Cloud Security - A Visibility Challenge

Download Cloud Security - A Visibility Challenge

Post on 18-Oct-2014

2.949 views

Category:

Technology

1 download

DESCRIPTION

Cloud security really boils down to a visibility challenge. I am showing why companies are moving to the cloud and what the security implications are. The security challenges boil down to a visibility, which in turn is a big data challenge. Loggly, a logging as a service provider, addresses this visibility challenge by providing a big data, cloud logging platform. The presentation outlines some visualization use-cases that can be built on top of the Loggly platform to support visibility into cloud operations.

TRANSCRIPT

<p>Cloud SecurityA Visibility Challenge</p> <p>UNAM 2010, Mexico City</p> <p>Raffael Marty - @zrlramWednesday, December 1, 2010</p> <p> by Raffael MartyLogging as a Service</p> <p>Raffael Marty</p> <p>2</p> <p> Founder @ Chief Security Strategist and Product Manager @ Splunk Manager Solutions @ ArcSight Intrusion Detection Research @ IBM Research IT Security Consultant @ PriceWaterhouse Coopers</p> <p>Applied Security VisualizationPublisher: Addison Wesley (August, 2008)</p> <p>ISBN: 0321510100</p> <p>Wednesday, December 1, 2010</p> <p> by Raffael MartyLogging as a Service</p> <p>Agenda</p> <p>3</p> <p>Data CentersThe CloudA New Risk Landscape</p> <p>Visibility and Big DataLogging as a Service </p> <p>Wednesday, December 1, 2010</p> <p>Data Centers</p> <p>4</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>11.8 million servers in data centers</p> <p>5</p> <p>Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Servers are used at only 15% of their capacity</p> <p>6</p> <p>Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>800 billion dollars spent yearly on purchasing and maintaining enterprise software </p> <p>7</p> <p>Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST</p> <p>80% of enterprise software expenditure is on installation and maintenance of software </p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Data centers consume up to 100 times more per square foot than a typical office building</p> <p>8</p> <p>Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST</p> <p>Data centers consume 1.5% of the USAs electricity</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram 9Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST</p> <p>From 2001 to 2006:</p> <p> Number of servers doubled Average power consumption per server </p> <p>quadrupled </p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Green technologies can reduce energy costs by 50%</p> <p>10</p> <p>Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST</p> <p>Wednesday, December 1, 2010</p> <p>The Cloud</p> <p>11</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>The Public Cloud</p> <p>12</p> <p>IaaS - InfrastructurePaaS - PlatformSaaS - Software</p> <p>Enterprise Infrastructure ServicesLaaS - LoggingXaaS - DNS / RDBMS /...</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Cloud Features Almost infinite resources - on demand Pay as you go Elasticity - dynamic load allocation Quality of service guarantees (SLAs) Outsource non-core capabilities / responsibilities Forces operations to streamline and automate Availability of infrastructure services (load balancing, database, logging, etc.) Enables higher availability</p> <p>- Provision in multiple data centers / multiple instances13</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Why Companies Move to the Cloud</p> <p>14</p> <p>Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications. - Infoworld</p> <p>If you move your data centre to a cloud provider, it will cost a tenth of the cost. Brian Gammage, Gartner Fellow</p> <p>Using cloud infrastructures saves 18% to 29% before considering that you no longer need to buy for peak capacity - George Reese, founder Valtira and enStratus</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Why Companies Move to the Cloud</p> <p>15</p> <p> Ecological considerations drive economical decisions Increased Efficiency due to better use of resources More predictable cost IT staff can be freed up for other initiatives Design with redundancy and failure tolerance needed</p> <p> Automation is necessary, but is a good thing Easy integration of services for non-core capabilities (RDBMS, Load balancing, etc.)</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Changes in Security The Good</p> <p>- Cloud homogeneity makes security auditing/testing simpler- Clouds enable automated security management- Redundancy / Disaster Recovery- Distributed denial of service (DDoS) protection</p> <p> The Bad?- Loss of physical control - No more network-based Intrusion Detection- No data leak prevention (DLP)- Little network routing mechanisms</p> <p>16</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>What Has Changed Data Storage and Access</p> <p>- Isolation management / data multi-tenancy- Data retention issues - Data dispersal and international privacy laws</p> <p> EU Data Protection Directive and U.S. Safe Harbor program Exposure of data to foreign governments and data subpoenas</p> <p> Processing Infrastructure- Application multi-tenancy- Reliance on hypervisors- Process isolation / Application sandboxes</p> <p>17</p> <p>Wednesday, December 1, 2010</p> <p>Your New Risk Landscape</p> <p>18</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Risk = (Threat, Vulnerability)</p> <p> Trusting vendors security model- Obtaining support for investigations- Inability to respond to audit findings</p> <p>19</p> <p> Hypervisor escaping Stored credentials Web ubiquity</p> <p> Shared resources Using external services</p> <p>- Proprietary implementations cant be examined- Availability of services- Confidentiality of services</p> <p> Malicious insiders Data storage</p> <p>Wednesday, December 1, 2010</p> <p>Visibility and Big Data</p> <p>20</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Visibility</p> <p>21</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Visibility</p> <p>22</p> <p>Monitoring-Performance-Availability-Ephemeral Infrastructure</p> <p>Security-New Threats-New Vulnerabilities-Different Risk Distribution</p> <p>IaaS - Similar to beforePaaS - Lack of InfrastructureSaaS - Blind?</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Application Visibility If you cant control the infrastructure, control your applicationsApplication logging</p> <p>- need guidelines- better tools- education of developers / students?</p> <p>Challenges- how to centrally collect all the data- how to mine the data- how to use/understand the data</p> <p>23</p> <p>See: Raffael Marty, Cloud Application Logging for Forensics, SAC 2011, Taipei.</p> <p>Wednesday, December 1, 2010</p> <p>Raffael Marty - @zrlram</p> <p>Big Data</p> <p>24</p> <p>NoSQLDistributed data storesDistributed queuesMap reduceETL (Extract, Transform, Load)...</p> <p>Wednesday, December 1, 2010</p> <p> by Raffael MartyLogging as a Service</p> <p>LaaS - Logging as a Service</p> <p>25</p> <p> Log collection all data in one place</p> <p> Log storage and management index, storage, archive</p> <p> Extremely fast log search across all your data data source agnostic (no parsers) innovative Web shell</p> <p> API log access oAuth authentication always on</p> <p>Benefits No installation Easy configuration No maintenance</p> <p> Great scalability 7x24 availability Pay as you go</p> <p>Wednesday, December 1, 2010</p> <p> by Raffael MartyLogging as a Service</p> <p>Logging BusLogs published to busConsumers read from bus</p> <p>MashupsSituational awarenessSecurity forensicsSecurity monitoring</p> <p>26</p> <p>mobile-166 My syslog</p> <p>Bus</p> <p>Clouds</p> <p>Data centers</p> <p>Small businesses</p> <p>Individuals</p> <p>Machines Mashups Users</p> <p>Wednesday, December 1, 2010</p> <p> by Raffael MartyLogging as a Service</p> <p>Situational Awareness Treemap Protovis.JS Size: Amount Brightness: Variance Color: Sensor Shows: Scans - bright spots</p> <p> Thanks to Chris Horsley27</p> <p>Wednesday, December 1, 2010</p> <p> by Raffael MartyLogging as a Service</p> <p>Forensics</p> <p>28</p> <p>mobile-166 My syslog</p> <p>Wednesday, December 1, 2010</p> <p> by Raffael MartyLogging as a Service</p> <p>Security Visualization</p> <p>29</p> <p>www.secviz.org</p> <p>Wednesday, December 1, 2010</p> <p>30</p> <p>about.me/raffyloggly.com/signup</p> <p>Wednesday, December 1, 2010</p>

Recommended

View more >