To top
Solutions Solutions

Cloud Security

Share:

What is cloud?

Cloud is an abstract, virtual environment where software and data are stored instead of on the user's PC. Three types of cloud computing exist:

  • Application (SaaS): independent software vendors (ISV) host their applications in the cloud from where they can be accessed by the user .
  • Platform (PaaS): ISVs host their applications in the cloud but, in contrast to SaaS, lets the user define his own business logic.
  • Infrastructure (IaaS): users lease the infrastructure (a virtual computer) from where they host and run instances of their programs in the workspace.

Implications for licensing and data protection

User authentication

In most cases, SaaS and PaaS are licensed on a per user basis. The number of users currently logged on or created on the server is counted. The ISV is responsible for the server which it is assumed is secure. CodeMeter® provides support for both the ISV and the user. CodeMeter® is a unique combination of dongle and token. It not only stores access rights in the form of license entries, but also private keys which can be used to authenticate users instead of username/password combinations. Unlike a password or password hash, the public key must not be kept secret. It only needs to be protected against manipulation.

CodeMeter® models
CodeMeter® Solutions
(flexible deployment)
Mobile solution where access rights and keys are stored in separate hardware, i.e. CmDongle (as a USB stick).
CodeMeter® PC-specific solution
using CmActLicense
The PC-specific solution stores access rights and keys in a licence file which contains details about the client PC.

Data encryption

A vital issue relating to the acceptance of SaaS and PaaS-based solutions is data security. If a hacker is able to access user data simply by executing a SQL injection – as was the case with Sony in July 2011 – no security-conscious user will save data in the cloud.

Of course, you can write program script to prevent SQL injection. This will no doubt  prevent the next attack –  if you know when it is coming. A much better solution however is data encryption because this is a generic solution. Data is encrypted on the client, during transmission and when it is stored in the cloud. Only the client with the matching license, i.e. matching key, can locally decrypt the data. The key resides on the user's PC and is not complied in the software stored in the cloud.

If you want to implement an SaaS or PaaS application for your customers, WIBU Consulting Services Team will be happy to provide you with assistance.

Protecting the business logic of a PaaS

Protecting a company’s business logic in the cloud is just as important as data security. Here too CodeMeter® solutions use encryption to ensure access and source code modifications are well protected.

As the ISV of a PaaS application, you can rely on WIBU Consulting Services to assist you with the development of your individual solution.

Operation by a partner

If you develop SaaS or PaaS solutions to be operated by a partner, you need to answer two questions:

  • How do I protect my intellectual property against reverse engineering?
  • How do I manage software licensing?

CodeMeter® provides the answer to both questions. The partner receives the required number of licenses – as CmDongle or CmActLicense. By encrypting the data or executable code the software is protected against reverse engineering. Without the matching license the software cannot be analyzed or illegally used.

The license (as dongle or license file) is located on a special license server. The server allocates the corresponding license as a floating license for each instance of the application. Cold and hot standby licenses and a "2 out of 3" server solution can be implemented for high availability solutions.

Protection of IaaS solutions

Protecting IaaS solutions presents a proper challenge to ISVs. The fact that the cloud is not a dedicated server means a CmActLicense cannot be tied to it, nor can a CmDongle be connected to it.

CodeMeter® provides the solution for protection and licensing. This solution comprises two parts:

  • a special untied version of the CmActLicense (CodeMeter® NoneBind) is used which only protects your software against reverse engineering. The software can always be executed.
  • a check of the data to be calculated must be compiled into your software. Your application subsequently only accepts signed data.

The user can now upload the IaaS version of your software to the cloud as required. The data can only be signed and hence executed by a user with a matching license. Your software is useless without the signed data.

CodeMeter® provides you with a complete portfolio of license models for data signatures:

Single-user licenses: either a CmDongle is connected to a local PC or a CmActLicense is tied to a local PC. Data has to be signed on the local PC before being uploaded to the cloud.

Network licenses: a CmDongle or a CmActLicense resides on a license server in the network.

Time-limited licensesCodeMeter® offers you three options: you can select a fixed expiry date, a fixed time period or the actual usage period. Each CmDongle and CmActLicense contains an internal clock to prevent time manipulation.

Pay-per-use licenses: a Wibu-Systems model specially developed for IaaS solutions. The user purchases units which are deducted from his account whenever data is signed and uploaded to the cloud. You can decide upon the basis used to deduct the units. For example, they can be deducted on a per action basis or a data volume basis. More units can be easily purchased online from CodeMeter License Central. More information on CodeMeter License Central.

Modular software protection: each functionality is assigned its own key which is used for the signature and checked in the software. This allows features to be individually activated and licensed. Activation can take place at any time via the Internet.