Global Challenges in Cloud Security
Sadie CreeseJoint work with Paul Hopkins
International Digital Laboratory
1
Overview• Why• What• Drivers and Barriers• Sources of Future Risk
• Maturity and Vulnerability• Future Threats
• Global Security Challenges• Questions for debate
2
Why
3
$$$
Hosted apps market currently at $6.4b, $14.8b in 2012 (Gartner Dec 08)
Services market currently at $56b, $150b in 2013 (Gartner March 09)
Services market currently worth $16.2b, $42b in 2012 (IDC Dec 08)
Services market to be worth $160b in 2011 (Merril Lynch May 08)
How do we protect our digital assets both data and function when using the clouds?
How might malicious entities use the cloud?
How might current security practice not scale up?
What will require a collaborative response?
What – the technology model• Utility / Pay-Per-Use, on-demand access, shared resources,
rapid provisioning, agile, responsive
4
Gmail, Google Docs
Google App Engine
Amazon EC2
Amazon S3/SimpleDB
VMWare/XEN
What - system
5
VM VMVM
Broker
VM VMVM
VM VMVM
User
What - applications• Repackaging of products for deployment in clouds• Existing data centres expanding market offerings to include
utility services• MS, Google, salesforce.com offering rich application
frameworks but with little portability• Market analysts predict enterprise apps for niche/common.
• Archiving & eDiscovery, Collaboration (Secure), ERP, Online backup, Supply chain mgt, Web content mgt & conferencing….
• Lock-in and lack of interoperability key issue• Web mash-ups composing 3rd party apps
6
What – application ecosystem
7
Extract from slides : “Prophet a Path out of the cloud”, Best Practical, Presented at O’Reilly Open Source Conf, 2008
Cloud Drivers• Enterprise Drivers
• Compression of deployment cycles• Instant upgrade and try-it-out• Elasticity• Cost alignment• Reduction of IT team costs• Accessibility and sharing• Dependability• Waste reduction and carbon footprint
• Consumer drivers• Up to speed with latest apps• Pay-as-you-use• Accessibility and sharing• Dependability
8
Enterprise Cloud Drivers Stats
9
Cloud Barriers• Data security concerns• Privacy compromise/ practice• Service dependability and QoS• Loss of control over IT and data• Management difficulties around performance, support and
maintenance• Service integration• Lock-in• Usability• Lack of market maturity
10
Cloud Barriers Stats
11
Future Risk - maturity and vulnerability
12
Initial Services Architected Services Alligned and responsive
Optimised and Dynamically
Reconfigurable Cloud Services
Enterprise Componentised Strategy and vision for broad adoption Cloud services alligned
and integrated Multiple suppliers, seamless integration
Governance Due dilligence of external Based on best practice Cloud and Enterprise alligned Dynamically monitored
and enforced
Methods Standard contractual arrangement Best practice, SLAs
emerging Support team, common
service environment, automated SLAs
Extended team, dynamic SLAs, consumption
monitoring and optimisation
Applications Additional functionality Cloud enabled new external channels Process integration,
enhanced productivity Dynamic and bespoke service offerings
Information Information as a cloud service Enterprise service meta-data
available Single enterprise
ontology shared with partners
Semantic data,
analytics, information applications
Infosec Monitoring and control at gateway
SLAs include infosec, idm across the enterprise and in
cloud Monitoring and
auditability integrated Auto enforcement, multi-level secure
clients
quick-win business sold on benefits close alignment between enterprise and suppliers
leader in cloud exploitation
Initially aligning enterprise processes with cloud
focused process will be beyond best practiceDynamic SLAs could
become a focus for automated DoS
Vulnerable external facing applications potentially cause cascade failures
across integrated processes
Meta-data offers potential for aggregation and
enhanced intelligence gathering
Future Risk – Scenarios
13
High Cost/Low Payback for an attacker.Most successful threat agents, likely to be insider’s within the silo
High Cost/High Payback for an attacker.Most successful threat agent, likely to be insider managing resource distribution or a malicious service provider.
Low Cost/Low Payback for an attacker.Threat agents will include external attackers utilising mixture of technology and social engineering.
Low Cost/High Payback for an attacker.External attackers using the distributed scale to attack multiple systems and users simultaneously. E.G Bot and application framework based attacks.
Future Risk - think like an attacker?
14
• Denial of service• resource consumption, traffic redirection, inter-cloud and user to cloud
communications vulnerabilities• Trojan Clouds
• Imitate providers, infiltrate supply chains, sympathetic cloud• Inference attacks due to privileged access
• Application Framework attacks• Repeatable, pervasive
• Sticky Clouds• Lack of responsiveness, complex portability
• Onion storage• Moving global location, fragmenting, encrypting
• Covert channels within the cloud network across services• Can’t be monitored externally
Global Security Challenges• Risk Management Practice • Interoperable tools, controls, language, dependence on
service providers, standardisation for mobility in market, temporal relationships
• Attack Surface Reduction • Dynamic service composition could propagate vulns,
systemic application based failures• Attack Detection• Distributed, collaborative for large scale events, inter and
intra cloud, dynamism resulting in fluctuating traffic • Response and Recovery• Legal, Regulatory, Compliance and Audit• Portable identity – federated / user centric / interoperability• Privacy Controls
15
Global Security Challenges - 2
Pace, agile response, interoperability across clouds, mobility, secure portability, cross
jurisdiction collaboration
16
Questions for debate• Should we be taking an intrusion tolerance approach?• Should we be considering self-healing bio-inspired cloud
ecosystems?• How could we construct collaborative defence mechanisms
which integrated at a technology and process level? Which span multiple organisations and jurisdictions?
• What would happen if we did not construct a global response to cloud security challenges?
• Can it all be done by industry alone? What role should government and regulation have?
• Cloud is global – standards must be global – should / can regulation be global? If not can it work?
17