Enterprise Strategy for Cloud Security
-
Upload
bob-rhubart -
Category
Technology
-
view
1.345 -
download
1
description
Transcript of Enterprise Strategy for Cloud Security
<Insert Picture Here>
Enterprise Strategy for Cloud Security Oracle Architect Day May 16, 2012
Dave Chappelle
Agenda
• Cloud Security Considerations
• Consumer Strategies
• Provider Strategies
A Few General Considerations…
• Multi-tenancy
• Varying degrees of isolation (how thick are the walls?)
• Unpredictable cohabitation (do you really know your neighbors?)
• Isolation Barriers
• Physical vs. logical
• Several vs. few
• Data (Operational, Metadata, Log Data, Backups, etc.)
• Ownership
• Dispersal, Privacy, and Retention Laws
• Complexity
• Technical: technologies, integration, domain federation
• Business: policies, procedures, continuity
• Auditing and Compliance
• Capabilities and support
Security Principles & Cloud
• Least Privilege
• Restricting administrative privileges
• Segregation of Duties
• Consumer privileges vs. provider privileges
• Compartmentalization
• Controlling resource allocation/ utilization in a shared
environment
• Defense in Depth
• Discontinuity…
Identity & Access Management
Security Governance,
Risk Management,
& Compliance
Security
Management
& Monitoring Data
Defense in Depth: Layers
Application
Host
Internal Network
Perimeter
Physical
Policies, Procedures, & Awareness
OTN Architect Day 2011
Fences, walls, guards, locks, keys, badges, …
Firewalls, network address translation, denial of service prevention, message parsing and validation, ...
Transport Layer Security (encryption, identity)
Platform O/S, Vulnerability Mgmt (patches), Desktop (malware protection),…
Security Assurance (coding practices)
Authentication, Authorization, Auditing (AAA)
Federation (SSO, Identity Propagation, Trust, …)
Message Level Security
Content Security, Information Rights Management
Database Security (online storage & backups)
Data Classification, Password Strengths, Code Reviews, Usage Policies, …
SGRC
Id & Access Mgmt
Policies & Procedures
Physical
Perimeter
Internal Network
Host
Application / Service
Data
Security Management & Monitoring
Security Layering and Cloud
Technology Integration
Private
Cloud
Cloud
Provider
Public
Cloud
IaaS
PaaS
SaaS
VMs
Planning & Reconciliation
Private
Cloud
Your
Organization
Control Frameworks
• ISO/IEC 27001:5
• NIST Recommended Security Controls for Federal
Information Systems and Organizations (Pub 800-53)
• COBIT
• SANS 20 Critical Security Controls
• Cloud Security Alliance Cloud Controls Matrix
NIST Security Controls
Technical
• Access Control
• Audit & Accountability
• Identification & Authentication
• System & Communications
Protection
Operational
• Awareness & Training
• Configuration Management
• Contingency Planning
• Incident Response
• Maintenance
• Media Protection
• Physical & Environmental
Protection
• Personnel Security
• System & Information
Integrity
Management
• Security Assessment &
Authorization
• Planning
• Risk Assessment
• System & Services
Acquisition
• Program Management
Exposure, Control, & Risk
• Exposure
• Public access to applications, services, platforms, & data
• Administrative access
• Data traversing unprotected networks
• Reliance on isolation implementation(s)
• Control (or delegation thereof)
• Physical, managerial, operational
• Functional and non-functional capabilities
• Compliance
• Search and seizure
• Quantitative Risk = threat probability * magnitude of loss
• Relative risk = RiskIT / RiskCloud
Th
rea
t C
ate
go
rie
s
Service & Deployment Models
Service Models
• IaaS
• PaaS
• SaaS
Deployment Models
• Private operated, &
managed
• Private, partner-operated &
managed
• Private, partner-located,
operated & managed
• Remote dedicated / leased
• Public, shared
Exp
osu
re
Co
ntr
ol
Dependent upon Cloud
provider and internal
compensating controls
Dependent upon
internal controls
Agenda
• Cloud Security Considerations
• Consumer Strategies
• Provider Strategies
o Security Governance, Risk Management, & Compliance (SGRC)
o Usage Strategies
o Identity & Access Management (IAM)
SGRC Strategy
• How will Cloud providers be assessed for risk?
• Who will evaluate assessments and have authority to grant approvals?
• What compliance issues are pertinent to the use of Cloud? (Compliance
with all government, industry, and internal policies and regulations.)
• Who will review issues related to compliance and have authority to grant
approvals?
• Under what circumstances might a Cloud be used without a formal
assessment and compliance review?
• What governance processes will be established/used to properly
evaluate a Cloud provider for all aspects of security (including business
continuity)?
• What governance processes will be established/used to actively monitor
and audit access to, and usage of, company assets in a Cloud
environment?
• …
Usage Strategy
• How the cloud will be used
• Development & test vs. production
• Internet access vs. private / VPN
• Public content vs. sensitive information
• …
Public Cloud, Public Access Point
Internal IT / Private Cloud
Intranet
Users
Public Cloud (PaaS, IaaS)
Internet
Users
(Employees)
Business-Critical
Systems &
Sensitive Data
Intranet-Based
Web Apps
(Internal DMZ)
Non-Critical
Systems,
Public-Facing
Content
Public-Facing
Web Apps
(Cloud DMZ)
Internet
Users
(General Public)
VPN
IAM
• Cloud is used to serve up public content
• Sensitive data and monetized transactions are handled internally
Dedicated Datacenter Extension
Internal IT / Private Cloud
Intranet
Users
Dedicated Cloud (PaaS, IaaS)
Company-Owned
Infrastructure,
Platforms & Software
Intranet-Based
Web Apps
(DMZ)
VPN
IAM
Provider-Owned
IaaS/PaaS with
Company Software
Internet
Users
• Cloud is used to extend the capacity of IT
• Private access to dedicated resources
Public Cloud for Commodity Computing
Internal IT / Private Cloud
Intranet
Users
Public Cloud (SaaS)
Internet
Users
Custom-Built,
Business-
Differentiating
Systems
Custom Web Apps,
Company Portals
(Internal DMZ)
Commodity
Applications
& Services
Commodity
Web Apps
(Cloud DMZ)
IAM IAM
• SaaS providers used for commodity computing needs
• Access most often via common Internet connectivity
Private Cloud, Standardization &
Consolidation
Internal IT Private Cloud Migration Finance
Sales
Support IT-Managed
IaaS/PaaS
Private Cloud
Public Cloud (XaaS)
• Private cloud offers an efficient alternative
• Migration to cloud based on evaluation of projects in pipeline
• Decision on public or private based on evaluation criteria
Identity and Access Management
Strategy
• How will management be accomplished without
compromising existing IAM capabilities
(standardized provisioning, approval, integration,
audit, attestation, and analysis)
• Centralized
• Distributed
• Federated
• Synchronized
• Replicated
• …
Anonymous & Personalized Public Cloud
Internal IT / Private Cloud Public Cloud
Secure
Systems &
Sensitive Data
Personalized
Applications
and Content
Users
Credentials, Roles,
Attributes, Policies
AuthN AuthZ
Identity & Access Management
Login
User Id
Anonymous
Applications,
Public Content
Redirect
/ Login
• Nothing in the cloud performs access control
• Identity is used for non-security purposes (personalization, etc.)
Centralized IAM
Public Cloud
Network-Isolated
IaaS/PaaS
Public Cloud Internal IT / Private Cloud
Internal Applications,
Private Clouds
Users
Credentials, Roles,
Attributes, Policies
AuthN AuthZ
Identity & Access Management
Login,
Access
VPN
VPN
• Identity management and security services are centrally deployed
• Cloud applications access centralized security services
Network-Isolated
IaaS/PaaS
Access Control with Vouched Identity
Internal IT / Private Cloud Public Cloud
SSO & Internal
Applications
Standalone
Applications
w/ RBAC, ABAC
Users
Credentials, Roles,
Attributes, Policies
AuthN AuthZ
Identity & Access Management
Login
Application
Access Policies
AuthZ
Access Policy Management
SAML,
OpenID
Access
• Users are authenticated by internal authentication services
• Identity is securely propagated to enable authorization decisions in the cloud
Standalone Synchronized IAM
Internal IT / Private Cloud Public Cloud
Internal
Applications
Standalone
Cloud-based
Applications
Users
Credentials, Roles,
Attributes, Policies
AuthN AuthZ
Identity & Access Management
Login
Credentials, Roles,
Attributes, Policies
AuthN AuthZ
Identity & Access Management sync
Login
• Users are authenticated in multiple places
• Identity data is synchronized across multiple locations via manual or automated processes
Federated IAM
Internal IT / Private Cloud Public Cloud
Internal
Applications
Standalone
Cloud-based
Applications
Users
Login
Credentials, Roles,
Attributes, Policies
AuthN AuthZ
Identity & Access Management sync
Access
Credentials, Roles,
Attributes, Policies
AuthN AuthZ
Identity & Access Management
STS
Id Prov
Svc Prov
WS-Trust,
WS-Fed
SAML
HTTP,
SOAP
STS
• Federated identities may be mapped to cloud-based groups or roles
• Synchronization becomes less critical due to abstraction
Brokered Identity Management
3rd Party Identity Provider
Users
Register
& Manage Access
Credentials,
Attributes
Brokered Identity
Management System
Internal IT / Private Cloud
Customer-facing
Applications
Id Prov OpenID
Public Cloud
Cloud-based
Applications
Login
• Brokered identity management relies on a trusted 3rd party to manage identities
• Clouds, and optionally internal IT, may elect not to manage identities at all
Agenda
• Cloud Security Considerations
• Consumer Strategies
• Provider Strategies
Provider Strategy
• Velocity & Scale: Standardization & Governance
• Minimal process deviation; enables automation
• Default secure configurations
• Common security services
• Processes that automate the proper behavior
• Domain Strategy
• Group resources together appropriately and consistently
apply the proper degree of security controls
• Multi-tenancy Strategy
• Defines how tenants will share resources securely
• Cohabitation Strategy
• Which tenants “belong together”
Service Model Domains
Public Cloud
SaaS
Cloud Domain
Cloud Security
& Management
IaaS
Cloud Domain PaaS
Cloud Domain
All
Users
• Group tenants by service model
• Rationale: similar services have similar configurations and security requirements
• Similar services share the same access patterns
Network Tier Cloud Domains
Production Environment Cloud
Dev / Test
Environments
Dev / Test
Private
Cloud
Dev / Test
Public
Cloud
Data Tier
Cloud Domain
Web Tier
Cloud Domain
Apps & Services
Cloud Domain
Partner Apps
Cloud Domain
BI / DW
Cloud Domain
• Group tenants by network tier
• Rationale: maintain network-level security controls using existing network infrastructure
Tenant Group-Based Domains
Public Cloud
Group 2
Cloud Domain
Group n
Cloud Domain
Cloud Security
& Management
Group 1
Cloud Domain
…
All
Users
• Each group has dedicated resources with network isolation
• Groups may reflect common data sensitivity, compliance, SLA requirements, etc.
Dedicated Access Domains
Public Cloud
Tenant 2
Cloud Domain
Tenant n
Cloud Domain
Cloud Security
& Management
Tenant 1
Cloud Domain
…
Tenant 1
Private Network
Tenant 2
Private Network
Tenant n
Private Network
VPN VPN VPN
• Tenant-based domains with VPN access
• Share-nothing, greatest isolation, greatest cost
Multi-Tenancy Strategy
• Shared everything
• Shared Infrastructure
• Virtual Machines
• O/S virtualization
• Shared Nothing
Shared Everything
Shared
Application Shared
Schema
Shared Security Services & IAM
Tenant A
Tenant B
Tenant C
• Common SaaS model for maximum economy of scale
• Application must provide isolation
• Data from multiple tenants is stored in the same database tables
• Highest (relative) risk due to least control, greatest exposure
Shared Infrastructure: Virtual Machines
Shared Security Services & IAM
Shared Infrastructure
Virtual Environment A Tenant A Data Apps
Virtual Environment B Tenant B Data Apps
Virtual Environment C Tenant C Data Apps
Hyp
erv
iso
r
• Each tenant has their own virtual environment
• Isolation provided by hypervisor
• Resource contention depends on VM capability and configuration
• Adds an additional layer and processes to run and manage
Shared Infrastructure: OS Virtualization
Shared Security Services & IAM
Shared Infrastructure
Op
era
tin
g S
yste
m
Zone 2 Tenant B
Zone 3 Tenant C
Zone 1 Tenant A Resources
• Processes & Memory
• Disks & Filesystems
• NICs & IP Addresses
• …
Controls • Max share of CPU
• Max memory usage
• Max network bandwidth
• …
• Each tenant has their own processing zone
• Isolation provided by the operating system
• Resource contention depends on zone configuration
• No VMs to run and manage, no abstraction layer between app & OS
Shared Nothing
Tenant A
Resource Pool A
Application
Cluster A Schema
A
IAM Partition A
Resource Pool B
Application
Cluster B Schema
B
IAM Partition B
Resource Pool C
Application
Cluster C Schema
C
IAM Partition C
Routing
Shared Security Services
Tenant B
Tenant C
• Greatest degree of isolation, least economical
Final Thoughts
• Define and execute on a strategy
• Codify your appetite for risk; CYA
• Consider all aspects of security
• Use a framework
• Not all clouds are the same
• Be aware of the risks as well as the rewards
• You can delegate responsibility but you can’t delegate
accountability
• Visit us online at http://www.oracle.com/goto/itstrategies
37