More Related Content Similar to Cloud securityperspectives cmg (20) Cloud securityperspectives cmg2. Perspectives
Security is one of the top customer
concerns about Cloud Computing
What does this mean?
Cloud customers need assurance that providers are
following sound security practices in mitigating the risks
facing both the customer and the provider.
The security requirements in cloud computing are not
different from other distributed environments operated in
a service provider model.
However, through the low price points offered in a cloud
and an often more anonymous consumer-provider-
interaction, worries can grow.
. IBM Corporation
2 © 2011 IBM Corporation
3. Security in the Cloud
A recent Appirio survey of 150+ mid to According to IBM's Institute for
large-sized firms that have already Business Value 2010 Global IT Risk
adopted cloud applications: Study, cloud computing raised
serious concerns among respondents
Very Important
about the use, access and control of
Important
Somewhat Important
data
Of Little Importance
Unimportant
Ensuring security
& compliance
Cloud M akes pr ot ect ing
Single Biggest Misconception about the Cloud pr ivacy more difficult 77%
% of Respondents
Security is an issue with the cloud 28% Concerned about a 50%
dat a breach or loss
Cloud solutions are difficult to integrate 15%
Cloud solutions have a higher chance of lock-in 13%
Cloud solutions are difficult to customize 12%
concer ned about a weakening
of t he cor por at e net wor k 23%
Cloud solutions are not reliable 10%
Cloud vendors are not yet viable 8%
None 7%
The cloud model is not proven 6%
3 © 2011 IBM Corporation
4. Customer Concerns with Cloud Computing *
LOSS OF GOVERNANCE: Customer relinquishes some control over the infrastructure. TRUST in the provider is
paramount. Providers experience with outsourcing provides evidence of trust.
COMPLIANCE RISKS: The providers operational characteristics directly affect the ability for a customer to achieve
compliance with appropriate regulations and industry standards.
ISOLATION FAILURE: multi-tenancy and shared resources are defining characteristics of cloud computing. This risk
category covers the failure of mechanisms separating storage, memory, routing and even reputation between different
tenants (e.g., so-called guest-hopping attacks). However it should be considered that attacks on resource isolation
mechanisms (e.g.,. against hypervisors) are still less numerous and much more difficult for an attacker to put in practice
compared to attacks on traditional Operating Systems
DATA HANDLING
- DATA PROTECTION: The customer relinquishes control over their data to the provider. The provider must give
demonstrable assurances to the customer that their data is maintained securely from other tenants of the cloud.
These assurances are part of the basis for trust in the provider
- INSECURE or INCOMPLETE DATA DELETION: Does the provider ensure that data is deleted in a manner that
does not allow leakage upon re-allocation.
MANAGEMENT INTERFACE COMPROMISE: customer management interfaces of a public cloud provider are
accessible through the Internet and mediate access to larger sets of resources (than traditional hosting providers) and
therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities
MALICIOUS INSIDER: Cloud architectures necessitate certain roles which give the provider highly privileged
capabilities. Provider operations, monitoring and incident handling build trust with the customer. Providers history of
IBM Corporation
running outsourcing contracts also builds trust
* 2009 European Network and Information Security Agency (ENISA)
Cloud Computing: Benefits, risks and recommendations for information security
4 © 2011 IBM Corporation
5. Loss of Governance
TRUST
- Concerns that at some level the customer is relinquishing control
Raises the questions
- Can I trust the provider to handle my data in a manner that meets my
requirements
- How assured am I that the provider is managing the cloud in a competent
manner
- How assured am I that my data is separated from other tenants
- How assured am I that my data is protected from insiders at the provider
IBM Corporation
5 © 2011 IBM Corporation
6. Compliance Risks
Challenges
- Myriad of different regulations, industry practices that a customer must meet
- Customer is ultimately responsible for being compliant with the appropriate measures
- Cloud provider capabilities factor into how a customer achieves their compliance
objectives
- Different cloud types put different burden on the provider (e.g. Infrastructure-as-a-
Service on data center operations, Software-as-a-Service on application compliance)
Measures in Development/Test Cloud and Desktop Cloud
- Our current infrastructure-focused service products, customer data is opaque to the
provider. Provider is a custodian of the data, and does not touch the customer data
- Typically in industry-specific compliance policies, from an infrastructure perspective,
deal with:
Managing privileged access
Auditing of accesses to data by provider staff
Policies and practices for dealing with incidents IBM Corporation
6 © 2011 IBM Corporation
7. Isolation Failure
Challenges
- Providing robust means of separating customers from each other.
Measures in Development/Test Cloud and Desktop Cloud
- Development/Test cloud is a “multi-instance” form of multi-tenancy
Customers get “instances” of operating system images, which execute on
resources that are shared between multiple tenants.
- Mechanisms
Hypervisors - enforces separation of operating system instances within a single
physical hardware system. Provides a “logical” air-gap between customers
Network Separation
-Firewalls - Customer controlled
-implemented independent of the operating systems at the hypervisor utilizing Trusted Virtual Domains
-Virtual LANs
IBM Corporation
-Customers can choose to have their guest images on a dedicated virtual LAN
-VLANs connect back to the customer using Virtual Private Networks
7 © 2011 IBM Corporation
8. Data Handling
Challenges
- Ensuring that customer data is available to only that customer
- Ensuring that when a customer deletes data (or ephemeral data is no longer in use)
that it becomes unreadable
Measures in Development/Test Cloud and Desktop Cloud
- Data Protection
Customers provided with the ability to create “virtual disk drives”(VDD) (files which
are presented to virtual machines as block devices). Customer can utilize
operating system and application level encryption against these as they are
accessed as native file systems to the guests.
Each customers data is stored in a unique “file set” within the CC storage structure
Access Control Lists (ACL’s) are used to ensure separation of customers. Guests
run as a specific “customer” user. ACL’s on files are set to that user.
- Data Destruction
Any data on disk is securely erased using a US DoD algorithm when deleted
IBM Corporation
Ephemeral storage - when the storage is no longer used by a virtual machine
Customer VDDs - when deleted from the management console.
8 © 2011 IBM Corporation
9. Management Interface Compromise
Challenges
- Ensuring customer operations are separated from other customers
- Ensuring that web based interfaces implement robust security practices
- Ensuring customer accesses to their resources are managed and controlled by the
customer
Measures in Development/Test Cloud and Desktop Cloud
- Administrative Portal
Authenticated via Web Identity
Authorized via Portal Access Controls
Provides interfaces to initiate automated work flows for discrete tasks
- Customer manages the privileges of their user base
Operations logged - end to end transaction auditing
- Operating Systems Guests
Once provisioned IBM has no direct access to the guest VM;s
IBM Corporation
Customers provided with initial SSH Key pair or Administrative password
- Customers MUST change these and any middleware administrative passwords upon taking
control over the guest
9 © 2011 IBM Corporation
10. Malicious Insider
Challenges
- Ensuring that Cloud providers enforce policies for administrative operations to the
infrastructure. This includes disciplinary policies.
- Ensuring that the provider has documented policies which are applied for all
administrators
Measures in Development/Test Cloud and Desktop Cloud
- Automation
Not a traditional Security construct
Automation assures control over specific administrative tasks which are broken
down to well defined work flow sequences.
-Automation is audited end to end to be able to re-construct a given work flow
- Human Administration
All infrastructure components are managed/operated to the same policies as IBM
Internal systems (ITCS104).
Shared user ID’s are prohibited. Each administrative user uses their own ID to
authenticate.
IBM Corporation
User authorizations assigned based on least privilege principles.
IBM’s business conduct guidelines provide the framework for disciplinary action
should administrative privileges be abused.
10 © 2011 IBM Corporation
11. Monitoring/Reporting
Challenges
- Ensuring that the infrastructure is managed per provider specified policies
- Providing reports to customers about operations which affect the infrastructure as a
whole or their specific resources.
Measures in Development/Test cloud and Desktop Cloud
- Logging
Infrastructure systems enable operating system audit capabilities
End to end operation flows are logged and auditable
Audit log data is retained for 90 days
Logs are monitored and incident tickets raised for any actions which are not
permitted.
- Intrusion
Infrastructure is monitored by Intrusion Detection & Protection systems (IDS/IPS)
Internet points of ingress and egress are monitored with IDS/IPS
Future - will provide customer specific IDS/IPS through hypervisor introspection
technology
- Reporting IBM Corporation
Internal reporting of security incidents through monitoring of audit data
Future - customer level reports of actions which affect/alter the security of the
infrastructure that directly relates to their resources.
11 © 2011 IBM Corporation
12. For more information on Cloud computing
http://www.ibm.com/cloud
Cloud Security Whitepaper - http://www-
03.ibm.com/press/us/en/attachment/32799.wss?fileId=ATTA
CH_FILE1&fileName=10-0861_US Cloud Computing White
Paper_Final_LR.pdf
© 2011 IBM Corporation
Editor's Notes Appirio recently surveyed 150 executives of large firms they found that security remains the number one concern, at the same time they found 28% of those execs felt that the concerns expressed about security are false and fear related. In another study (right) IBM found that of the fears customers have 77% are afraid they will lose data…