rebuilding for the cloud - how cloud architeture can improve application security

REBUILDING FOR THE CLOUD

HOW CLOUD ARCHITECTURE CAN IMPROVE APPLICATION SECURITY

INTRO

AGENDA

Definitions (brief, I promise)

Cloud Benefits

Cloud Security Concepts

Moving applications to the cloud, wrong way

Moving applications to the cloud, right way

Please do ask questions!

CLOUD [kloud]noun

NIST Definition (AKA SP800-145)

• On demand, self-service• Broad network access• Resource pooling• Rapid elasticity• Measured (read: billable) service

INFORMATION SECURITY[in-fer-mey-shuhn si-kyoor-i-tee]noun

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

See Also: Job Security

Artist: Tyler, 11. Dortmund, Germany

CLOUD BENEFITS

Main benefit: Flexibility

Possible benefit: Cost savings

CLOUD SECURITY CLIFF NOTES

• Trust nobody

• Encrypt everything

• Expect service issues

WHAT’S WRONG WITH FORKLIFTING?

FORKLIFTING…

“Datacenter” application to the cloud:

• Can’t trust what you used to

• Datacenter apps usually not flexible

• Confidentiality, Integrity, Availability all handled differently

ENTERPRISE vs CLOUD

HOW ABOUT PAAS?

LEVERAGING CLOUD ARCHITECTURE

How can we (gently) re-architect to take advantage of the cloud?

• Network

• Web server

• Application Server

• Database server

• Don’t forget audit/forensics!

NETWORK

Good: Limit by IP

Better: Allow administration via VPN only

Best: Admin interface on separate host, VPN only

Artist: Jonathan, Age 7 Heidelberg, Germany

WEB/APP SERVER

Good: Load balancing, “Basic” hardening (IP ACLs, only accept GET/POST, server tuned for large loads). SSL’s cheap nowadays

Better: Build Web Application Firewalls and reverse caches into your IaaS (mod_security’s free)

Best: Use 3rd party services to handle load and minimize security issues (CDNs like Akamai, Cloudflare)

Required: Input filtering, output encoding.

DATASTORE

Good: Place DBs on separate host from application.

Better: Place DBs in separate datacenters, and replicate

Best: Migrate to a “NOSQL” datastore (Cassandra, MongoDB, ElasticSearch)

Required: Encrypt data-at-rest

NOSQL SECURITY?• Many NOSQL systems turn off

even authentication

• Data labeling or granular access needs to be handled in application.

Artist: Luca, Italy

INTER-PROCESS COMMUNICATION

Good: Whatever you’ve dreamt up, (cloud bullhorn?) at least encrypt it.

Better: Use open protocols for communication between nodes. Make sure encryption is enabled!

Best: Consider using message queues.

Required, in case you missed it: encryption.

LOGGING & FORENSICS

What happens to logs when our scalable architecture…

scales down?

Cloud really really requires centralized logging, monitoring, and management.

Also, consider erase vs. overwrite

WHAT HAVE WE BUILT?• Scalable solution

• No single point of failure

• Healthy caution of all those around us (filtering/encoding)

• Data stored and transmitted safely

• And a nice set of audit logs for when Bad Things happen

LEARN MORE

Cloud Security Alliance

OWASP Cloud top 10

THANKS AND CONTACT INFO

“Bad People” drawings from http://badpeopleproject.org

Follow me on twitter: @johnlkinsella