As-A-Service Economics. " The Review of Business Information Systems 14.1 (2010): 27-37. [17] Kroeker, K "The Evolution of Virtualization. " Association for Computing Machinery. Communications of the ACM 52.3 (2009): 18. [18] Lamont, J "SaaS: integration in the cloud. " KM World 1 Jan. 2010: [19] Messmer, E "Is virtualization safe? Views within IT differ. " Network World 22 Dec. 2008: [20] Kim S Nash. "Legal Quandaries in the Cloud :Cloud computing offers tempting affordability, but legal quandaries abound surrounding e- discovery. Experts advise CIOs to ask questions of their vendors up front " [21] Pinnow, A., and S. Osterburg. "A Capacity Supply Model for Virtualized Servers. " Informatica Economica 13.3 (2009): 96-105. [22] Rai, S., and P. Chukwuma. "Security in a Cloud. " The Internal Auditor 66.4 (2009): 21. [23] Matthew Saltzman. 2006. How Safe is Web Security? OR-MS Today 33, no. 4, (August 1): 8. [24] Siegel , Jonathan. "User Ignorance Causes Cloud Security Leak; Accounts, Passwords Revealed ." Read Write Web . Read Write Web , 31 March 2010. Web. 31 March 2010. <http://www.readwriteweb.com/cloud/2010/03/user-ignorance-causes- cloud-security-leak-accounts-passwords-revealed.php>. [25] Soghoian, C "Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era. " SSRN Working Paper Series 1 June 2009 [26] Andrei Stoica, and Csilla Farkas. 2004. Ontology Guided XML Security Engine. Journal of Intelligent Information Systems 23, no. 3, (November 1): 209-223. [27] Richard S Swart, Bryan A Marshall, Matthew E Harris, Karen A Forcht, and David Olsen. 2005. Dimensions of Network Security Planning For Web Services. Journal of Information Privacy & Security 1, no. 1, (January 1): 49-66. [28] Jaikumar Vijayan. 2007. Researchers Warn of AJAX Security Risks. Computerworld, August 6, 12. [29] Vijayan, J "Twitter Breach Revives Cloud Security Fears. "Computerworld 3 Aug. 2009: [30] Walsh, P "The brightening future of cloud security. " Network Security 2009.10 (2009): 7. [31] Winans, T., and J. Brown. "Moving Information Technology Platforms To The Clouds: Insights Into IT Platform Architecture Transformation. " Journal of Service Science 2.2 (2009): 23-33. [32] Young, D., and P. Madans. "XML: Why Bother? " Publishing Research Quarterly 25.3 (2009): 147. [33] Zielinski, D "Be Clear on Cl oud Computing Contracts. " HRMagazine 1 Nov. 2009: [34] Zimski, P "A storm is brewing for cloud security. " Computer Weekly27Oct.2009: . disastrous in a Cloud Computing platform as it opens up all the data in the hosted application and its databases. The top layer of the structure of Cloud Computing. et.al.) and others, and thousands of industry and enterprise applications as well. These are the most susceptible areas to hackers as often developers, in the