Private cloud security risks and how to prevent them
Admins that rely on private clouds should not be drawn into a false sense of security. Outdated VM images, rogue admins and possible data loss are real security risks for private clouds.
Some organizations might perceive private clouds as more secure than public clouds because various cloud resources reside in their own data centers. While private clouds do offer certain security advantages, they also present security risks -- such as outdated VM images, rogue admins and data loss -- that IT administrators must know how to address.
Many admins rely on private clouds because of their single-tenant environments, which enable admins to have exclusive access to their resources. In addition, private clouds provide user self-service, scalability and increased performance.
However, certain private cloud security risks can diminish these benefits. Admins should familiarize themselves with these risks to ensure protection of their data and virtual systems.
Address outdated VM images
Outdated VM images pose one of the largest security risks to private cloud environments. Admins that grant a user access to their private cloud generally give that user the ability to act as a tenant admin and create VMs from the VM templates that admins provide.
Unfortunately, admins cannot assume that a user with permission to create VMs is a cybersecurity expert. Even if that user does have a cybersecurity background, admins can't be sure that the user adheres to security best practices. As such, admins must create VM templates that rigidly adhere to their organization's security requirements.
Just as admins must create VM templates with security in mind, admins must also keep the VM templates up to date. This means updating or creating a new template when patches become available, or when security best practices change.
Dangers of rogue admin abuse
Another potential security issue to consider is insider abuse. Some admins might require multi-tenant private clouds, which enable them to share hardware resources. For example, admins might use a common set of hosts and storage devices to service all the tenants.
Generally, tenant admins are unlikely to break out of their designated cloud space and access another tenant's resources. However, a rogue admin within the IT department could access a tenant's sensitive resources.
There are several ways to prevent the IT department from engaging in this type of abuse. First, teams of administrators must make it known, in no uncertain terms, that they do not tolerate this type of behavior. Second, admins should use role-based access control to compartmentalize and limit the scope of administrative access to prevent one single admin from having unrestricted access to any resource.
In addition, admins can enable audit logging and ensure that only the HR department has access to the logs. This keeps anyone in IT from being able to access a tenant's resources and cover their tracks. Admins should also configure their private cloud to automatically enable shielding for tenant-created VMs. VM shielding encrypts VMs in a way that prevents rogue admins from making VM copies and importing those copies into unauthorized host servers such as a machine in an administrator's home.
Rogue tenant admins can also disable various security features. For example, a rogue admin might turn off the Windows firewall or modify the group policy to no longer require passwords.
To prevent this type of behavior, admins should avoid granting tenants unrestricted administrative access, even within their own VMs. Admins' options for doing so vary depending on their private cloud platform and the guest OS that they use. But admins can create VM templates in a way that denies tenant admins access to specific registry settings and group policy settings that are critical to maintaining a VM's security.
Risk of data loss
One more risk worth considering is that of tenant data loss without a backup. Even when instructed otherwise, a tenant admin might assume that the IT department backs up their private cloud resources. This can lead to critical data loss during a failure, and admins might not retrieve any lost data without a backup.
Admins must ensure that the means exist for recovering a tenant's VM should it become necessary. For example, admins might consider purchasing a cloud backup product, such as Acronis' Data Cloud or Druva's Cloud Platform, that provides file sync and share, as well as backup and recovery management.