Risk, security, and legal analysis for migration to cloud. PART 2: Organising a secured cloud architecture

Transcription

1 Project acronym: Project name: Project code: NEBULA A novel vocational training programme on cloud computing skills LLP GR-LEONARDO-LMP Document Information Document ID name: Nebula_WP4_D4.3.1_Learning_Material_and_Content_2015_30_04 Document title: Nebula VET program learning material and content Type: Slides Date of Delivery: 30/04/2015 Work package: WP4 Activity D Dissemination level: Public Document History Versions Date Changes Type of change Delivered by Version /04/2015 Initial Document - UCBL and INSA of Lyon Version /06/2015 Edition Modifications according to feedback provided by partners UCBL and INSA of Lyon Version /09/2015 Edition Insertion of license type UCBL and INSA of Lyon Acknowledgement The persons of UCBL in charge of producing the course are Parisa Ghodous, Catarina Ferreira Da Silva, Jean Patrick Gelas and Mahmoud Barhamgi. The persons from UCBL involved in preparing, translation and review are Hind Benfenatki, Gavin Kemp and Olivier Georgeon. The persons of INSA of Lyon in charge of producing the course are Frédérique Biennier, Nabila Benharkat. The persons from INSA of Lyon involved in preparing, translation and review are Francis Ouedraogo and Youakim Badr. Disclaimer The information in this document is subject to change without notice. All rights reserved. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. This publication reflects the views only of the author, and the Commission cannot be held responsible for any use, which may be made of the information contained therein.

2 Module 3 objectives The aim of this module is to provide the student with the capabilities to analyse the risks and legal implications associated to the migration process, assessing their influence in the data, processes, and applications Note: due to intellectual property reasons, the logotype of UCBL must remain in all utilisation of this course content, as well as the note copyright DUNOD mentioned in some slides with figures.

3 Risk, security, and legal analysis for migration to cloud PART 2: Organising a secured cloud architecture

4 According to you, how can you assess the risks associated to the Cloud Migration? Do you know some risks analysis methods? Are you aware of security project in your organisation? Do you know some Cloud security models? How can you evaluate organisational risks? How can you evaluate Cloud platform risks?

5 According to you, how can you assess the risks associated to the Cloud Migration? In this part you will Learn basic principles of Security Risks management methods Get information to compare some methods and organise a security project Learn basic Cloud security models Get information on Business and Cloud platform security models Identify security risks associated to a Business Process migration

6 PART 2 OVERVIEW 1. Security models and methods 2. Cloud security models 3. Cloud risks evaluation

7 Methods to design secured systems Different goals Security policy specification Security goals Risks identification Methods Ebios Octave Secured infrastructure organisation Safe SNA Introduction os security constraints in IS / process design: Security by design?

8 Vulnerabilities classes Organisation related vulnerabilities Backup management Role and access rights management Software components related vulnerabilities Code audit Software certification Communication infrastructure related vulnerabilities Intrusion Tapping communication traffic Deny of service Environment related vulnerabilities

9 Methods to manage a security project Traditional project organisation Preliminary study -> Perimeter and requirements definition Specification -> Threats and vulnerabilities identification Integration of solutions to mitigate risks Deployment Choose convenient technologies Organise the architecture Major need Engineering the Global architecture with an end to end perspective Know precisely who is responsible for what Knowledge bases provided by the different methods (EBIOS, MEHARI, OCTAVE, SNA, Safe )

10 Comparison of different methods EBIOS OCTAVE Requirements analysis Design Implementation Risks and security goals identification Identification of the way IS can be acceded Protection patterns Best practices and security goals organisation Audit and implementation + project management SNA IT components and Business Process identification Design of an attackproof system Information on attacks and implementaiton of knowledge bases MEHARI Limited risks analysis Best practices Enterprise security dashboards

11 Cloud risks Is security different for Clouds? Cloud has its own vulnerabilities Architecture Hypervisor Distributed system Different software components Organisation Different actors Responsibilities areas Distributed system using hot plug / hot deployment Difficulties related to the use conditions Personal data Reading / understanding difficulties

12 Jericho Forum security model Three axes define how the cloud is controlled Where the cloud is implemented Who manages the Cloud Which kind of software Picked from the Jericho s Forum

13 Cloud Security Alliance Software stack oriented standard specifications Top threats analysis ( CSA also provides a risk analysis tool (

14 Picked from CSA Cloud Security Alliance

15 Risks and controls XaaS IaaS PaaS SaaS Security criteria Confidentiality Integrity Availability Non Repudiation Secured network and physical access to infrastructures Design APIs without weaknes and implement platform access control Data security management Users and hosting process integrity control on each cloud node API integrity Exchanged messages and processed data integrity management Resources (bandwith, storage, network, VM computing environment.) availability APIs and Cloud platform availability Data and application availability Manage, monitor and log actvities related to network, storage, computing and VMs resources Log platform accesses Identify and log accesses to applications and data

16 Risks depending on Cloud types Deployment model Private Cloud Public Cloud Security challenges Data confidentiality and integrity must be taken into account as in classical Information System The Cloud manager / owner is reponsible for the consequences in case of damages Data confidentiality and integrity as in private Cloud + provide isolation means so that data belonging to different clients won t be mixed Check that the Cloud legal environment that will be used will not compromise Data confidentiality (ex: US Patriot Act) Community cloud Hybrid Cloud The global security policy should comply each entreprise security policy. This is difficult as corporates do not have the same security / collaboration / Cloud hosting strategies Integrate all challenges related to the different cloud types.

17 Data classification Traffic Light Government Description Protocol classification RED Top secret Highly sensitive data that must not be shared. Any disclosure causes exceptionally grave damages. ORANGE Secret Very sensitive data that can only be shared with members of the organisation who need to know this data to achieve their tasks. Any disclosure beyond this restricted perimeter will seriously damage corporate safety. GREEN Confidential Sensitive data that can be shared with authorise parners and / or members of the community. Disclosure beyond this perimeter negatively impacts security. LIGHT GREEN Restricted Low sensitive data that can be shared with the members of the organisation. Its disclosure may have unsuitable effects. BLANC Unclassified Non sensitive data that can be accessed / shared without any restriction provided that authoring rights / licensing are controlled / respected. It does not require any authorisation

18 Business security model Integration of organisational specification Define data and process patrimonial value Financial / personal / strategic Identification of actors / rights Who can accede / launch / use When, from where and how See the excel file Functional&OrganizationlSpecification FunctionalSpecification OragnizationalSpecification AccessControl OtherFunctional Financial Strategic personnal Picked from W. F. Ouedraogo PhD Thesis p. 196 When FromWhere Who How

19 Platform model and associated risks Cloud type identification Owner XaaS level Specific threat identification 0..* Trust 0..1based on0..* Platform Trust assess 1..1 Clien define 1..* CloudDeployType GeneralSpecification 1..* 0..* define 1..* CloudServiceType 1..1 has 1..* SecuritySpecification * implement SecurityMechanism Resource 0..* concerne 0..* 0..1 has 0..* * can be reduced by 0..* concern Vulnerability CounterMeasure 1..* 1..* Threat 0..1 use Logical Application Infrastructure Communication Confidentiality NonRepudiation Integrity Availability Picked from W. F. Ouedraogo PhD Thesis p. 209

20 Case study Pick a use case e-service workflow organisation Annotate the security requirements (depending on the functional specification / process organisation) with the set of questions from the excel file (WP431_D431-module3- part2-risks_questionnaire.xlsx)

21 Case study Based on the migration strategy, characterize the target deployment environment using the excel file (WP431_D431-module3-part2- risks_questionnaire.xlsx)