Introduction
Organisations are transitioning to Cloud Services to take advantage of a wide range of benefits. Within UK Government, this has largely been at OFFICIAL. The transition at higher classifications has been hampered by concerns over security.
Fundamentally, the risks associated with Cloud Architectures are different and require a tailored approach to security controls and risk management. By understanding how to address the specific challenges, and implementing appropriate controls, organisations can take advantage of the benefits provided by cloud computing at higher classifications.
Although the concept of ‘cloud’ has been muddied in recent times, this article looks at true cloud as defined by National Institute of Standards and Technology (NIST).
The assumption is that at higher classifications, a Community Cloud model will be adopted, whereby a Cloud Service is only offered to organisations working at the classification of interest.
Opportunities offered by Cloud Services above OFFICIAL
The business benefits of Cloud Services at OFFICIAL have driven their widespread adoption, and the same benefits can be realised at higher Classifications. These include:
- Scalability and Flexibility
- Continual improvement and updating of hardware and software
- Agility and Speed of Adoption
- Collaboration
- Cost
Challenges of delivering Cloud Services above Official
Some characteristics of Cloud Services result in security challenges which have caused the adoption of Cloud Services at higher classifications to be limited, including:
Threat Level and Capability. At SECRET, the threat model includes threat actors with the ability to bypass many commercial grade controls. Customers also inherit threats from other organisations.
Segregation between Customers. Shared services offer a range of benefits however there are associated risks which need to be managed.
Administration and Solution Support. In Cloud services, some aspects of the infrastructure will be managed and maintained by cloud service providers and this leads to potential risks to customer services.
Security Assurance Levels. Much assurance around high classification systems revolves around the use of assured products which may not be available in virtualised environments.
Delivering secure Cloud Services above OFFICIAL
The challenges outlined can be addressed through the following:
- Risk and Information Management: Risk Management in Cloud Environments is different to on-premise systems. The use of cloud services presents a set of different risks, and are managed in different ways.
- Security Architecture: The security architecture of cloud-based solutions is not a replica of on-premise solutions, but must take into account the characteristics of Cloud Services, and the specific challenges at higher classifications. Examples include:
- Data separation
- Security Monitoring and Audit solutions
- Privileged Access Management
- Encryption Management
- Security Engineering: Good security engineering provides assurance that exploits are not available to an adversary. There needs to be assurance that each security control is robustly implemented, and that controls layer appropriately.
- Security Monitoring: Robust security monitoring provides assurance that the specific threats to are managed appropriately. Monitoring must be robust at both the Service Provider and Customer level, and must be active rather than passive to combat sophisticated threats.
Through a layered approach, the challenges identified can be addressed. At Leonardo, we believe that Cloud Services can deliver higher levels of security and lower residual risk than traditional on-premise solutions in many cases. Each case requires specific investigation to make the case for transition to Cloud Services or remaining and improving the on-premise provision.
To this end, we have been working closely with UKCloudX, a company focused on addressing the needs of UK government agencies, who provides an infrastructure that meets the rigorous security requirements required for data at higher security classifications, at substantially lower cost. It is a result of a significant investment in people, physical security and new technology which uses higher grade assurance to create a trusted and neutral platform to meet above OFFICIAL expectations.
Conclusion
Delivery of Cloud Services at SECRET presents a challenge when combined with traditional views of security architecture and assurance; however there is no reason why organisations cannot make use of cloud services at this level.
A combination of good risk management, security architecture (such as that delivered by UKCloudX) and security engineering - all backed up by pro-active security monitoring - can meet the challenges associated with Cloud Services and provide the level of assurance needed to support accreditation above OFFICIAL.
For a more detailed look at above OFFICIAL Cloud Services, please download our white paper or contact us via email.