The Need for Cloud Identity Management

Imagine this scenario: a disgruntled IT staffer leaves the company, goes down to the local McDonald's, logs back into the network and starts taking down virtual machines. One of the machines taken down is the Exchange server, virtually killing much of the internal response due to reliance on email as a major response coordination mechanism. Sound far-fetched? Well, it happened in August to the U.S. subsidiary of Japanese drug-maker Shionogi. Estimated cost to the company of the outage is $800,000. While attending this week’s Cloud Expo the Shionogi story got me thinking about the potential for the same thing happening in the cloud. For this discussion I’m focusing mostly on Infrastructure as a Service (IaaS) as a parallel to running a virtualized infrastructure in-house. Most of the energy being put into IaaS security revolves around the confidentiality, integrity and availability of the data being stored and processed in the cloud. This leads to discussions about virtual firewalls, IDS, encryption and cloud portability. But, what about the cloud back end? What about your systems administrators and application developers creating, enabling, disabling, deleting virtual images in the cloud? What kind of damage might a disgruntled cloud Admin do? It turns out an awful lot. And, it’s actually a worse situation than the in-house example since the monitoring and management tools to track cloud administration are not nearly as robust (in general) as what IT might have in-house. To prevent the Shionogi situation happening in the cloud we need strong identity and authorization management for cloud administrators. This includes a range of services, usually necessary from the cloud provider. To start with All IaaS providers offer basic password and ID access to the administrator console. But in some cases the ID/password are shared among administrators. A very bad practice and at a minimum there must be a unique ID/Password for each admin. On top of this we need strong privilege management so only very few admins have root level (or its equivalent in an IaaS) access. We also need multi-factor authentication with one-time passwords to prevent any man-in-the-middle and password replay attacks. All of this needs to be federated with in-house identity management systems and databases such as LDAP or Active Directory leveraging standards like eXtensible Access Control Markup Language (XACML) and Security Assertion Markup Language (SAML) for authentication and authorization policy management. Putting all the pieces together requires a comprehensive identity and access management for the cloud to prevent a Shionogi-like attack happening in the cloud.