2. Rationalization and
Defense in Depth -
Two Steps Closer to
the Clouds
OTN Architect Day 2011
3. Perimeter Security
All network traffic All network traffic blocked
blocked except for except from the proxy.
specific ports.
Web Server Application Message Mainframe
(app Proxy) Server Queue Application
Client
Firewall Firewall
DB DB
DMZ
Unprotected Zone Perimeter Protected Zone(s)
• Can establish multiple perimeters • Alone, often involves a lot of implied trust
• Each perimeter can be more restrictive • Modern environments don’t have such a clearly
• Perimeters can be at varying degrees of granularity defined perimeter
OTN Architect Day 2011
4. Defense in Depth
• Military defensive strategy to secure
a position using multiple defense "Krak des Chavaliers“, Syria
mechanisms.
• Usually multiple perimeters, each
with their own fortifications
• Objective is to win the battle by
attrition. The attacker may overcome
some barriers but can’t sustain the
attack for such a long period of time.
• Less emphasis is placed on a single
perimeter wall
OTN Architect Day 2011
5. Several Layers of Defense
Data
Each layer introduces Each layer can contain
Application
additional security multiple levels of
measures Host control
Internal Network
Perimeter
Physical
Policies, Procedures, & Awareness
OTN Architect Day 2011
6. Defense in Depth: Greater Control
Many enforcement points
Data
Application / Service
Host
Internal Network
Perimeter
Physical
Policies & Procedures
Consistent set of policies & procedures
OTN Architect Day 2011
7. Security Silos
Support • Application silos with their own
standalone security architecture
• Integration is hard enough
without security
!
! • End users have many
logins & passwords
End User
Security Administrator
• Administration is time-
consuming and error-prone
• Auditing is inaccurate
? and/or impossible
Finance
Sales
Security Auditor
OTN Architect Day 2011
8. Security Framework Support
• Security is part of the foundation,
not an inconvenient afterthought
• Users have one
identity and a set of
roles & attributes that
govern access End User
Security Security Administrator
• Administration
operator-centric, not Framework
system-centric
• Auditing is possible
and realistic Finance
Sales
Security Auditor
OTN Architect Day 2011
9. Security Framework High Level Architecture
Solution Platforms: Database Platforms:
• Provide a secure run-time environment • Provide confidentiality, integrity, and
• Offer security services to business logic availability for information management
• Allow solution-level security admin • Allow db-level security administration
Business Solution Platforms
(Applications, Business Processes, Services, Databases, etc.)
Security Framework:
Development &
Administration
Administration
Business
Information
• Provide shared security services
Design &
Logic
• Manage security data for the enterprise
Solution Platform Data Management • Allow enterprise-level security admin
Security Services Security Services
Security Interfaces
Security Interfaces:
• Provide consistent access to security
Shared Security Services services
• Embrace open, common industry
Enterprise Security Information
standards
Security Management & Administration
Enterprise Security Framework
OTN Architect Day 2011
10. Container-Based Computing Platform
• Container enforces security on behalf
of the protected resources
Inbound
Requests • Access to security services via
Web Business
Client Pages Logic standard APIs & libraries
Protected Resources
• Plug-in framework allows one to
Container
configure multiple providers for each
Standard Security APIs & Libraries
security service
Platform Security Plug-in Framework • Providers may be selected and
Security Providers
configured based on the needs of the
solution
Security Services
Authentication Authorization Credential Mapping • Providers can be included with the
Role Mapping Auditing Encryption … platform or custom written for a
specific purpose
OTN Architect Day 2011
11. Database Platform Security
• Transactional
• Historical
Administration
• Unstructured Information
Design &
Administrative
• Audit
• Access Control
• Security
• SoD Rules & Controls
• Realms
Data Management • Auditing
Security Services
Access Control Encryption Auditing
• Multi-Factor AuthN • Network • Central collection & control
• Label Security • Persistence • Local online archive
• Table Policies • Backup
Firewall
• Connection Id • Dev & Test Masking
• SQL inspection & rejection
OTN Architect Day 2011
13. SOA Scenario
Policy Manager
App Server App Server
Service WSS WSS Service
Consumer Agent Agent Provider
Platform Security Id CM Mediation AAA Id Platform Security
WSS Agent
Legacy DB
Platform Service
Firewalls Security Provider
DMZ
Security
External WSS AuthN AuthZ Audit
Token
Consumer Gateway Service Service Service
Service
15. (Some of) The Good…
• Cloud providers have a deep vested interest in
security
• Must prove themselves to the market
• Often much greater investment and attention to detail than
traditional IT
• Cloud homogeneity makes security auditing/testing
simpler
• Shifting public data to an external cloud
reduces the exposure of the internal
sensitive data
• Data held by an unbiased party
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt
OTN Architect Day 2011
16. …The Bad…
• Multi-tenancy; need for isolation management
• High value target for hackers
• Fragmentation; creation of more silos
• Data dispersal and international privacy laws
• EU Data Protection Directive and U.S. Safe Harbor program
• Exposure of data to foreign government and data subpoenas
• Data retention issues
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt
OTN Architect Day 2011
17. …& The Ugly
• Trusting another vendor’s security model
• Proprietary implementations
• Audit & compliance
• Availability: Relying on a vendor to stay in business
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt
OTN Architect Day 2011
18. Recommendations
1. Assess your risks
2. Classify your information
3. Define policies and procedures
4. Maintain most sensitive data in house
5. Don’t outsource your security management
6. Follow a security architecture / roadmap
7. Include patterns for cloud computing
8. Choose a secure platform
OTN Architect Day 2011
19. Takeaways (Cloud or not)
Deploy Defense in Depth
• Good general strategy to protect highly distributed
systems (SOA, BPM, Cloud, etc.)
• Limit your risks
Consolidate your resources
• Standardized frameworks, services, & technologies
• Implement processes & policies
Plan Ahead
• Classification strategy: know your systems & data
• Cloud strategy: know your options & vendors
• Risk management: choose wisely & CYA
Visit the ITSO Reference Library at www.oracle.com/goto/itstrategies