Previous article in the series – IaaS: Cloud Virtual Infrastructure Threats
With the PaaS (platform as a service) model the vendor offers a complete development environment in which application developers can create and deploy their code. This avoids the need to build a server environment to run an application and the need to install a development environment for creating applications. Developers can simply connect to a PaaS CSP and use a provider-compliant development tool to create applications and deploy worldwide. The vendor will typically provide code building blocks so that the customer can rapidly build applications. PaaS security considerations include access and authorization, working with distributed applications, storage security, and data protection.
An important consideration is the use of a secure third-party authentication mechanism. These typically use WS-* or SAML protocols. Regardless of the authentication mechanism used, end-to-end encryption must be applied to the logon sequence. Authentication should use a cryptographic hashing mechanism so that the password itself is never exposed. There is also a need for rapid and effective provisioning and deprovisioning of user accounts.
PaaS utilizes the following data storage types:
Structured: Information organized in accordance with a defined schema that aligns with its expected use. This is typically used in relational databases.
Unstructured: Information not aligned or organized along any schema or in any repeatable fashion. Examples include email messages, videos, and audio files.
PaaS: System/Resource Isolation
PaaS tenants should not have shell access to the servers running their instances (even when virtualized). The rationale behind this is to limit the chance and likelihood of configuration or system changes impacting across multiple tenants. Where possible, administration facilities should be restricted to siloed containers to reduce this risk.
Careful consideration should be given before access is provided to the underlying infrastructure hosting a PaaS instance. In enterprises, this may have less to do with malicious behavior and more to do with efficient cost control; it takes time and effort to “undo” tenant-related “fixes” to their environments.
PaaS: User-Level Permissions
Each instance of a service should have its own notion of user-level entitlements (permissions). In the event that the instance(s) share common policies, appropriate countermeasures and controls should be enabled by the cloud security professional to reduce authorization creep or the inheritance of permissions over time.
The effective implementation of distinct and common permissions can simultaneously improve security and user experience when implemented across multiple applications within the cloud environment.
PaaS: User Access Management
User access management (UAM) enables users to access IT services, resources, data, and other assets. Access management helps to protect the confidentiality, integrity, and availability of these assets and resources, ensuring that only those authorized to use or access these are permitted access.
In recent years, traditional “standalone” access control methods have become less utilized, with more holistic approaches to unify the authentication of users becoming favored (this includes single sign-on). For user access management processes and controls to function effectively, a key emphasis is placed on the agreement to and implementation of the rules and organizational policies for access to data and assets.
Key Components of UAM
Intelligence: The business intelligence for UAM requires collecting, analyzing, auditing, and reporting against rule-based criteria, typically based on organizational policies.
Administration: The ability to perform onboarding or changing account access on systems and applications. These solutions or toolsets should enable automation of tasks that were typically or historically performed by personnel within the operations or security function.
Authentication: Authentication provides assurance and verification in real time that the user is who they claim to be, accompanied by relevant credentials (such as passwords).
Authorization: Authorization determines the level of access to grant each user based on policies, roles, rules, and attributes. The principle of least privilege should always be applied (i.e., users should only have access to what is specifically required to fulfill their job functions).
Note that user access management enables organizations to avail themselves of benefits across the areas of security, operational efficiencies, user administration, auditing, and reporting along with other onboarding components; however, it can be difficult to implement for historical components or environments.
PaaS: Protection Against Malware/Backdoors/Trojans
Traditionally, development and other teams create backdoors to enable administrative tasks to be performed.
Once backdoors are created, they provide a constant vector for attackers to target and potentially gain access to the relevant PaaS resources. We have all heard a story where attackers have gained access through a backdoor, only to create additional backdoors, while removing the “legitimate” backdoors, essentially holding hostage the systems, resources, and associated services.
More recently, embedded and hardcoded malware has been utilized by attackers as a method of obtaining unauthorized access and retaining this access for a prolonged and extended period. Notably, malware that has been placed in point-of-sale devices, handheld card processing devices, and other platforms has divulged a large amount of sensitive data (including credit card numbers, customer details, etc.). Code reviews and other SDLC checks are essential to ensure that the likelihood of malware, backdoors, Trojans, and other potentially harmful vectors are reduced significantly.
Next article in series – Security Considerations for SaaS
1 thought on “Security Considerations for Platform as a Service (PaaS)”