Cloud Security ("securing the cloud")

Booz | Allen | Hamilton

NGI-4: CloudThe Technical Foundations of Security and Interoperability

Vic WinklerJuly 2011

Washington, DC

Overview


The Technical Foundations of Security and Interoperability

This presentation is based on my book:

“Securing the Cloud: Cloud Computer Security Techniques and Tactics”

Vic Winkler (Elsevier/Syngress May 2011)

Graphics are Copywrited by Elsevier/Syngress 2011

My experiences in designing, implementing and operating the security for:

“SunGrid” (2004+), “Network.com” (2006+) and “The Sun Public Cloud” (2007+)

…And research into best practices in cloud security (2008-2011)

Previously, I:

Was a pioneer in network and systems based intrusion detection

Designed a B1 trusted Unix system

Graphics copyright Elsevier/Syngress 2011 2

Booz | Allen | HamiltonGraphics copyright Elsevier/Syngress 2011 3

A Brief, Distorted View of History

Overview

ContinuingTechnologyEvolution


More “Evolution” than “Revolution”


So,what

is“cloud”?


A Minor Problem With Words…

5

Most common question: Is “cloud” secure?

Booz | Allen | Hamilton 6

Booz Allen:Cloud Computing “Quick Look” Assessment

Business/Mission Technology Security

Governance &Change Management

IT Management Organization

Economics

Policy

The QLA approach analyzes the organization and its potential cloud candidate functions and applications across eight Cloud Computing Factors, providing an in-depth assessment and suitability rating for each.


Cloud: A Model for Computing,A Model for Service Delivery


• “Cloud Services" – IT model for service delivery: Expressed, delivered and consumed over the Internet or private network– Infrastructure-as-a-Service (IaaS)– Platform-as-a-Service (PaaS)– Software-as-a-Service (SaaS)

• “Cloud Computing”– IT model for computing – Environment composed of IT components

necessary to develop & deliver "cloud services”


The Services StackTwo Perspectives


What about security?

…“Confidentiality”, “Integrity” and “Availability”?


The NIST Cloud Model



Security Concerns?

• 10. Unknown Risks: Concern that cloud computing brings new classes of risks and vulnerabilities

• 9. Control over Data: User data may be comingled with data belonging to others.

• 8. Legal and Regulatory Compliance: It may be difficult (unrealistic?) to utilize public clouds when data is subject to legal restrictions or regulatory compliance

• 7. Disaster Recovery and Business Continuity: Cloud tenants and users require confidence that their operations and services will continue despite a disaster

• 6. Security Incidents: Tenants and users need to be informed and supported by a provider

• 5. Transparency: Trust in a cloud provider’s security claims entails provider transparency

• 4. Cloud Provider Viability: Since cloud providers are relatively new to the business, there are questions about provider viability and commitment

• 3. Privacy and Data concerns with public or community clouds: Data may not remain in the same system, raising multiple legal concerns

• 2. User Error: A user may inadvertently leak highly sensitive or classified information into a public cloud

• 1. Network Availability: The cloud must be available whenever you need it



Security ConcernsSensitive Data & Regulatory Compliance



Security ConcernsTransparency



Security ConcernsExample of Private Cloud Concerns



Security ConcernsTrade Offs



Cloud Services are Expressed From Cloud IT Infrastructure



Virtualization and Elastic Service Expression



Is Organizational Control Good for Security?



Scope of Control



IaaS, PaaS and SaaS: Data Ownership



Organizational Control with Private versus Public



Cloud Demands Advanced Management Capabilities(This should benefit security)



Planning for Competitive Pricing (…in other words, “cost-effective security”)



Planning for Fundamental Changes



Patterns are Key for Cloud Infrastructure



…Patterns are Key for Cloud Infrastructure



…Patterns are Key for Cloud Infrastructure



ExampleSeparate Paths, Separate Networks



Example…Separate Paths, Separate Networks



Assessment:Is it “Correct”, “Secure” and Does it Meet Requirements?



How Much Assurance?



Operationally, How Will you Know?



Security MonitoringA High-Volume Activity



Monitoring Really Wants To BeA Near-Real-Time Feedback Loop



Beyond Security MonitoringIntegrated Operational Security



ExampleSecurity Use for CMDB



Defense-in-Depth in Infrastructure



What are the BIG Lessons?

• Provider– Model T approach: Any color the customer wants …as long as it’s “black”

• Special requests undercut profits– Plan ahead: Focus on eventual operations costs and on the certainty of change to the infrastructure– Seek to automate almost everything:

• Identify procedures/processes to drive down costs• Identify and refine patterns

– Segregate information• Don’t mix infrastructure management information • …with security information • …with customer data …etc.

– Architect for completely separate paths:• (Public) (Infrastructure control) (Network device control) (Security management)• Entails a differentiated set of networks• Isolate, Isolate, Isolate• Encrypt, Encrypt, Encrypt

• Consumer– Who is the provider?– What are you really buying? Transparency, independent verification, indemnification?

37


Thank You

Business: [email protected]

Personal: [email protected]

Phone: 703.622.7111

“Securing the Cloud: Cloud Computer Security Techniques and Tactics”

Vic Winkler (Elsevier/Syngress 2011)
