Академический Документы
Профессиональный Документы
Культура Документы
Myths or Realities?
Cloud is not as secure as a traditional IT operation Security patching is better in a cloud Demonstrating compliance is harder in a cloud Data loss is less likely in a cloud More control leads to better security Cloud providers can handle insecure apps better Cloud providers have a better view of threats Cloud offers more availability than in-house IT Cloud providers are more concerned with protecting themselves than the client
2
IPSEC
SSL
SaaS
Token
Biometrics
PKI H/W Crypto Digital Certificate
Kerberos
Guards Hardening Trusted OS Wireless Secure Blades Secure Collaboration Cyber Security RSBAC Cloud Compliance
3 * Not a complete collection
PKI XML SOAP WSDL UDDI SAML XACML TTP PDP PEP WS *
4
Agenda
Part I - Cloud Computing (CC) Overview A Simple Definition A Complete Definition Is CC new? Part II - Cloud Computing Value What is the business value of CC? CC Obstacles/Opportunities CC vs SOA CC vs Outsourcing CC vs SaaS Part III - Cloud Computing Security Customer Security Concerns How do we get attacked? Have the security fundamentals changed? What are the security issues in CC? Part IV Towards building Secure Cloud Solutions Business/IT Drivers IBM Security Framework Typical Security Requirements IBM Security Blueprint
5
Delivery Models
Software as a Service (SaaS)
Use providers applications Access through thick/thin clients, Browser, etc. E.g. email, google docs, Sales force, Desktop Apps.
The lower down the stack the cloud provider stops, the more security you are tactically responsible for implementing and managing yourself
9
Deployment Models
Private Cloud
Owned or leased by a single organization No public access
Public Cloud
Owned by an organization selling cloud services
Managed Cloud
Owned by a single organization No public access
Community Cloud
Shared by several organizations Supports a specific community that has shared concerns
Hybrid Cloud
Composition of 2 or more clouds Enable data & application portability (e.g. cloud bursting)
Is private cloud an oxymoron?
10
Private
Public Managed Community
On-premise or Trusted Off-premise (All Clients) Both Onpremise & Off-premise Trusted or Untrusted
11
Hybrid
Is CC New?
Distributed Systems Evolution
Computer Computer Utility (Phrase coined) Computer Networking LAN Client/Server Thin Clients Internet Web Applications Grid Computing Web Services Cross Organizational Web Services SaaS Cloud Computing
12
Cloud Readiness
Cloud Ready
When the processes, applications and data are largely independent When the points of integration are well defined When a lower level of security will work just fine When the core internal enterprise architecture is healthy When web is the desired platform When cost is an issue When the applications are new
Agenda
Part I - Cloud Computing (CC) Overview A Simple Definition A Complete Definition Is CC new? Part II - Cloud Computing Value What is the business value of CC? CC Obstacles/Opportunities CC vs SOA CC vs Outsourcing CC vs SaaS Part III - Cloud Computing Security Customer Security Concerns How do we get attacked? Have the security fundamentals changed? What are the security issues in CC? Part IV Towards building Secure Cloud Solutions Business/IT Drivers IBM Security Framework Typical Security Requirements IBM Security Blueprint
14
Historical Analogy
In 1907, 70 percent of the industrial electrical generation in the United States was in-house, but by the 1920s that same percentage was generated by utility companies. Initially you had to own your own plant, but later it became a disadvantage.
15
Business value of CC
Illusion of infinite computing resources available on demand Pay for use of computing resources (e.g. processors by hour, storage by day) Elimination of upfront commitment by cloud users (start small & grow) Better uptime & availability (e.g. Google) Consistent upgrades Expedite launch of new IT projects Speedy Innovation Lower TOC Collaborative & community computing Wider visibility of internet traffic (e.g. DDoS)
16
CC Obstacles/Opportunities*
Adoption
Availability of Service Data Lock-In Data Confidentiality
Growth
Data Transfer Bottlenecks Performance Unpredictability Scalable Storage Bugs in large distributed systems Scaling Quickly
Business/Policy
Reputation Fate Sharing Software Licensing
* Above the Clouds: A Berkeley view of cloud computing UC, Berkeley
17
CC vs SOA
Characteristic Dynamic Linking Standard Protocols for Access Dynamic Discovery Relative Autonomy Trust Chain SOA Yes Yes Yes Yes Yes CC
Federation
On-demand self-service Ubiquitous Network Access Multi-tenancy Rapid Elasticity Measured Service
Yes
Yes Yes Yes Yes Yes
18
CC vs Outsourcing
Characteristic Standalone Computing Workloads Outsourcing Yes Move your server or hire a SP Known & controlled Cloud Computing No Unknown & Uncontrolled Dynamic e.g. VMs migrated dynamically No Unknown
Workload Placement Static & Migration Dedicated HW/SW for a customer Data Location Yes Known
Data replication
Multi-tenancy Multi-jurisdiction
Not allowed
No No
Unknown
Yes Yes
19
CC vs SaaS
SaaS User Mashup Applications SaaS User/SaaS Provider Web Applications Cloud User/SaaS Provider Utility Computing Cloud Provider
20
Agenda
Part I - Cloud Computing (CC) Overview A Simple Definition A Complete Definition Is CC new? Part II - Cloud Computing Value What is the business value of CC? CC Obstacles/Opportunities CC vs SOA CC vs Outsourcing CC vs SaaS Part III - Cloud Computing Security Customer Security Concerns How do we get attacked? Have the security fundamentals changed? What are the security issues in CC? Part IV Towards building Secure Cloud Solutions Business/IT Drivers IBM Security Framework Typical Security Requirements IBM Security Blueprint
21
TOMORROW ? ? ?
Who Has Control? Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage?
Lesson Learned: We have responded to these questions before clouds demand fast, responsive, agile answers.
22
22
Data Security
Migrating workloads to a shared network and compute infrastructure increases the potential for unauthorized exposure. Authentication and access technologies become increasingly important.
Reliability
Compliance
Complying with SOX, HIPPA and other regulations may prohibit the use of clouds for some applications. Comprehensive auditing capabilities are essential.
High availability will be a key concern. IT departments will worry about a loss of service should outages occur. Mission critical applications may not run in the cloud without strong availability guarantees.
Security Management
Providers must supply easy, visual controls to manage firewall and security settings for applications and runtime environments in the cloud.
23
23
http://www.infosecurity-us.com/view/2554/twitter-company-files-leaked-in-cloud-computing-security-failure
25
Attack Categories
Unsafe Programs Misconfigured Programs Buggy Programs
Buffer Overflows Parsing Errors Formatting Errors Bad input to cgi bin Trojans Virus Worms Rootkits Botnets
Applications
Cross site scripting Injection flaws Malicious file execution
Malicious Programs
Identity Theft
26
Security Issues
1. Governance & Risk Management 2. Compliance 3. Vulnerability & Patch Management 4. Physical/personal Security 5. Operational security 6. Availability 7. Incident response 8. Privacy 9. Business Continuity 10. Legal Issues 1. Data Security 2. Identity Management 3. Single Sign On 4. Applications Security 5. Secure Multi-tenancy 6. Logs & Audit Trails (Forensics) 7. Cyber Security (DPI) 8. Encryption & Key Management 9. Virtualization Security 10. Storage security 11. Information Lifecycle Management 12. Portability & interoperability 13. US Federal Specific Issues
28
Located in various geographies Enforced by various contractual obligations/SLAs Governed by various regulations and industry best practices Secured by multiple technologies and services
A Shared, multi-tenant infrastructure increases potential for unauthorized exposure
30
Identity Management
Identity issues in a data center
Single employee has multiple user accounts Provisioning & de-provisioning of accounts Terminated employees have system access SSO, RSO solutions Federated identity management capability Inappropriate privileges
31
Consider implementing SSO for internal applications and leveraging this for cloud applications Investigate identity as a service with a separate Cloud provider
The key to managing identities by cloud provider is to have robust federated Identity management architecture and strategy internal to the organization 32
SSO Evolution
Trust Breadth No SSO Enterprise SSO Web SSO Within a Department Other Departments within an enterprise Other web servers within an enterprise Other enterprises Authentication Method U/P, Certificates, etc. Identity Mappings across departments Identity Mappings across web servers Trust Identity assertions across enterprises Trust Basis Initial enrollment Formal relationship between departments Formal relationship between departments on web servers SLA between enterprises custom negotiated, case by case; less frequent changes Formal relationship between departments SLA between enterprises Predefined usually with low assurance Ids e.g. OpenID SLA between cloud environments Predefined/simpler; more frequent changes
Federated SSO (SOA Environment) Cloud SSO (Intra Cloud) Private Cloud SSO (Intra Cloud) Public Cloud SSO (Inter Cloud) Hybrid
Within a cloud with multiple departments Within a cloud with multiple enterprises
Identity mappings or Trust Identity assertions across departments Trust Identity assertions across enterprises within a cloud Trust Identity assertions across clouds
33
Application Security
Is it appropriate to migrate or design an application in the cloud? What type of cloud platform is most appropriate? What security controls must the application provide over and above the cloud platform? How would an enterprises software development life cycle change to accommodate cloud computing?
All answers must be continually re-evaluated as the application is maintained and enhanced over time.
34
Application Security
Cloud platform implications on application
Multi-tenancy Lack of direct control over environment Access to data by Cloud Provider
Scanning methodology & tools Best practices available to harden machines should be applied to virtual machines Application security measures Application level firewalls & proxies OWASP development guideline
Security professionals must stay abreast of the latest tools and techniques hackers develop specifically to attack cloud providers
35
Secure Multi-tenancy
Tenants are segregated from all other tenants in all ways
Tenants are neither aware of others nor affect in any way
Multi-tenancy point
Hardware, hypervisor, OS, Application platform, Application Differing isolation qualities MT above the OS layer requires code changes to MW/applications
All operations are fully logged for audit and accountability System administrators have no access to customer data unless granted Customers system administrators have no access to their customer data unless granted
36
Investigation support provided Forensics support Are logs tamper proof? How long are the logs and audit trails kept?
How does the client do forensics in the event of a cloud attack?
37
Payload
TCP/UDP
Payload
Router
Payload
TCP/UDP
Payload
DPI
Access to all packet data, including Layer 7 applications such as VoIP, P2P, HTTP, SMTP
Payload 38
Strong encryption & secure key management is needed Sensitive & PII data must be encrypted; preferably all data is Who holds the keys?
Create a chain of separation for keys & data
Encrypt data in motion & data at rest Data integrity requirements Ensure encryption is adhering to industry & Government standards
Safe harbor provisions in some laws and regulations consider lost encrypted data as not lost at all.
39
Virtualization Security
Virtualization is a key enabler for cloud computing Simplicity of creating and moving machine instances creates a risk that insecure images can be created Assure each VM is secure by default (STIG, CIS, PCI DSS etc.) Assure security in VM migration Virtualization introduces new attack surfaces with the hypervisor & other management components Admin access should include strong authentication Creating, configuring and cloning VMs Virtualization obscures data location a key regulatory concern Secure sharing across partitions Trusted Virtual Domains Grouping VMs across machines
Virtualization is a key enablement technology for cloud computing. However, There Is a concern of VMs moving freely from one physical box to another
40
Storage Security
Basic tenets of data security still hold CIA Typically provided as IaaS Object Reuse requirement
Storage retirement process Data destroyed hard to prove Strong encryption renders data unreadable when storage is recycled
Storage provisioning for multiple customers (multi-tenancy) Can storage be seized by a 3rd party or Government? How is encryption done in multi-tenant storage? How long are the keys maintained? Support for long term archiving Management of off-line & portable storage
How do you know your storage provider plans your data is still reliable And available when your business needs it?
41
IaaS
Ensure applications are deployed on virtual image Keep backups in cloud-independent format
PaaS
Ensure use of an application development architecture If not, could involve significant rewrites Keep backup cpoies
44
Compliance
Know your legal obligations Compliance is NOT a provider responsibility! Understand data locations (e.g. EU DPD has restrictions) Data Copies and how they are controlled Perform external risk assessment Perform privacy impact assessment Provider must make it easier to demonstrate compliance Compliance Requirements
SAS 70 ISO 27001 FISMA EU DPD SOX GLBA HIPPA PCI DSS Basel II California A.B.21
46
Vulnerability Management
Vulnerability management strategy/plan Network scanning policy Application scanning policy Allow outside scanning? Allow external vulnerability assessment? Vulnerability remediation process
47
Physical/Personnel Security
Protection against internal attacks
Ensure internal people cant exploit the information to their gain
Restricted & Monitored access 24x7 Background checks for all relevant personnel Audit privileged users? Passed SAS 70 Audit? Audit result? Security team on client side needed? Coordination of Admins (Hybrid Cloud)
48
Operational Security
Look under the hood!
Understand how CP has implemented the key architectural characteristics What IT products does the CP use? Segregation of tenants Who are the other clients of your CP? Is your neighbor a high profile target? How does resource democratization occur? CPs patch management policies Logging practices
49
Availability
Availability #? Multiple ISPs DDoS protection mechanism Is availability history data available? Service upgrade plan Patch management policy Peak load/capacity
50
Incident Response
Multi-tenant applications
Detection of data breaches Response to data breaches Notification procedure
Each tenant may require a different notification
51
Privacy
Private data
What is collected? Where is it stored? How is it stored? How is it used? How long is it stored?
Tagging of PII data Access control of PII data Protection of digital identities & credentials Access policy for 3rd parties (e.g. Govt. agency)
How will 3rd parties protect my privacy?
52
Business Continuity
Disaster recovery plan
Is it comparable to clients data center?
Can we do a BC audit? Location of recovery data centers Service level guarantee under DR conditions Data Portability
53
Legal Issues
Liability
Contractual responsibility for protecting client data Financial compensation Consequences of not meeting SLA Legal requests for information Prohibit data use by provider Restrict cross border transfer
Intellectual Property
All data including copies owned by client State data rights in SLA clearly
Agenda
Part I - Cloud Computing (CC) Overview A Simple Definition A Complete Definition Is CC new? Part II - Cloud Computing Value What is the business value of CC? CC Obstacles/Opportunities CC vs SOA CC vs Outsourcing CC vs SaaS Part III - Cloud Computing Security Customer Security Concerns How do we get attacked? Have the security fundamentals changed? What are the security issues in CC? Part IV Towards building Secure Cloud Solutions Business/IT Drivers IBM Security Framework Typical Security Requirements IBM Security Blueprint
55
Information assurance
Measures that are directed at protecting valued information assets.
Business security
A wide range of measures that address business-specific risks and outcomes.
57
58
None Application security requirements for cloud are phrased in terms of image security. Or they are phrased in terms of compliance with secure development best practices.
Isolation between tenant domains Policy-based security zones / trusted virtual domains Government: MILS-type separation Built-in intrusion detection and prevention Protect machine images from
63
The IBM Security Blueprint separates security management from infrastructure services.
64
The Foundational Security Management Layer represents a closed-loop, risk management process for identifying, deploying, and assessing controls on risk.
65
The Security Services and Infrastructure Layer represents the components that implement the security control points in the IT environment and the necessary infrastructure to support them.
66
Cloud computing also provides the opportunity to simplify security controls and defenses
Centralized Identity and Access Control policies People and Identity Well-defined set of input/output interfaces Consistent enrollment, proofing, validation and management of a trusted user Computing services running in isolated domains as defined in service catalogs Information and Data Default encryption of data in motion & at rest Virtualized storage providing better inventory, control, and tracking of master data
67
End User
Enterprise Administrator
IT Auditor
Application Developer
Cloud Provider
Data Segregation
(encryption, network segmentation, Hardware / OS / App / Database isolation)
Server Security
(trusted computing, auditing, access control)
Data Location
(cloud data centers)
Data Recovery
(centralized backups, remote storage)
Disaster Recovery
(highly resilient clouds)
Virtualization Security
(VM Segmentation, Virtual Appliances, Integrated Hypervisor Security)
Cloud Availability
(multiple cloud centers)
Policy Management
(unified security, governance, and policy enforcement)
Trusted Identity
(protecting their identities as constituents, employees, and consumers)
Patch Management
(assessment, prioritization, scheduling, and application)
Application Testing
(vulnerability assessment, fuzzing, app scanning, automated code reviews)
Physical Infrastructure
68
Summary
The IBM Security Framework creates a business-oriented view of security. The IBM Security Blueprint is a technologyagnostic view of security capabilities that creates a common vocabulary for designing security controls that are consistently implemented across a variety of IT environments.
69
Conclusions
Look under the hood
Perform onsite inspection of CP facilities whenever possible Ensure CP meets all security requirements Convert all/some into CP requirements State integration requirements (Hybrid cloud) Understand how CP will meet these Be specific about your needs in the SLA Robust compartmentalization of job duties Privileged user access control Limit knowledge of customers
Ensure discovery & forensics requirements are met Understand the handling of transitive trust
What suppliers does the cloud provider depend on? (Recursive)
Evolving convergence of physical & IT security introduce new risks Shop around for multiple CPs (inter cloud integration) Have open and frequent discussion with CP Cloud computing provides new economies for information technologies as well as new challenges. Properly constructed, it can be more secure than traditional IT infrastructure, but that construction requires the use of strong, integrated and usable security mechanisms.
70