rebuilding for the cloud - how cloud architeture can improve application security
DESCRIPTION
Talk I gave at OWASP San Francisco 3/14/2012TRANSCRIPT
REBUILDING FOR THE CLOUD
HOW CLOUD ARCHITECTURE CAN IMPROVE APPLICATION SECURITY
INTRO
AGENDA
Definitions (brief, I promise)
Cloud Benefits
Cloud Security Concepts
Moving applications to the cloud, wrong way
Moving applications to the cloud, right way
Please do ask questions!
CLOUD [kloud]noun
NIST Definition (AKA SP800-145)
• On demand, self-service• Broad network access• Resource pooling• Rapid elasticity• Measured (read: billable) service
INFORMATION SECURITY[in-fer-mey-shuhn si-kyoor-i-tee]noun
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
See Also: Job Security
Artist: Tyler, 11. Dortmund, Germany
CLOUD BENEFITS
Main benefit: Flexibility
Possible benefit: Cost savings
CLOUD SECURITY CLIFF NOTES
• Trust nobody
• Encrypt everything
• Expect service issues
WHAT’S WRONG WITH FORKLIFTING?
FORKLIFTING…
“Datacenter” application to the cloud:
• Can’t trust what you used to
• Datacenter apps usually not flexible
• Confidentiality, Integrity, Availability all handled differently
ENTERPRISE vs CLOUD
HOW ABOUT PAAS?
LEVERAGING CLOUD ARCHITECTURE
How can we (gently) re-architect to take advantage of the cloud?
• Network
• Web server
• Application Server
• Database server
• Don’t forget audit/forensics!
NETWORK
Good: Limit by IP
Better: Allow administration via VPN only
Best: Admin interface on separate host, VPN only
Artist: Jonathan, Age 7 Heidelberg, Germany
WEB/APP SERVER
Good: Load balancing, “Basic” hardening (IP ACLs, only accept GET/POST, server tuned for large loads). SSL’s cheap nowadays
Better: Build Web Application Firewalls and reverse caches into your IaaS (mod_security’s free)
Best: Use 3rd party services to handle load and minimize security issues (CDNs like Akamai, Cloudflare)
Required: Input filtering, output encoding.
DATASTORE
Good: Place DBs on separate host from application.
Better: Place DBs in separate datacenters, and replicate
Best: Migrate to a “NOSQL” datastore (Cassandra, MongoDB, ElasticSearch)
Required: Encrypt data-at-rest
NOSQL SECURITY?• Many NOSQL systems turn off
even authentication
• Data labeling or granular access needs to be handled in application.
Artist: Luca, Italy
INTER-PROCESS COMMUNICATION
Good: Whatever you’ve dreamt up, (cloud bullhorn?) at least encrypt it.
Better: Use open protocols for communication between nodes. Make sure encryption is enabled!
Best: Consider using message queues.
Required, in case you missed it: encryption.
LOGGING & FORENSICS
What happens to logs when our scalable architecture…
scales down?
Cloud really really requires centralized logging, monitoring, and management.
Also, consider erase vs. overwrite
WHAT HAVE WE BUILT?• Scalable solution
• No single point of failure
• Healthy caution of all those around us (filtering/encoding)
• Data stored and transmitted safely
• And a nice set of audit logs for when Bad Things happen
LEARN MORE
Cloud Security Alliance
OWASP Cloud top 10
THANKS AND CONTACT INFO
“Bad People” drawings from http://badpeopleproject.org
Follow me on twitter: @johnlkinsella