Data security in multi-tenant environments in the cloud

Abstract

While cloud computing is widely used in consumer applications, business and enterprise customers remain hesitant. The most commonly cited issues preventing the adoption of cloud computing are reliability, security and privacy. Enterprise Software as a Service solutions offered in the cloud consist of many distinct components that are integrated into a solution which is consumed by the customer. Single components are connected and form a complex solution by communicating and complementing their services. This communication is often not properly secured because components were developed for non-cloud scenarios where inter process and component communication security requirements are less stringent. Preventing unauthorized access by users, processes or components is a basic requirement for any solution. Especially in a cloud context the integration of not or lesser trusted components might be required but a trustable solution is still expected. As a first line of defense, access to systems and services is secured by authentication mechanisms. This requires a system to validate user credentials as well as provide proof of its identity to the user. The individual components comprising a cloud service need to authenticate each other as well in order to prevent unauthorized access by compromised components or systems. Securing this communication by authentication requires the individual components to have access to certain keys. While authentication is used to secure services against unauthorized access, encryption can often be employed to secure data for transport or storage. In both cases similar problems are faced. When using keys for encryption and authentication the security of the system relies on securely managing the keys. This thesis will investigate technology options for authentication, encryption and key management in a cloud based Software as a Service solution exemplified by the IBM SmartCloud Archive.