Trust in Computer Systems and the Cloud

This is a dark blue boom cover with a purple arrow made out of circuits on the bottom, and the title above it. The first word of the title, "Trust," is in purple, and the rest of the words are white and slightly smaller beneath it.

Book written by Mike Bursell

Book review by Ben Rothke

Bottom Line

I recommend this nonfiction book for the Cybersecurity Canon Hall of Fame.

Review

If you go to the Amazon Web Services AWS Artifact page, which details the compliance and information security in the AWS Cloud, you will see that Amazon takes security quite seriously. They have certifications for standards such as SOC 2, ISO 27001/27017/27018, PCI DSS, and many more. They do all this to show their customers that they can be trusted with their data. AWS also complies with a diverse set of other standards and regulations, including:

  • National Bank of Cambodia’s (NBC) Technology Risk Management (TRM)
  • Reserve Bank of India (RBI) Cybersecurity Framework
  • Australian Prudential Regulation Authority (APRA)’s CPG 234
  • Korea Information Security Management System (K-ISMS)

After seeing the scores of compliance regiments AWS complies with (and similar is true with Google Cloud Platform (GCP), Microsoft Azure, and other major cloud providers), one can be left with the feeling that if they put their business and associated data in the cloud, their security needs are taken care of, and that AWS can be trusted. However, can they really be? What is this trust they are trying to assure customers of?

Nevertheless, when using public cloud services from a cloud service provider (CSP), you cannot rely just on the provider. Customers need to understand the notion of the shared responsibility model, which security tasks are handled by the cloud provider, and which tasks are handled by them. And this will vary depending if you are using Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or Software as a Service (SaaS).

The Cloud Security Alliance (CSA) has a page that explains the shared responsibility model. They note that CSPs adhere to a shared security responsibility model, which means your security team maintains some responsibilities for security as you move applications, data, containers, and workloads to the cloud. At the same time, the provider takes some responsibility, but not all.

And the following 27 words from the CSA encapsulate what trust in the cloud is all about: defining the line between your responsibilities and those of your providers is imperative for reducing the risk of introducing vulnerabilities into your public, hybrid, and multi-cloud environments. 

Many mistakes are around cloud misconfigurations. These misconfigurations lead to cyber exposures, security breaches, insider threats, or external hackers. These cloud-threat actors exploit vulnerabilities to gain access to the environment. These cloud misconfigurations result in companies exposing unencrypted or sensitive data to the public internet. This results in data leakage and downtime, leading to severe reputational damage and financial loss for the companies or government entities.

In Trust in Computer Systems and the Cloud (Wiley), author Mike Bursell, formerly chief security architect at Red Hat, has written a valuable reference to assist the reader in ensuring their computing environment implements this monstrosity called trust. The intricacies of digital trust are significant, and this book does a great job of defining and clarifying the topic.

As a book about trust, an interesting insight Bursell makes is that much of the literature on computers and trust is not about trust at all. Rather it is about mistrust. If you take a simple view of trust as something binary – it is either there or not, rather than considering it as a more complex relationship or set of relationships, then the area which is not black and white but tinged with complications is what is relevant. And that is what mistrust is all about.

The book shows that far from being binary, trust is a very complex area that transcends boundaries and business operations. Rarely is it black and white, and therein lies the challenge for information security professionals.

In 2019, the Linux Foundation established the Confidential Computing Consortium (CCC) to improve the security of data in use. The consortium members include some of the world’s largest tech firms, including Intel, Meta, Microsoft, Red Hat, and many more. The book has emphasized how confidential computing impacts security, trust, and risk. While there is, to a degree, much hype around confidential computing, from Forbes to Gartner and more, confidential computing only works when you have a complete handle on trust. And that is precisely what the book helps with.

At a high-level, confidential computing sounds a lot like zero trust. But while there are similarities, they are, in fact, quite different. Zero trust is a security framework that requires every user to be authenticated, authorized, and validated before being given access. Zero trust also applies to data, services, applications, and more. A zero-trust architecture is built on the notion that there is no network edge, be it at the physical layer or within the cloud.

Confidential computing moves that layer of trust to the system layer. And for the networks and systems using confidential computing, they are not based on zero trust rather than on explicit trust. But defining those layers of explicit trust requires an organization to understand all aspects of trust within their organization. And while plenty of vendors are selling zero-trust solutions (and often implemented with limited success), doing confidential computing right is a lot more than deploying some appliances in the data center. The book does an excellent job of showing how to define and build those levels of trust into their systems and how to deploy them.

This interesting book provides a unique and detailed approach to the notion of trust and shows its impact on networks and data. It is a complex topic that has significant security and privacy implications. There are no easy solutions as today’s enterprise networks, with connections to myriad different customers, vendors, and supplies is not a trivial endeavor in which to implement trust.

For the serious reader that wants to get a handle on confidential computing and other aspects of digital trust, this is an excellent reference in which to start their journey.

Conclusion

This is a highly detailed and innovative book on the topic of trust. For many who work with Active Directory (AD), their idea of trust is simply the implementation of AD trust, which connects two distinct AD domains to allow users from one domain to authenticate against resources in the other domain. However, that is trust at its most simplistic level.

This book is for the serious reader concerned about digital trust. The topic itself is far too broad and complex to be fully detailed in this 300-page book. But for those looking for an excellent reference to start their trust journey, this is a great guide and a worthy candidate for the Cybersecurity Canon.

We modeled the Cybersecurity Canon after the Baseball Hall of Fame and the Rock & Roll Hall of Fame, except it’s a canon for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!