Embed Size (px)
Citation preview
All Contents © 2009 Burton Group. All rights reserved.
New Security Models for the Cloud
November 19, 2009
Anne Thomas Manes
VP & Research Director
www.burtongroup.com
Twitter: @atmanes
Cloud Computing 2
The set of disciplines, technologies, and business
models used to deliver IT capabilities
(software, platforms, hardware)
as on-demand, scalable, elastic services
How can I
make this...
Look more
like this?
Security - Who is in control?
What…Me Worry?
• Public cloud’s multi-tenant,
dynamic characteristics may
put sensitive, or regulated
data at risk
• Vendor viability creates
strategic riskstrategic risk
• Denial of service attacks
could create systemic risk
• A lack of transparency and
accountability about security
from cloud vendors lowers
trust
IDC survey: 74% rate
cloud security issues as
“very significant”
How’s the Public Cloud Security?
Incidents
• November 2007: Salesforce Staff Speared by Phishers
• July, 2008 Hey Spammers, Get Off My Cloud!
• March 2009: Google Privacy Blunder Shares Your Docs…
• June 2009: Webhost hack wipes out data for 100,000 sites
• October 2009: Amazon Web Services DDoS Attack And The • October 2009: Amazon Web Services DDoS Attack And The
Cloud
• More at http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database
Cloud Computing
Requires a New
Security
Architecture
Cloud
Cloud OS
Service
consumer
Service request
(console or API)
Service interface
Virtual DC Virtual DC Virtual DCExternal
application(s)
Service
catalog
Enterprise service m
anagement
Traditional
infrastructure
Physical infrastructure
Cloud OS
Virtual infrastructure
Internal IT
organization
Network StorageCompute Security
NetworkCompute Storage Security
Service bus
Virtual infrastructure management
Enterprise service m
anagement
External service
provider
Service interface
Cloud management
Cloud OS
Virtual infrastructure
Physical infrastructure
• Virtual data centers• Service oriented interfaces
• Next generation operating systems and
management tools
Rethinking Security Architecture
Security perimeters are changing
• Activities and data move across open, untrusted
networks
• “Zones of trust” must become more logical than physical
• Identity and application-aware firewalls
• Security vendors must embrace virtualization security• Security vendors must embrace virtualization security
• Security management must span internal and external
clouds
Rethinking Security Architecture
Service-oriented security and identity management
• Security must span internal and external clouds
• Service oriented interfaces must be secured
• Existing domain access control must give way to
standards-based identity services
• Multiple sources of identity• Multiple sources of identity
• Encryption and key management must “follow” sensitive
data
9Security Zone Model
Zone definition: “A grouping of IT resources which may
reside at multiple locations but have similar business
communication and network protection requirements”
Typical
organization organization
has
equivalent
of some or
all of these
zones
* Audit zone
optional
Changing Zone Implementations
Physical view – “old school” zone implementation
Separation between the enterprise resources (sites, servers,
devices) and the untrusted zone accomplished by
Perimeter Devices
Enterprise Controlled/OwnedEnterprise Controlled/Owned
Data CenterUser Site
10
Internet
Site to Site VPNor Private WANNot
Necessarilysecure
endpoint
Monitoringand
Enforce-ment
Server“Farm”
AccessPerimeter
Data CenterUser Site
Not necessarily secure protocols
Changing Zone Implementations
Physical view – “new school” zone implementation
Separation between the enterprise resources (sites, servers,
devices) and the untrusted zone accomplished by
cryptography, e.g.
Security Overlays
Enterprise Controlled/Owned
Data Center
11
Any network orsite
SecureEndpoint(VPN client,
systemfirewall, etc.)
VPNOr ProxySystem
Monitoringand
Enforce-ment
Server“Farm”
AccessPerimeter
Data CenterSecure Protocols
End toEnd Sec
End toEnd Sec
(resulting in this kind of topology)
Dynamic Perimeter Enforcement
New model: Logical zones with dynamic perimeters
• Numerous, coordinated endpoint security agents
• Centralized policy controls connection rules
• Smarter firewalls
• Smarter switching fabric
• Common theme: Multi-layer enforcement (L4 + L7)
12
• Common theme: Multi-layer enforcement (L4 + L7)
• Access decisions based on identity and application protocol, not just
IP address and port
13Mutually Reinforcing SOA and Security
• SOA adds a new dimension to the security landscape• Loosely coupled connections
• Requirements for cross-domain federation
• Don’t assume the average developer understands all the issues
• Don’t assume that all services can safely combine in all security contexts
• Recommended strategy• Recommended strategy• Build on existing IdM strategy
• Externalize security as much as possible (e.g. authentication, authorization, crypto, audit)
• Combine transport-level and application-level protections
• Use layered defenses
• Establish good governance processes
14Applying SOA to Security
Layered defenses
• Policy enforcement points (PEPs) as intermediaries and at endpoint s
• Externalize security functions to the PEPs
External
Service
Firewalls
(Perimeter PEPs)
Endpoint Endpoint Endpoint
Service Service Service
Service
External
Service
External
Service
External
Service
DMZ
Centralized
PEP
Endpoint
PEP
Endpoint
PEP
Endpoint
PEP
Endpoint
PEP
Endpoint
PEP
Endpoint
PEP
Intermediary
PEP
Service Service Service
Intermediary
PEP
Mediation in the Cloud
Cloud broker or gateway product
15
Firewall
Typical functionality
• Secure communications• Multi-protocol• Enforce policy• Authentication• Access control• Logging and audit• Logging and audit
Source of diagram: Layer7 (originally concerning the SecureSpan product)
Cloud gateway
New Security Models for the Cloud
Recommendations and takeaways
• Think “service-oriented” when you’re thinking cloud
• Mutually reinforce SOA and security:
• Secure communications methods
• Layered defense
• Good governance
16
• Good governance
• Consider cloud brokers to enforce policies in the cloud
New Security Model Requirements for the Cloud� Enabling Safe Cloud Computing
K. Scott MorrisonCTO & Chief Architect
Trust is Trust is the the fundamental requirement fundamental requirement of cloud computingof cloud computing
Anne showed us we need to:Anne showed us we need to:
Understand RiskUnderstand Risk
Control BoundariesControl Boundaries
Trust is the measure of your confidence in theseTrust is the measure of your confidence in these
But How Do We Gain Control Over SaaS?
Consider the degrees of
freedom SOA offers us
Firewall
Pattern 1: Assert Outgoing Control
� Single Sign On
� Managed access to authorized services
� SLA enforcement
� Audit
NetOps
Directory
Firewall
Pattern 2: Manage Access to Corporate Resources
� Access Control
� Alarms and audit
� Safe routing
DMZ
NetOps
SaaSApplication
User
Directory
Secure
Zone
How Do We Assert Control Over IaaS?
Pattern 3: Manage Cloud-Based SOA Apps with Virtual PEP
Hardware PEP Virtual PEP
Identical Functionality
Virtual
PEP
Cloud
Services
Hardware PEP
Instances
Secure Services, Not
Networks
What Does Layered Defense Look Like In The Cloud?
External
Service
External
Service
Firewalls
(Perimeter PEPs)
Endpoint
PEP
Endpoint
PEP
Endpoint
PEP
Service Service Service
Service
External
Service
External
Service
DMZ
Centralized
PEP
Endpoint
PEP
Endpoint
PEP
Endpoint
PEP
Intermediary
PEP
Service Service Service
Intermediary
PEP
Zones of Trust
?
??
Application-
Layer
Isolation,
Monitoring, &
This is true SOA
defense-in-depth
?
?
?
Cloud Edge Virtual
PEP
Monitoring, &
Control
Secure Message
This Is The Ultimate Realization Of SOA
� Visibility
� Security
� Control
NetOps
Cloud Governance is the
evolution of SOA
Governance
For More Information:
K. Scott Morrison
Layer 7 Technologies
CTO and Chief Architect
http://www.layer7tech.com
Twitter: @kscottmorrison
Anne Thomas Manes
Burton Group
VP & Research Director
http://www.brutongroup.com
Twitter: @atmanes
