Security in the Green Cloud

Size: px

Start display at page:

Download "Security in the Green Cloud"

Bernadette Neal
8 years ago
Views:

2 WHAT IS CLOUD COMPUTING? IT resources and services that are abstracted from the underlying infrastructure and provided On-Demand and At Scale in a multi-tenant environment 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

5 Policy Corporate Border Applications and Data Software as a Service Platform as a Service Infrastructure as a Service X as a Service Corporate Office Service Providers Attackers Branch Office Airport Home Office Mobile User Attackers Partners Customers Coffee Shop 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

6 Private Cloud (Iaas) Hosted/Private Virtual Cloud (IaaS) Public Cloud (IaaS) Public Cloud (SaaS) Data Data Data Data App App App App VM VM VM VM Server Server Server Server Storage Storage Storage Storage Network Network Network Network IT is in control Shared control They are in control 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

8 Threat Abuse and Nefarious Use of Cloud Computing Insecure Application Programming Interfaces SPI Model Risks Example IaaS PaaS SaaS IaaS PaaS SaaS Zeus Botnet, InfoStealertrojan horses, MSFT/Adobe exploit downloads Anonymous access, clear-text auth or transmission unknown service or API dependencies Malicious Insiders IaaS PaaS SaaS Well known threats Shared Technology Vulnerabilities IaaS PaaS SaaS J Rutkowska s Red and Blue Pill exploits Kortchinksy scloudburst Data Loss/Leakage IaaS PaaS SaaS Insufficient AAA, keys data store challenges, risk of association Account, Service & Traffic Hijacking IaaS PaaS SaaS New threats Unknown Risk Profile IaaS PaaS SaaS IRS asked AMZ EC2 to perform a C&A Source: Top Threats to Cloud Computing, Mar 2010 cloudsecurityalliiance.org 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

9 Private Cloud What is a Private Cloud? It s Private ;-) You have control of everything You decide the security policy No need for total separation of resources (some exceptions apply) Need to secure virtual machines and services Basically, its a Data Center on steroids with cool new Cloud technologies and capabilities added And we know how to solve this! Virtual Private Cloud 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

10 Public Cloud What is a Public Cloud? You are sharing a public infrastructure with others You do not have control of the infrastructure You do not decide the common security policy You control access to the leased infrastructure (IaaS/PaaS) You control access to your own services (IaaS/PaaS/SaaS) You need to work together with the Cloud Provider to establish trust and control The customer CANNOT solve this on his own! Need to establish TRUST between the Cloud Providers(s) and the Customer 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

11 Federated identity Between Customer and Cloud Providers Between Cloud Providers Cloud Brokers Need to be able to access different Cloud Providers using common technologies Standards, common control matrix matrix and Compliance The only way to establish trust 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 Private and IaaS Cloud Solutions Integrated Computed Stacks - VMDC dcpod Solutions - VPOD Data Center Interconnect Solutions Cisco Collaboration Cloud Based Solutions Private Cloud Collaboration Solution Hosted Collaboration Solution Partner Cloud Cisco WebEx Collaboration Cloud Cloud Security Solutions Security-as-a-Service: ScanSafe, Ironport Cloud Security Products: Nexus1000v, Virtual Security Gateway, VN-Link 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

15 " Security Guidance for Critical Areas of Focus in Cloud Computing Whitepaper: Comprehensive guide on how to secure Cloud Architectures, how to govern Clouds and how to operate securely in a Cloud Environment: " Also created the CSA Top threats to Cloud Computing document: " Subset of CSA corporate members: 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 CSA CloudAudit (A6: Automated Audit, Assertion, Assessment and Assurance API) : Provide a common interface that allows Cloud providers to automate the Audit, Assertion, Assessment, and Assurance of their environments and allow authorized consumers of their services to do likewise via an open, extensible and secure API. See and " CSA Controls Matrix: Provides fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider " CSA Consensus Assessment Initiative: The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 ENISA Benefits, risks and recommendations PCI and Common Criteria IEEE, IETF Distributed Management Task Force (DMTF) The European Telecommunications Standards Institute (ETSI) National Institute of Standards and Technology (NIST) ISACA COBIT ISO27001/2 American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standards (SAS) No. 70, Cisco and/or its affiliates. All rights reserved. Cisco Public 17

18 Cloud Security cannot be solved by any one organization The key is working together! Identifying issues and problems Create new technologies Create new standards and recommendations And this has to happen FAST as we are already seeing negative discussions about Public Cloud all due to the lack of TRUST 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 Thank you.

Cloud Computing Security. Belmont Chia Data Center Solutions Architect

Cloud Computing Security. Belmont Chia Data Center Solutions Architect Cloud Computing Security Belmont Chia Data Center Solutions Architect 1 Cloud Computing Security What is this Cloud stuff? Security in Public Clouds Security in Private Clouds 2 Defining Cloud Computing