Cloud Security - A Visibility Challenge

Download Cloud Security - A Visibility Challenge

Post on 18-Oct-2014

2.949 views

Category:

Technology

1 download

DESCRIPTION

Cloud security really boils down to a visibility challenge. I am showing why companies are moving to the cloud and what the security implications are. The security challenges boil down to a visibility, which in turn is a big data challenge. Loggly, a logging as a service provider, addresses this visibility challenge by providing a big data, cloud logging platform. The presentation outlines some visualization use-cases that can be built on top of the Loggly platform to support visibility into cloud operations.

TRANSCRIPT

Cloud SecurityA Visibility Challenge

UNAM 2010, Mexico City

Raffael Marty - @zrlramWednesday, December 1, 2010

by Raffael MartyLogging as a Service

Raffael Marty

2

Founder @ Chief Security Strategist and Product Manager @ Splunk Manager Solutions @ ArcSight Intrusion Detection Research @ IBM Research IT Security Consultant @ PriceWaterhouse Coopers

Applied Security VisualizationPublisher: Addison Wesley (August, 2008)

ISBN: 0321510100

Wednesday, December 1, 2010

by Raffael MartyLogging as a Service

Agenda

3

Data CentersThe CloudA New Risk Landscape

Visibility and Big DataLogging as a Service

Wednesday, December 1, 2010

Data Centers

4

Wednesday, December 1, 2010

Raffael Marty - @zrlram

11.8 million servers in data centers

5

Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Servers are used at only 15% of their capacity

6

Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST

Wednesday, December 1, 2010

Raffael Marty - @zrlram

800 billion dollars spent yearly on purchasing and maintaining enterprise software

7

Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST

80% of enterprise software expenditure is on installation and maintenance of software

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Data centers consume up to 100 times more per square foot than a typical office building

8

Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST

Data centers consume 1.5% of the USAs electricity

Wednesday, December 1, 2010

Raffael Marty - @zrlram 9Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST

From 2001 to 2006:

Number of servers doubled Average power consumption per server

quadrupled

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Green technologies can reduce energy costs by 50%

10

Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST

Wednesday, December 1, 2010

The Cloud

11

Wednesday, December 1, 2010

Raffael Marty - @zrlram

The Public Cloud

12

IaaS - InfrastructurePaaS - PlatformSaaS - Software

Enterprise Infrastructure ServicesLaaS - LoggingXaaS - DNS / RDBMS /...

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Cloud Features Almost infinite resources - on demand Pay as you go Elasticity - dynamic load allocation Quality of service guarantees (SLAs) Outsource non-core capabilities / responsibilities Forces operations to streamline and automate Availability of infrastructure services (load balancing, database, logging, etc.) Enables higher availability

- Provision in multiple data centers / multiple instances13

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Why Companies Move to the Cloud

14

Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications. - Infoworld

If you move your data centre to a cloud provider, it will cost a tenth of the cost. Brian Gammage, Gartner Fellow

Using cloud infrastructures saves 18% to 29% before considering that you no longer need to buy for peak capacity - George Reese, founder Valtira and enStratus

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Why Companies Move to the Cloud

15

Ecological considerations drive economical decisions Increased Efficiency due to better use of resources More predictable cost IT staff can be freed up for other initiatives Design with redundancy and failure tolerance needed

Automation is necessary, but is a good thing Easy integration of services for non-core capabilities (RDBMS, Load balancing, etc.)

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Changes in Security The Good

- Cloud homogeneity makes security auditing/testing simpler- Clouds enable automated security management- Redundancy / Disaster Recovery- Distributed denial of service (DDoS) protection

The Bad?- Loss of physical control - No more network-based Intrusion Detection- No data leak prevention (DLP)- Little network routing mechanisms

16

Wednesday, December 1, 2010

Raffael Marty - @zrlram

What Has Changed Data Storage and Access

- Isolation management / data multi-tenancy- Data retention issues - Data dispersal and international privacy laws

EU Data Protection Directive and U.S. Safe Harbor program Exposure of data to foreign governments and data subpoenas

Processing Infrastructure- Application multi-tenancy- Reliance on hypervisors- Process isolation / Application sandboxes

17

Wednesday, December 1, 2010

Your New Risk Landscape

18

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Risk = (Threat, Vulnerability)

Trusting vendors security model- Obtaining support for investigations- Inability to respond to audit findings

19

Hypervisor escaping Stored credentials Web ubiquity

Shared resources Using external services

- Proprietary implementations cant be examined- Availability of services- Confidentiality of services

Malicious insiders Data storage

Wednesday, December 1, 2010

Visibility and Big Data

20

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Visibility

21

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Visibility

22

Monitoring-Performance-Availability-Ephemeral Infrastructure

Security-New Threats-New Vulnerabilities-Different Risk Distribution

IaaS - Similar to beforePaaS - Lack of InfrastructureSaaS - Blind?

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Application Visibility If you cant control the infrastructure, control your applicationsApplication logging

- need guidelines- better tools- education of developers / students?

Challenges- how to centrally collect all the data- how to mine the data- how to use/understand the data

23

See: Raffael Marty, Cloud Application Logging for Forensics, SAC 2011, Taipei.

Wednesday, December 1, 2010

Raffael Marty - @zrlram

Big Data

24

NoSQLDistributed data storesDistributed queuesMap reduceETL (Extract, Transform, Load)...

Wednesday, December 1, 2010

by Raffael MartyLogging as a Service

LaaS - Logging as a Service

25

Log collection all data in one place

Log storage and management index, storage, archive

Extremely fast log search across all your data data source agnostic (no parsers) innovative Web shell

API log access oAuth authentication always on

Benefits No installation Easy configuration No maintenance

Great scalability 7x24 availability Pay as you go

Wednesday, December 1, 2010

by Raffael MartyLogging as a Service

Logging BusLogs published to busConsumers read from bus

MashupsSituational awarenessSecurity forensicsSecurity monitoring

26

mobile-166 My syslog

Bus

Clouds

Data centers

Small businesses

Individuals

Machines Mashups Users

Wednesday, December 1, 2010

by Raffael MartyLogging as a Service

Situational Awareness Treemap Protovis.JS Size: Amount Brightness: Variance Color: Sensor Shows: Scans - bright spots

Thanks to Chris Horsley27

Wednesday, December 1, 2010

by Raffael MartyLogging as a Service

Forensics

28

mobile-166 My syslog

Wednesday, December 1, 2010

by Raffael MartyLogging as a Service

Security Visualization

29

www.secviz.org

Wednesday, December 1, 2010

30

about.me/raffyloggly.com/signup

Wednesday, December 1, 2010

Recommended

View more >