Appendix B: Compliance Considerations
Appendix B: Compliance Considerations
Audit concepts such as segmentation and monitoring applied to a vCloud environment reveal new challenges. Elasticity may break old segmentation controls and the ability to isolate sensitive data in a rapidly growing environment. Role-based access controls and virtual firewalls must also demonstrate compatibility with audit requirements for segmentation, including detailed audit trails and logs. Can a provider guarantee that an offline image with sensitive data in memory is accessible only by authorized users? Can a log indicate who accessed it and when? vCloud resource management requires multiple admin-level roles.
The complexity of vCloud environments, coupled with new and different technology, requires careful audits to document and detail compliance. The following table lists common audit concerns in the vCloud.
Table 5. vCloud Audit Concerns
An additional layer of technology is present in every vCloud and may present an attack surface. The Hypervisor introduces a layer between the traditional processing environment and the physical layer, which brings a new level of communication with layers above and below it.
Segmentation and isolation
Any environment may expose sensitive data when not configured and monitored properly—physical and logical isolation has always been an audit concern. The ease and speed of change to a virtualized environment within vCloud computing, often called elasticity, makes the setup and review of segmentation controls even more relevant to compliance through isolation.
Different/multiple primary functions per host
The vCloud environment can make more efficient use of hardware, but it increases the proximity of information in transit and at rest. Some compliance standards explicitly require one primary function per server (or virtual server), as illustrated in Figure 30.
Enforcement of least privilege
In a vCloud environment, remote network access is the only available path offered to customers to manage their environment. Instead of physical access audits for equipment installation and modification, virtual system management software must be audited.
Machine state and migration
The ability of systems to quickly change and move in a vCloud environment gives auditors a need to track authorization and related change controls. Separate and isolated networks should be used for data migration that is in the clear to avoid exposure of sensitive information.
Data is much less permanent
Cloud environments make extensive use of short-lived instances. Virtual machines might have a lifecycle far shorter than physical systems, as they are easy to provision and repurpose. Systems also share data across large arrays in swap space. Permanence of data is also affected by environments that push as much storage as possible through high-speed memory to avoid the latency of spinning disks.
Immaturity of monitoring solutions in vCloud environments
Customers need audit trails and views unique to their own use of the vCloud environment, which also supports incident response and investigations. Providers have to extend and develop log management and monitoring solutions to meet regulatory and client requirements for the vCloud environment.
Figure 30. One Primary Function per Server