What is needed to verify cloud service level agreements? Is faith enough?
Authors Sara Bouchenak, University of Grenoble, Gabriela Gheorghe, University of Luxembourg, Gregory Chockler, IBM Research UK, Nuno Santos, Max Planck Institute, Hana Chockler, IBM Research Haifa and Alexander Shraer, Google, discuss this in a recent paper Verifying Cloud Services: Present and Future (pdf).
The authors note "As far as we know, no clouds adequately address service performance and dependability guarantees. . . ."
But is isn't just performance and dependability. There's more.
Is the service functionally correct? Is the performance meeting SLA requirements? Is the security level sufficient and does it meet the cloud vendor’s claims?
The authors identify for specific areas where more information, independent of cloud service providers, would help consumers and enterprises.
- Trusted software and server identity. Is the service running the right software over the right set of servers?
- Functional correctness. Once the service is up is it doing what it is supposed to do even as the specific physical servers and network configurations are changing?
- Performance and dependability. Is it meeting performance and availability requirements? If not, why not?
- Security. Does the service comply with stated security policies?
This is not theoretical. For example, it has been demonstrated that it is possible to manipulate the identities of virtual machine images to attack consumers on Amazon’s EC2 service. If something can be hacked, or misconfigured, it will be.
There are few available techniques to verify cloud service integrity in a scalable manner. Configurations change without notice. Software updates, physical servers, network routers and more are not controlled by users.
And that’s assuming everything is working as planned.
For example, cloud storage. We may be reasonably certain that bulk data is consistent from one user to the next. But what about updates? How can users be certain that updated data is available promptly to authorized users?
Or encryption for data at rest? How do we know it is encrypted? That the encryption process is secure?
Given varying national laws and surveillance programs, how can users know where data is physically located? Where are the audit trails that can show regulators or plaintiffs that no laws were breached?
The Storage Bits take
This paper is sobering because it shows how primitive current tools for verifying cloud services are – if they exist at all. It isn’t even clear that cloud providers themselves know if their promises are kept.
Cloud services are now an irreversible part of the IT infrastructure. But lacking accountability it is inevitable that abuses will occur.
Comments welcome, of course. Okay, you can't prove you're getting what you pay for. Do you care?