云身份管理的需求

想象一下这样的场景:一名心怀不满的IT员工离开了公司，来到当地的麦当劳，重新登录网络，开始关闭虚拟机。其中一台被关闭的机器是Exchange服务器，由于依赖电子邮件作为主要的响应协调机制，实际上关闭了大部分内部响应。听起来很牵强么?今年8月，日本制药商盐野义(Shionogi)的美国子公司就发生了这种事。据估计，此次故障给该公司造成的损失为80万美元。在参加本周的云博览会时，Shionogi的故事让我开始思考同样的事情在云上发生的可能性。在本文的讨论中，我主要关注基础设施即服务(IaaS)，它与内部运行虚拟基础设施并行。在IaaS安全方面投入的大部分精力都围绕着在云中存储和处理的数据的机密性、完整性和可用性。这导致了关于虚拟防火墙、IDS、加密和云可移植性的讨论。但是，云后端呢? What about your systems administrators and application developers creating, enabling, disabling, deleting virtual images in the cloud? What kind of damage might a disgruntled cloud Admin do? It turns out an awful lot. And, it’s actually a worse situation than the in-house example since the monitoring and management tools to track cloud administration are not nearly as robust (in general) as what IT might have in-house. To prevent the Shionogi situation happening in the cloud we need strong identity and authorization management for cloud administrators. This includes a range of services, usually necessary from the cloud provider. To start with All IaaS providers offer basic password and ID access to the administrator console. But in some cases the ID/password are shared among administrators. A very bad practice and at a minimum there must be a unique ID/Password for each admin. On top of this we need strong privilege management so only very few admins have root level (or its equivalent in an IaaS) access. We also need multi-factor authentication with one-time passwords to prevent any man-in-the-middle and password replay attacks. All of this needs to be federated with in-house identity management systems and databases such as LDAP or Active Directory leveraging standards like eXtensible Access Control Markup Language (XACML) and Security Assertion Markup Language (SAML) for authentication and authorization policy management. Putting all the pieces together requires a comprehensive identity and access management for the cloud to prevent a Shionogi-like attack happening in the cloud.