security in the cloud: can you trust what you can’t touch? rob johnson security architect, cloud...
TRANSCRIPT
Security in the Cloud:Can You Trust What You Can’t Touch?
Rob Johnson
Security Architect, Cloud Engineering
Unisys Corp.
Page 2
Security in the Cloud: Agenda
• Introductions
• What is Cloud Computing, and what are the risks?
• Cloud Security Architecture
• Multi-Tenancy Considerations
• Wrap-up
Page 3
Security in the Cloud: Introductions
• Who am I?
– Rob Johnson, Distinguished Engineer, Unisys Corp.
– 30 years doing I/O, networking, and security
• Who is Unisys?
– 130+ year heritage
– Provides technology, services, and solutions to the world’s largest enterprises
• Who are You?
Page 4
Security in the Cloud: What is Cloud Computing?
• National Institute of Standards and Technology (NIST): http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc
– Essential Characteristics: On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service
– Service Models: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)
– Deployment Models: Private cloud, Community cloud, Public cloud, Hybrid cloud
– On/off Premise
• Security controls being defined by industry: FedRAMP, PCI DSS v2.0, etc.
Page 5
Security in the Cloud: What are the Risks?
• #1 Loss of control of assets (applications and data)
– Where are they?
– How many copies are there?
– Who can access them?
• #2 Compliance
– Regulatory Audits: PCI DSS v2, HIPAA, COBIT, FedRAMP, etc.
– Jurisdictional Boundaries: Patriot Act, Data locality regulations
• #3 Provider Transparency
– Process visibility
– Audit, logging, and Incident Event Management (IEM)
Page 6
Cloud Computing: Service Models
• Software as a Service (SaaS):– Complete application environment supplied and
managed by the Cloud Provider, not tenant
• Platform as a Service (PaaS)– Provider supplies an application development
and execution environment.
– Tenant can secure data and inter-process communication.
• Infrastructure as a Service (IaaS)– Provider supplies the infrastructure components
(compute, network, storage), but little else.
– Tenant runs a virtual data center.
Infrastructure as a Service
Platform as a Service
Software as a Service
Page 7
Security in the Cloud: Cloud Security Architecture
• Service Models wrapped in Access Planes
Provider Administration
End
Use
r A
cces
s
Tenant Administration
Infrastructure as a Service
Platform as a Service
Software as a Service
Intr
a-C
loud
Acc
ess
Page 8
Cloud Security Architecture: Access Planes
• Service Models wrapped in Access Planes
– Provider Administration:Controls and manages the service components
• IaaS: Hypervisors, vSwitches, vFirewalls, storage vLUNs, etc.
• PaaS: VMs for hosting applications, web services, storage containers, load balancers, etc.
• SaaS: Application suites, databases, identity management, etc.
Provider Administration
End
Use
r A
cces
s
Tenant Administration
Infrastructure as a Service
Platform as a Service
Software as a Service
Intr
a-C
loud
Acc
ess
Page 9
Cloud Security Architecture: Access Planes
• Service Models wrapped in Access Planes
– Provider Administration
– Tenant Administration:Manages per-Tenant components
• IaaS: VMs, vFirewalls, vLUNs
• PaaS: Applications, object stores
• SaaS: Users, application data objects
Provider Administration
End
Use
r A
cces
s
Tenant Administration
Infrastructure as a Service
Platform as a Service
Software as a Service
Intr
a-C
loud
Acc
ess
Page 10
Cloud Security Architecture: Access Planes
• Service Models wrapped in Access Planes
– Provider Administration
– Tenant Administration
– End User Access• IaaS: VM console (RDP,
rsh, etc.)
• PaaS: Distributed apps (SOA, webapps), test/dev, etc.
• SaaS: Application presentation
Provider Administration
End
Use
r A
cces
s
Tenant Administration
Infrastructure as a Service
Platform as a Service
Software as a Service
Intr
a-C
loud
Acc
ess
Page 11
Cloud Security Architecture: Access Planes
• Service Models wrapped in Access Planes
– Provider Administration
– Tenant Administration
– End User Access
– Intra-Cloud Access• Service-to-service
• Intra-tenant
• Web services
Provider Administration
End
Use
r A
cces
s
Tenant Administration
Infrastructure as a Service
Platform as a Service
Software as a Service
Intr
a-C
loud
Acc
ess
Page 12
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
• Identity and Access Management:“Who are you, and why do they keep sending you here?”
• Transparency:“Where are my assets, and who is doing what to them?”
Page 13
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
– Data in Process• Memory
• Processors and caches
• NICs
• HBAs
• etc.
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Page 14
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
– Data in Process
– Data in Motion• Cloud Intranet
– VLANs and Firewalls
– Cryptographic Communities of Interest
─ IPsec─ SSL─ Unisys Stealth
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Page 15
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
– Data in Process
– Data in Motion• Cloud Intranet
• Extranet / Internet
– Tenant DMZs
– Site-to-site VPNs
– Remote users
– Web access
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Internet
Page 16
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
– Data in Process
– Data in Motion
– Data at Rest• Network Attached Storage
(NAS)
– Per-tenant file servers
– Access Control Lists (ACLs)
– Encrypted File Systems
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Internet
Page 17
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
– Data in Process
– Data in Motion
– Data at Rest• Network Attached Storage
(NAS)
• Storage Area Network (SAN)
– Virtualized LUNs
– Encryption / Authentication
– Replication / Dispersal
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Internet
Page 18
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
– Data in Process
– Data in Motion
– Data at Rest• Network Attached Storage
(NAS)
• Storage Area Network (SAN)
• PaaS storage objects & containers
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Internet
Page 19
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
• Identity & Access Management:“Who are you, and why do they keep sending you here?”
– Identification: Who are you?
– Authentication: Prove you are who you say you are.
– Authorization: What are you allowed to do / what is your role?
– Validation: Double-check before executing
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Internet
Active Directory
Active Directory
Page 20
Security in the Cloud: Multi-Tenancy Considerations
• Isolation and Containment: Tenants Share Physical Resources
• Identity & Access Management:“Who are you, and why do they keep sending you here?”
• Transparency:“Where are my assets, and who is doing what to them?”
– Accountability: All actions are securely audited
– Chargeability: Pay-for-play
– SLAs: Availability, scalability,performance, etc.
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Memory
Hardware Resources (CPUs, NICs, HBAs)
Hypervisor
VM-1a
VM-1b
VM-2a
VM-2b
VM-3a
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Tenant DMZ
Firewall Intrusion Detection Anti-virus
Internet
Active Directory
Active Directory