CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments

Transcription

1 CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang Polytechnic Yao Sing, Tao, IDA Singapore Contributors Abhik Chaudhuri, Tata Consultancy Services Heberto Ferrer, HyTrust Hemma Prafullchandra, HyTrust J D Sherry, Cavirin Kelvin Ng, Nanyang Polytechnic Xiaoyu, Ge, Huawei Yao Sing, Tao, IDA Singapore Yiak Por, Heng, Nanyang Polytechnic CSA Global Staff Frank Guanco, Research Analyst Victor Chin, Research Analyst 1

2 Agenda Background Whitepaper Development Scope Introduction Securing Virtualization Platforms and establishing Governance Virtualization risks and Controls Risk Assessment What next? Q&A Background Project Charter The CSA Virtualization Working Group provides guidance on implementation best practices for enterprises in the deployment of virtualization in the areas of compute and network. Deliverables 1. White Paper for the enhancements on Security Guidance for critical areas of focus in cloud computing v 3.0 Domain A guideline for best practices for secure network virtualization design and deployment Participation 1. Basecamp 2. Bi-Weekly Concall 3. Open Peer review. 2

3 Whitepaper Development Working Group formed Aug 2014 Reference Documents Security Guidance for critical areas of focus in cloud computing v Domain 13 Singapore Standards Council, TR30:2012, Spring Singapore. Scope Provides guidance on the identification and management of security risks specific to compute virtualization technologies that run on server hardware as opposed to, for example, desktop, network, or storage virtualization. The audience includes enterprise information systems and security personnel and cloud service providers, although the primary focus is on the former 3

4 Introduction Cloud Computing Top Threats 2013 report by CSA Data breaches Data loss Account or service traffic hijacking Insecure interfaces and APIs Denial of services Malicious insiders Abuse of cloud services Insufficient due diligence Shared technology vulnerabilities Securing Virtualization Platforms and establishing Governance Initiation phase Identify virtualization needs, Providing an overall vision and create high-level strategy Identifying platforms and applications that can be virtualized 4

5 Securing Virtualization Platforms and establishing Governance Planning and Design phase Major considerations include selection of virtualization software, storage system, network topology, bandwidth availability and business continuity. Appropriate logical segregation of instances that have sensitive data. Separate authentication should be established for application / server, guest operating system, hypervisor, and host operating system Securing Virtualization Platforms and establishing Governance Implementation phase Virtualization platform should be hardened using vendor-provided guidelines and/or 3rd party tools. Role-based access policies should be enforced to enable segregation of duties, thereby facilitating proof of governance. Proper VM encryption is required to significantly reduce the risk associated with user access to physical servers and storage containing sensitive data. 5

6 Securing Virtualization Platforms and establishing Governance Disposition phase Tasks should be clearly defined in sanitizing media before disposition. VM retirement process must meet legal and regulatory requirements in order to prevent data leakage and breaches.. Virtualization Risks and Controls Risks and controls of using VM VM Sprawl Sensitive Data within a VM Security of Offline and Dormant VMs Security of Pre-Configured (Golden Image) VM / Active VMs Lack of Visibility Into and Controls Over Virtual Networks Resource Exhaustion 6

7 Virtualization Risks and Controls Risks and controls on using hypervisor Hypervisor Security Unauthorized Access to Hypervisor Risks and controls due to changes in operation procedures Account or Service Hijacking Through the Self- Service Portal Workload of Different Trust Levels Located on the Same Server Risk Due to Cloud Service Provider API Virtualization Risks and Controls VM Sprawl Risk Name VM Sprawl Risk Description VM sprawl describes the uncontrolled proliferation of VMs. Because VM instances can be easily created and existing instances can be easily cloned and copied to physical servers, the number of dormant VM disk files is likely to increase. In addition, the unique ability to move VMs from one physical server to another creates audit and security monitoring complexity and loss of potential control. As a result, a number of VMs may be unmanaged, unpatched, and unsecured. Relevant Security Aspect Relevant Governance Risk Area Vulnerabilities Affected Assets CCM v3.0.1 Risk to confidentiality, integrity, and availability Architectural and configuration risk Proper policy and control processes to manage VM lifecycle do not exist. Placement / zoning policies or enforcement of where a dormant VM can instantiate or reside does not exist. A discovery tool for identification of unauthorized VMs does not exist. VM CCC-05 7

8 Virtualization Risks and Controls VM Sprawl Potential security impact In a traditional IT environment, physical servers must be procured. This requirement enforces effective controls, because change requests must be created and approved before hardware and software can be acquired and connected to the data center. In the case of virtualization, however, VMs can be allocated quickly, self-provisioned, or moved between physical servers, avoiding the conventional change management process. Without an effective control process in place, VMs and other virtual systems with unknown configurations can quickly proliferate, consuming resources, degrading overall system performance, and increasing liability and risk of exposure. Because these machines may not be readily detectable or visible, they may not be effectively monitored or tracked for the application of security patches or effectively investigated should a security incident occur. Virtualization Risks and Controls VM Sprawl Security Controls for Mitigating Risks To mitigate risk, consider implementing the following security controls: Put effective policies, guidelines, and processes in place to govern and control VM lifecycle management, including self-service and automated scripts / DevOps tools. Control the creation, storage, and use of VM images by a formal change management process and tools. Approve additions only when necessary. Keep a small number of known-good and timely patched images of a guest operating system separately and use them for fast recovery and restoration of systems to the desired baseline. Discover virtual systems, including dormant ones and the applications running on them, regularly. Discovering, classifying, and implementing appropriate security controls for each VM and its associated network connections is critical. This process includes quarantine or rollback capability in case a compromise occurs. Use virtualization products with management solutions to examine, patch, and apply security configuration changes to VMs. 8

9 Risk Assessment Asset risk evaluation based on :- Identified vulnerabilities Likelihood Impact due confidentiality Impact due to integrity Impact due availability Average risk level rating For any risk level above acceptance criteria Mitigate risk items via recommended controls in whitepaper Continuously monitor and mitigate risks Risk Assessment Evaluation of Risk Type of Risk Asset exposed to risk Vulnerability Likelihood Impact Due to Confidentiality Compromise Impact Due to Integrity Compromise Impact Due to Availability Compromise Evaluate Risk Risk Level Treatment Control to be implemented Evaluate Residual Risk Level 1. VM Sprawl VM Lack of effective control process to manage VM lifecycle Lack of placement / zoning policies or enforcement of where a dormant VM can instantiate or reside Lack of discovery tool to identify unauthorized VMs 9

10 What Next? Update Security Guidance for critical areas of focus in cloud computing v 3.0 Domain 13 Plan to use it as a support document for ISO May 2015, Kuching Malaysia ISO Working Group 4 Either 6 month study period Or launch new WG item with enough support??? 10