Since June of 2010, I’ve enjoyed collaborating with the Trusted Cloud Initiative subgroup of the Cloud Security Alliance. In the second half of 2010, we have reached a consensus on the language of the audit assessment questions that are aligned to PCI, HIPAA, NIST, and ISO best practices, and which mitigations are expected for various types of cloud topologies including public, private, hybrid, IaaS, PaaS, and SaaS. We now have a new RACI matrix template to facilitate the service level agreement negotiation process to align on which parties are responsible, accountable, consulted and informed. When multiple parties are involved in keeping a system current and operational, the RACI matrix is a very effective method to ensure that the proper resources are allocated to manage the ITIL service support and service delivery procedures. It is in the proper separation of duties that technology mitigations become more trustworthy, especially related to the governance over production change management procedures to mitigate the risk of an unauthorized change using a human quality control process to verify and validate changes prior to deployment.
The CSA TCI reference architecture team is focused on the ISO and NIST requirements in the CSA Security Controls matrix to ensure that our solution is focused on the mitigations that are most important to the marketplace. This requirements based approach towards a trustworthy cloud is in alignment with the guiding principles of the TCI mission.
- Define protections that enable trust in the cloud.
- Develop cross-platform capabilities and patterns for proprietary and open-source providers.
- Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer.
- Provide direction to secure information that is protected by regulations.
- The Architecture must facilitate proper and efficient identification, authentication, authorization, administration and auditability.
- Centralize security policy, maintenance operation and oversight functions.
- Access to information must be secure yet still easy to obtain.
- Delegate or Federate access control where appropriate.
- Must be easy to adopt and consume, supporting the design of security patterns
- The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms
- The architecture must address and support multiple levels of protection, including network, operating system, and application security needs.
Regarding the implementation of the reference architecture, the team agreed in October that the SAML 2.0 HTTP POST binding is the most appropriate for doing business with a public Internet connected cloud Policy Enforcement Point (PEP) and a legacy Identity Provider Policy Decision Point (PDP) and/or legacy a LDAP directory service. With the SAML HTTP POST binding type the user’s web browser sends the SAML token to the cloud, rather than integrating the Cloud API Service Provider directly with the enterprise Identity Provider (aka SAML Artifact bindings). To ensure that architectural decisions such as these are made properly, we’ve adopted the ISO IEC 9126 Decision-Criteria based process for software engineering product quality control. Technology choices are made based on the solution attributes score for the following criteria: Functionality, Reliability, Usability, Efficiency, Maintainability, and Portability. It is this decision making process that drove the team to conclude that SAML tokens are more Functional and Reliable for enterprise application integration with cloud services for business purposes than the use of a technology such as OpenID which is better suited for cloud to cloud application single sign-on.
I would also like to take a moment to acknowledge some key contributors, who have participated and presented various topics. Marlin Pohlman’s contribution to represent the Cloud Audit Standards with an alignment of the Security Controls Matrix to the expected requirements of various reference architectures has resulted in an improved set of audit questions and a solid set of requirements for the Trustworthy Cloud Initiative that are directly aligned with the certification subgroup work led by Nico Popp. David Sherr and Jairo Orea have contributed a significant amount of time and energy to align the TCI work with the wants and needs of the Financial Services & Insurance Industries. Dr. Shehab presented work that he and his students have done at UNCC to speedup the processing of XACML rules by reordering and categorizing policies. Subra Kumaraswamy has contributed a significant amount of energy on Identity and Access Management requirements and technologies working with Scott Matsumoto and the implementation subgroup.
With the Cloud Security Alliance Congress this week in Orlando, the security and privacy minds of the world are debating the risks and benefits to move away from Basic Authentication along to multi-factor authentication techniques to combine what you have (a smartcard), with what you know (a shared secret), and who you are (biometric data), versus emerging open authentication protocols such as OAuth and the emerging OAuth2 specification.
For more information about the Trusted Cloud Initiative or to join go to http://www.cloudsecurityalliance.org/trustedcloud.html and once you are a member you will be able to contribute to the CSA TCI community knowledge repository.