An increasing number of companies and other enterprises are reducing their costs by migrating portions of their information technology infrastructure to cloud service providers. For example, virtual data centers and other types of systems comprising distributed virtual infrastructure are coming into widespread use. Commercially available virtualization software such as VMware® vSphere™ may be used by cloud service providers to build a variety of different types of virtual infrastructure, including private and public cloud computing and storage systems, which may be distributed across hundreds of interconnected computers, storage devices and other physical machines. Typical cloud service offerings include, for example, Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).
In cloud-based information processing system arrangements of the type described above, enterprises in effect become tenants of the cloud service providers. However, by relinquishing control over their information technology resources, these cloud tenants expose themselves to additional potential security threats. As one illustration, a given tenant may be inadvertently sharing physical hardware resources of a cloud computing environment with other tenants that could be competitors or attackers. Similar issues arise in other types of information processing systems in which computing environments are shared by multiple tenants.
It is therefore important for the tenants to be able to verify that the service provider is complying with appropriate security policies. For example, the tenants would generally like to be able to verify that cloud infrastructure has been configured securely, i.e. that it has been appropriately “hardened” against intrusion or unauthorized usage. This may include verifying that desired or required technical security controls and specific system configuration settings are present and operating.
The typical conventional approach to performing security hardening assessments on information technology infrastructure requires that the relying party be provided with direct, privileged access to all of the relevant hardware and software resources. This presents a number of practical challenges that make it infeasible in a cloud computing environment, where any one tenant is usually utilizing a small, arbitrary subset of the complete computing resources that are operated by the service provider. For security reasons, it would be highly unlikely for a tenant to be given the required level of direct, privileged access needed to test or otherwise assess the entire cloud computing infrastructure. Granting this level of direct, privileged access to any one tenant would not only pose a security risk to the other tenants, it would also violate the security of the service provider.