The critical elements you need to fully understand before living in the cloud are the physical attributes of the cloud center: staffing, patrols, power, law enforcement and fire or other disaster access, location and method of secure backup, and recovery. This is all in addition to the nature of the hardware itself. You wouldn’t live in a house without understanding the physical security aspects, and you certainly should not place your sensitive information and processing somewhere with any less care.
At a major communications hub in South Korea, we conducted a security and resilience audit for critical secure voice systems. We tested security and access controls, interviewed security forces on response procedures, and exercised re-constitution plans. We checked all supporting systems, microwave radios, and antenna towers. We determined a simple loss of one tower would destroy not just primary, but backup communications into and out of the entire country. The moral of this story is that you cannot overlook even the simplest physical security and continuity element of your system.
There are a lot of physical challenges involved in helping you to assess the trustworthiness of your cloud provider and their datacenter(s). Is the datacenter in an earthquake or flood zone? Where does the power and backup power come from and how are they protected? I found a commercial datacenter that was proud of their very expensive turbine generators that could provide full replacement for commercial sources for up to two weeks. It sounded good, until I asked a simple question: If someone siphoned your fuel tanks, would you know? The answer turned out to be, not until we tried to run the generators. They now have sensors on their fuel tanks and roaming patrols include a physical check of locks on them. Expect your cloud partner to walk your security team through all of them, and make certain you ask the question that is bugging you. It could be critical.
Cautious circles of the U.S. Federal Government used to send officers to the factory of manufacturers of computer servers that would process sensitive government information. They would travel with the computers until they were turned over to government-controlled and protected storage. Other trusted individuals would sign, deliver, and install them under multi-person controls and accountability.
If you build, lease, or contract for one of these multi-tenant cloud centers, with no assurance the hardware was not altered before or during installation, modified chips could theoretically help foster the exfiltration of sensitive information and help cover up the attacks. Do you know where your servers have been?
