This article discusses key management strategies for the SaaS cloud model, and unique security problems to be dealt with because of lack of user control.
Cloud computing covers a broad range of services, with such a wide array of networks, servers, storage methods, and applications, that in order to understand how it works, and how it can be of value to an organization, it should be broken down into components, which can be studied and analyzed one at a time. Therefore, cloud services is commonly divided into three distinct categories, depending on the type of service provided: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
This article discusses several aspects of the SaaS cloud model, and the key management strategies that are commonly used for the security protection of data and data transfer operations. The main difference between the cryptographic operations needed for the SaaS model, and the other models (PaaS and IaaS) is that the cloud consumer loses visibility and the control within the various layers of the SaaS model and, and since the cloud provider also implements all security functions, consumers normally don't have any dealings with key management in the SaaS model.
When using applications with the Software as a service (SaaS) context, users are provided access to application software and databases in the cloud. No extra hardware or software is needed on the consumer end when running applications. The cloud providers have the application software installed and set up in the cloud, where users can access on demand. Cloud users do not manage the cloud infrastructure and platform where the application runs, as this is all taken care of by the provider. The provider can meet the needs of several users at once by distributing tasks onto multiple virtual machines by using load balancers. These operations are invisible to the consumer, who sees only a single access point.
Since SaaS service providers supply all the maintenance, support, and functionality for applications on demand anytime and anywhere, such that it can be set up and running by a consumer in a matter of minutes, SaaS is probably the best known and most commonly used aspect of cloud computing. In addition to cost savings on maintenance, support, hardware and software costs, etc., another major advantage of using SaaS services is that updates are automatically installed without any need to download and install software.
However, the main problem with the SaaS cloud service model is the greater possibility of unauthorized access to data which is stored on the cloud provider's server. As a result, many users are employing third-party key management systems to help secure their data. When running an application within the SaaS services, the consumer basically needs two types of security capabilities:
The cloud provider takes care of all security involving the interaction with the application. The provider will usually perform the encryption for large scale data storage operations, such as when all fields of a database need to be encrypted. The consumer should provide encryption for any customized set of data storage requirements, which may vary among customers.
While a general user is interacting with SaaS services, a secure session should be set up by the provider, which provides both confidentiality and integrity with the application (service) instance. The TLS (Transport Layer Security) protocol, which is very similar to SSH (Secure Shell), is commonly used to enable the service instance and establish two-way authentication procedures. Secure session keys are then set up for encrypting/decrypting and for generating message authentication codes. This involves using an asymmetric key pair (private and public keys) for a service instance and an optional key pair on the client side, as well. The client-side private key and the server-side private key have to be managed by the client/service sides respectively.
Cloud providers will normally divide their physical storage allocation and resources into sections, such as disk volumes, and assign encryption keys for each one. This creates new key management issues, such as the fact that multiple customers may be using the same key within a disk volume. Additional security measures may be needed in this case, such is giving each customer access to a unique set of keys. There is also the fact hundreds of symmetric keys will have to be managed because of the sheer volume, which may require multiple key management servers (or HSM).
If customized field encryption is required by the consumer, an encryption gateway is implemented within the consumer's network. This gateway acts as a reverse proxy server and monitors all data transfer operations. It is located between the client application and the cloud application. The gateway is set up with certain rules for encrypting different data items. Data is encrypted in real-time as it is sent to the SaaS cloud application for storage. As data is returned, it is then decrypted in real-time back into clear text for use by the client application. Only authorized clients have access to the clear text as all data is stored in encrypted format in the cloud. Any number of cryptographic keys may be use to protect the selected fields of the database, and is protected using an in-house key management system. Encryption operations should use whatever encryption method is most appropriate, which may include shared keys or public/private key pairs.
NIST: Cryptographic Key Management Issues & Challenges in Cloud Services (2013)
by R. Chandramouli M. Iorga and S. Chokhani
What’s inside the Cloud? (2009) by A.Lenk, M.Klems, J.Nimis, S.Tais, T.Sandholm