1 / 12

Cloud Security Perspectives

Cloud Security Perspectives. Dan Carlsen Certified Security IT Specialist – IBM dcarlsen@us.ibm.com. Perspectives. Security is one of the top customer concerns about Cloud Computing What does this mean?.

rhoda
Download Presentation

Cloud Security Perspectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Security Perspectives Dan Carlsen Certified Security IT Specialist – IBM dcarlsen@us.ibm.com

  2. Perspectives Security is one of the top customer concerns about Cloud Computing What does this mean? Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider. The security requirements in cloud computing are not different from other distributed environments operated in a service provider model. However, through the low price points offered in a cloud and an often more anonymous consumer-provider-interaction, worries can grow. . • IBM Corporation

  3. Security in the Cloud A recent Appirio survey of 150+ mid to large-sized firms that have already adopted cloud applications: According to IBM's Institute for Business Value 2010 Global IT Risk Study, cloud computing raised serious concerns among respondents about the use, access and control of data

  4. Customer Concerns with Cloud Computing * • LOSS OF GOVERNANCE: Customer relinquishes some control over the infrastructure. TRUST in the provider is paramount. Providers experience with outsourcing provides evidence of trust. • COMPLIANCE RISKS: The providers operational characteristics directly affect the ability for a customer to achieve compliance with appropriate regulations and industry standards. • ISOLATION FAILURE: multi-tenancy and shared resources are defining characteristics of cloud computing. This risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants (e.g., so-called guest-hopping attacks). However it should be considered that attacks on resource isolation mechanisms (e.g.,. against hypervisors) are still less numerous and much more difficult for an attacker to put in practice compared to attacks on traditional Operating Systems • DATA HANDLING • DATA PROTECTION:The customer relinquishes control over their data to the provider. The provider must give demonstrable assurances to the customer that their data is maintained securely from other tenants of the cloud. These assurances are part of the basis for trust in the provider • INSECURE or INCOMPLETE DATA DELETION: Does the provider ensure that data is deleted in a manner that does not allow leakage upon re-allocation. • MANAGEMENT INTERFACE COMPROMISE: customer management interfaces of a public cloud provider are accessible through the Internet and mediate access to larger sets of resources (than traditional hosting providers) and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities • MALICIOUS INSIDER: Cloud architectures necessitate certain roles which give the provider highly privileged capabilities. Provider operations, monitoring and incident handling build trust with the customer. Providers history of running outsourcing contracts also builds trust • IBM Corporation * 2009 European Network and Information Security Agency (ENISA) Cloud Computing: Benefits, risks and recommendations for information security

  5. Loss of Governance • TRUST • Concerns that at some level the customer is relinquishing control • Raises the questions • Can I trust the provider to handle my data in a manner that meets my requirements • How assured am I that the provider is managing the cloud in a competent manner • How assured am I that my data is separated from other tenants • How assured am I that my data is protected from insiders at the provider • IBM Corporation

  6. Compliance Risks • Challenges • Myriad of different regulations, industry practices that a customer must meet • Customer is ultimately responsible for being compliant with the appropriate measures • Cloud provider capabilities factor into how a customer achieves their compliance objectives • Different cloud types put different burden on the provider (e.g. Infrastructure-as-a-Service on data center operations, Software-as-a-Service on application compliance) • Measures in Development/Test Cloud and Desktop Cloud • Our current infrastructure-focused service products, customer data is opaque to the provider. Provider is a custodian of the data, and does not touch the customer data • Typically in industry-specific compliance policies, from an infrastructure perspective, deal with: • Managing privileged access • Auditing of accesses to data by provider staff • Policies and practices for dealing with incidents • IBM Corporation

  7. Isolation Failure • Challenges • Providing robust means of separating customers from each other. • Measures in Development/Test Cloud and Desktop Cloud • Development/Test cloud is a “multi-instance” form of multi-tenancy • Customers get “instances” of operating system images, which execute on resources that are shared between multiple tenants. • Mechanisms • Hypervisors - enforces separation of operating system instances within a single physical hardware system. Provides a “logical” air-gap between customers • Network Separation • Firewalls - Customer controlled • implemented independent of the operating systems at the hypervisor utilizing Trusted Virtual Domains • Virtual LANs • Customers can choose to have their guest images on a dedicated virtual LAN • VLANs connect back to the customer using Virtual Private Networks • IBM Corporation

  8. Data Handling • Challenges • Ensuring that customer data is available to only that customer • Ensuring that when a customer deletes data (or ephemeral data is no longer in use) that it becomes unreadable • Measures in Development/Test Cloud and Desktop Cloud • Data Protection • Customers provided with the ability to create “virtual disk drives”(VDD) (files which are presented to virtual machines as block devices). Customer can utilize operating system and application level encryption against these as they are accessed as native file systems to the guests. • Each customers data is stored in a unique “file set” within the CC storage structure • Access Control Lists (ACL’s) are used to ensure separation of customers. Guests run as a specific “customer” user. ACL’s on files are set to that user. • Data Destruction • Any data on disk is securely erased using a US DoD algorithm when deleted • Ephemeral storage - when the storage is no longer used by a virtual machine • Customer VDDs - when deleted from the management console. • IBM Corporation

  9. Management Interface Compromise • Challenges • Ensuring customer operations are separated from other customers • Ensuring that web based interfaces implement robust security practices • Ensuring customer accesses to their resources are managed and controlled by the customer • Measures in Development/Test Cloud and Desktop Cloud • Administrative Portal • Authenticated via Web Identity • Authorized via Portal Access Controls • Provides interfaces to initiate automated work flows for discrete tasks • Customer manages the privileges of their user base • Operations logged - end to end transaction auditing • Operating Systems Guests • Once provisioned IBM has no direct access to the guest VM;s • Customers provided with initial SSH Key pair or Administrative password • Customers MUST change these and any middleware administrative passwords upon taking control over the guest • IBM Corporation

  10. Malicious Insider • Challenges • Ensuring that Cloud providers enforce policies for administrative operations to the infrastructure. This includes disciplinary policies. • Ensuring that the provider has documented policies which are applied for all administrators • Measures in Development/Test Cloud and Desktop Cloud • Automation • Not a traditional Security construct • Automation assures control over specific administrative tasks which are broken down to well defined work flow sequences. • Automation is audited end to end to be able to re-construct a given work flow • Human Administration • All infrastructure components are managed/operated to the same policies as IBM Internal systems (ITCS104). • Shared user ID’s are prohibited. Each administrative user uses their own ID to authenticate. • User authorizations assigned based on least privilege principles. • IBM’s business conduct guidelines provide the framework for disciplinary action should administrative privileges be abused. • IBM Corporation

  11. Monitoring/Reporting • Challenges • Ensuring that the infrastructure is managed per provider specified policies • Providing reports to customers about operations which affect the infrastructure as a whole or their specific resources. • Measures in Development/Test cloud and Desktop Cloud • Logging • Infrastructure systems enable operating system audit capabilities • End to end operation flows are logged and auditable • Audit log data is retained for 90 days • Logs are monitored and incident tickets raised for any actions which are not permitted. • Intrusion • Infrastructure is monitored by Intrusion Detection & Protection systems (IDS/IPS) • Internet points of ingress and egress are monitored with IDS/IPS • Future - will provide customer specific IDS/IPS through hypervisor introspection technology • Reporting • Internal reporting of security incidents through monitoring of audit data • Future - customer level reports of actions which affect/alter the security of the infrastructure that directly relates to their resources. • IBM Corporation

  12. http://www.ibm.com/cloud Cloud Security Whitepaper - http://www-03.ibm.com/press/us/en/attachment/32799.wss?fileId=ATTACH_FILE1&fileName=10-0861_US Cloud Computing White Paper_Final_LR.pdf For more information on Cloud computing

More Related