What can software quality professionals do to help ensure that only secure applications are running on their cloud platforms or cloud infrastructure? What sorts of vulnerabilities do cloud services introduce?
First of all, "secure enough to run on cloud platforms" implies that the software is secure enough to run in a dedicated environment. That means that software to be deployed to cloud platforms should go through a comprehensive software assurance program: Security requirements should be captured, threat modeling should be performed, developers should endeavor to write secure application code, and security testing with both static and dynamic analysis should be run. These sorts of measures are "table stakes" for any software that is going to be deployed where it is likely to be attacked -- whether that's in the cloud or on a dedicated infrastructure.
That said, there are a couple of concerns that become more critical when you look at software intended to be deployed on a cloud-based infrastructure. For example, threat modeling can become much more important for systems that use a variety of types of system components. Understanding how data flows among dedicated hardware, Infrastructure as a Service (IaaS) cloud instances and Platform as a Service (PaaS) services is critical to identifying threats so they can be addressed with proactive countermeasures. Understanding what data resides on these different tiers is critical to making decisions about encryption for that data while it's in transit, stored or "at rest." Many Software as a Service (SaaS) applications have plug-in architectures that can rely on protocols such as OAuth or other, more esoteric HTTP interactions. These sorts of interactions can allow for very powerful integration capabilities, but they should be scrutinized to identify potential weaknesses.
Cloud services can introduce a variety of possible vulnerabilities. Organizations with high-security applications on an IaaS platform should understand that a hypervisor compromise could result in a system's virtual operating system being compromised. PaaS platforms have the added risk of data leakage between users, just as SaaS platforms have the risk of data leakage between tenants. Anytime a shared infrastructure is being employed, there is an increased risk of data leakage between the parties relying on that infrastructure.
In addition, organizations relying on cloud infrastructure should be concerned about the sort of access law enforcement and intelligence agencies might have to their code and data. This potential access has been brought into the limelight by the recent NSA PRISM revelations, but it has always been a concern that organizations relying on cloud infrastructure should have been paying attention to. Placing application components and application data onto an external infrastructure puts an organization at the mercy of their provider and the prevailing local laws. Organizations should anticipate situations where law enforcement (or other) agencies might have a legal basis for accessing these systems, and must make decisions about system design and infrastructure hosting accordingly. This is not a problem just for companies using shared infrastructure in the United States, but rather is a concern for any organization and makes it mandatory that they take into account local laws wherever they host components of their applications.
This was first published in August 2013