content-aware identity & access management in a virtual environment

Transcription

1 WHITE PAPER Content-Aware Identity & Access Management in a Virtual Environment June 2010 content-aware identity & access management in a virtual environment Chris Wraight CA Security Management we can

2 table of contents executive summary SECTION 1 Virtual security challenges are more problematic 04 Virtualization technology allows it to respond and reduce operating costs 04 Physical security is well established 04 Virtualization technologies can be more difficult to secure than physical machines 04 Managing roles, identities, and applications 05 Controlling privileged users 05 Data sprawl grows rapidly 06 Inadequate auditing hampers compliance 06 SECTION 2 Protecting the virtual environment 06 SECTION 3 CA Content-Aware IAM provides superior protection 08 Seamlessly secure physical and virtual environments 08 Control identities 08 Control access 08 Control information 09 Verify control 09 SECTION 4 Conclusions 10 SECTION 5 References 10 SECTION 6 About the author 10

3 executive summary Challenge The identity and access management challenges that exist in the physical world identity management, application security, access control, managing sensitive data, user activity logging, and compliance reporting are even more critical in the virtual environments that are growing in use as IT seeks to streamline its operations and reduce operating costs. In fact, in a virtual environment, the security challenges multiply rapidly and introduce new risks. Where an organization might have had a single application server, in a virtual environment they could see that quickly evolve to thirty servers. How can security be maintained, not only on a physical machine, but also on the virtual machines it hosts, and the applications running on those virtual machines? And how easy is it for an organization to manage this from a central location? Opportunity Organizations have begun to quickly adopt virtualization technology to help them streamline their operations and reduce operating costs. Recognizing that their exposure to security risks is increased due to the nature of the virtualization environment, IT should seek to extend their security solutions from the physical server environment to the virtualization environment as seamlessly as possible. In an ideal situation, the organization should be able to manage both environments from a single location with the same software solutions. Benefits CA Content-Aware IAM solutions that help protect our customers in the physical world seamlessly extend to similarly protect virtual environments by controlling identities, access, and information usage. Key benefits of the solutions in a virtual environment include privileged user management of virtual administrators, fine-grained access controls on virtual hosts and guests, enhanced user activity and compliance reporting in virtual environments, sensitive data discovery on virtualized systems, and extension of identity and access management capabilities to virtual systems and applications. 03

4 Section 1: Virtual security challenges are more problematic Virtualization technology allows IT to respond and reduce operating costs IT s increased use of virtualization technology is due to the benefits of streamlined operations and reduced operating costs. But in a virtual environment, the security challenges multiply rapidly and introduce new risks. Where an organization might have had a single application server, they could see that quickly evolve to thirty servers. How can security be maintained, not only on a physical machine, but also on the virtual machines it hosts, and the applications running on those virtual machines? And how can an organization control and manage this from a central location? As an example, a Fortune 50 company takes up to six months to deliver a server to their internal customer, which is five months and three weeks too long for them to remain competitive. By using virtualization technology, they expect to reduce that interval to five business days. From an operating cost perspective, by using virtualization technology, IT can approach 100% utilization of a physical server. In return, they may reduce physical space requirements, which, in turn, may also reduce their real estate, personnel, bandwidth, and HVAC costs. Physical security is well established Over the past fifty years, security for physical IT operations has become well established. Whether the security involves controlling physical access to a server (e.g. rack-mounted server cages) or identity management software, rules, processes, and best practices have been established. Security software has evolved to provide IT with the right tools to manage the physical environment. In addition to identity management, application security, access control, information control, user activity logging, and reporting are all solutions being used effectively today. Virtualization technologies can be more difficult to secure than physical machines Regardless of whether it is a physical or virtual environment, the need for complete security management remains. According to Gartner, through 2012, 60% of virtualized servers will be less secure than the physical servers they replace, dropping to 30% by YE Meeting compliance regulations, managing and governing identities, controlling access, as well as finding, classifying, and controlling how information is used, are the biggest challenges facing IT as they migrate to virtual environments. Virtualization technologies enable the execution of multiple operating system instances, or virtual machines (VMs), on the same physical piece of hardware. Each VM functions as if it were its own physical machine with a dedicated operating system and hosted applications. The layer within the virtualization platform that enables hardware resource sharing among VMs is called the hypervisor. When we want to identify the risks of virtualization, we first need to understand how virtualization is different from traditional physical environments. In the physical server environment, native operating system security does not provide protection for mission-critical data and resources at the level needed to meet regulatory compliance and security best practices, and this carries over to the virtualization environment. The virtualization host becomes more critical as it hosts many virtual machines not 04

5 only one. The hypervisor serves as a single management point to all VM images and control over many critical services, creating a vulnerability leverage point. A person with hypervisor access is analogous to a root user in the UNIX world; this person can do anything to any of the hosted machines. Compromising the hypervisor to download an image or introduce a rogue VM is equivalent to bypassing physical security to break into a server room in order to steal a machine or introduce an unauthorized machine to the data center. Virtualization management applications can be bypassed and the hosting operating system or virtualization console can be accessed directly by privileged users. We used to have servers stacked away in our server room with tight physical controls in place to control access to the boxes. In a virtual environment, servers are files that can be copied from the Host. Copying a server image is equivalent to stealing a server from the server room. Furthermore, machine memory can be accessed from the hypervisor, compromising transmitted information like passwords and encryption keys. So, safeuarding access to the virtualization host even remote access is critical. The modern virtual data center is highly distributed, unlike the traditional mainframe. Risks that were previously mitigated using physical security must now be handled by IT security. Managing roles, identities, and applications If identities are not well managed in the physical world, then attempting to implement a virtual environment will exacerbate the identity and access problems that exist today. Using software to clearly define and manage users and roles is what many companies do today. This then coordinates with an identity management solution to confirm that users are only granted the appropriate privileges. If not managed properly, uncontrolled, overprivileged users will be able to wreak havoc on a greater number of systems and applications in a virtual environment. On the other side of the security spectrum is the need to manage secure access to applications, by users as well as other applications or services. In a virtualized environment, application servers will come online and go offline as computing demands ebb and flow. A scalable access management platform to provide proper fine-grained access controls needs to be in place before virtualization of many applications can take place. This enables organizations to leverage a reliable and secure platform for both the physical and virtual environments. Controlling privileged users Normal users are identified and controlled by the operating system and application security. They may make mistakes or attempt misuse; however, provided the controls are correctly set, they should not be able to breach confidentiality or damage the system. The privileged user has elevated privileges on the servers. The privileged user s access is not controlled by the operating system security, and his/her username and/or password is typically shared between administrators, making him/her mostly anonymous. Virtualization makes the problem worse. The administrator not only has leverage over the physical host, but also all of the virtual sessions running on it. He/She can also have access to sensitive data and have an impact on business continuity. Without an independent access control solution, multiple privileged users in various roles have the ability to interact with numerous components of a virtualization deployment. This inadequately regulated access to the hypervisor presents the potential for significant damage to the enterprise through the compromise of valuable information 05

6 and disruption of critical services. VM images can be copied, along with the data and applications that they hold. These images can be brought back online on an unsecured network, making it easier for an intruder to access the contents managed within the copied image. A well-meaning developer at a large insurance company made a clone of a production VM and launched it in a QA environment. The company had no controls on access, so the developer was allowed free access to QA, Development, and Production environments. When he turned on the copy of the system, the machine behaved as though it was in production. The developer ran some claims scenarios in order to test functionality, and didn t realize that the system was actually cutting checks and kicking off the process to mail the checks to customers. One customer received two checks for a claim that was already in process and called to ask about which one should be cashed; this was the way the company found out what was occurring. This is the nightmare scenario for many IT organizations. Data sprawl grows rapidly As virtualized servers grow, so too does the amount of sensitive company data residing on them. Personal medical files, proprietary product plans, employee records, and credit card data is information that needs to be located and prevented from leaving the organization. How can an organization keep track of this information, especially if VMs may come online and go offline? Inadequate auditing hampers compliance Given the leverage the virtualization platform has on the stability of the entire data center and on the integrity of the data it manages, it must be viewed as critical infrastructure. As a result, the virtualization platform is subject to tight regulatory requirements. Organizations must track the interaction that each user has with the virtualization platform and within each of the VMs it hosts. However, native audit capabilities provided by operating systems are too coarse to be effective and are vulnerable to tampering and to snapshot manipulation. Auditors, until lately have not been virtualization savvy, and virtualization audit issues haven t yet been regularly flagged. But this is changing, as seen by the recent updates to various common regulations such as PCI. Access to the hosting operating system must be tracked and audited to prove controls have maintained its integrity and effectiveness. Similarly, within each VM, access gained to each guest operating system is subject to the same regulatory compliance requirements. Section 2: Protecting the virtual environment IT organizations have begun to quickly adopt virtualization technology to help them streamline their operations and reduce operating costs. Recognizing that their exposure to security risks is increased due to the nature of the virtualization environment, IT should seek to move their security solutions from the physical server environment to the virtualization environment as seamlessly as possible. In an ideal situation, the organization should be able to manage both environments from a single location and extend software solutions used in the physical world. Identity and access management solutions are critical to confirming that systems and applications are well managed and controlled. 06

7 The authorized people and security processes that have already been defined should be leveraged to secure and manage the virtual environment. As seen in Figure 1, a content-aware identity and access management solution encompasses several areas. To the left, role and access policy management are outside the virtual server; this solution is defining the various roles of users that are going to be accessing the virtual machines (VMs). On the right, system and application access is being brokered by security software. The applications will be running on the VMs, e.g., a database, ERP, etc. Sometimes this software will also run on a VM as well and it could occasionally be offline. In the middle are the virtual systems and applications. Here, multiple VMs will run an assortment of applications that are critical to the business. They can be running all the time, or just when demand requires. A privileged user management application, along with fine-grained access control, will control privileged users what they can and cannot do both getting to a VM in the first place, or an application running in the VM itself. Compliance reporting will collect activity from all the logs in the environment. As with other areas, the VM could be offline and must be accounted for even though it is not active. As soon as the VM comes online, it needs to be able to begin logging user activity. Information protection facilitates the management of the data sprawl that accompanies VM sprawl so that it remains under control, and sensitive company information can be identified and prevented from leaving the organization via unauthorized means. Figure 1 A content-aware identity & access management virtual environment 07

8 Section 3: CA Content-Aware IAM provides superior control Seamlessly secure physical and virtual environments CA Content-Aware IAM solutions helps organizations control identities, control access, and control information use across their entire environment. These solutions provide protection in the physical world and seamlessly extend to protect virtual environments by controlling identities, access, and information usage, and providing compliance reporting. Key benefits of the solutions in a virtual environment include privileged user management of virtual administrators, fine-grained access controls on virtual hosts and guests, enhanced user activity and compliance reporting in virtual environments, sensitive data discovery on virtualized systems, and extension of identity and access management to virtual systems and applications. Control identities CA Identity Manager provides an integrated identity administration solution, serving as the foundation for user provisioning, self-service requests, and other key processes. With the growing number and types of users requiring access to critical applications, the line between privileged and unprivileged users is not always clear. A robust provisioning solution like CA Identity Manager will allow you to keep better control of all your users, documenting who requested and authorized entitlements and privileges and why they did so. By implementing a workflow-based policy for approvals, you can confirm that users get what they need to do their jobs effectively and efficiently, within the boundaries of corporate policies. CA Role & Compliance Manager is designed to remove the fire drill from your security and compliance initiatives by automating identity governance processes and providing continuous identity controls. Given the heightened security risk associated with virtualization, it becomes more critical to validate that user access to these environments is appropriate through periodic certification or attestation. CA Role & Compliance Manager automates these processes while checking security policies, such as segregation of duties, to highlight violations to business managers or resource owners during certification. Proper identity controls minimize the risk of unauthorized users accessing virtualized systems and applications. Strong governance processes and controls give organizations the confidence needed to leverage virtualization. Control access With advanced security management capabilities and enterprise-class site administration, CA SiteMinder provides the centralized security management your organization needs to authenticate users and control access to web applications and portals regardless of whether they are on physical or virtual servers. This robust solution addresses the critical need for automated tools that can centrally manage your web users and their access to web applications, portals, and services. As new virtual applications come online, CA SiteMinder transfers the SSO experience from physical servers to the virtualization environment by bringing them under a single authentication and authorization platform and removes the need to develop new security mechanisms for virtualized applications. 08

9 CA Access Control (AC) provides the critical layer of protection needed to help effectively protect virtualization platforms. AC operates independently both at the application level and at the operating system level. By enforcing and proving proper administrator access, AC helps protect mission-critical information and services running in the virtual data center. AC protects virtualization deployments at multiple levels: the core console of a hypervisor, operating systems implementing OS-based virtualization, privileged partitions managing hypervisor-based virtualization, and the critical resources in VMs running on all of the above. Support of a wide range of operating systems and virtualization platforms (VMWare, Xen, Hyper-V, etc.) makes Access Control ideal for protecting VMs, especially in a heterogeneous environment. Access Control also allows you to protect privileged users across the IT environments beyond the virtualization host itself on databases, network devices, and applications. It also helps simplify user management by consolidating it under a single authoritative source across all operating systems. Control information The CA DLP solution includes a robust and integrated set of products that help organizations manage the risk of uncontrolled information use and prevent data loss as data sprawls onto virtual systems. The CA DLP solution is a scalable, highly accurate, and cost-effective offering that is designed to protect and control data-in-motion on the network and in the messaging system, data-in-use at the endpoint, and data-at-rest on physical or virtual servers and repositories across the enterprise. By leveraging a single set of policies, a unified management platform CA DLP can find and protect sensitive (e.g., social security numbers) and valuable (e.g., intellectual property) information stored and transmitted throughout the organization. Verify control CA Enterprise Log Manager provides user activity and compliance reporting for identity, access, and data usage across physical, virtual, and cloud environments. It verifies security controls and streamlines reporting and investigation of user and resource access activities to help accelerate and simplify compliance and improve efficiencies. When the auditors ask, IT must be able to easily create and provide reports that track any or all entitlements provisioned, including the time, reason, and persons who approved and provisioned them. Likewise, they must also demonstrate when users were deprovisioned following the end of a contract or termination. Deployed as a virtual soft appliance, CA Enterprise Log Manager can be up and running quickly, providing predefined and easy-to-customize reports covering all user activities, including those from hypervisors. It supports commonly used virtualization platforms, including VMware, Citrix, Microsoft, and Cisco, and provides broad coverage across virtual servers, network, storage, and management systems. The results can include rapid time-to-value, better visibility of user activity, and simplified reporting and analysis of virtualization hosts and guests. 09

10 Section 4: Conclusions The rapid growth of virtualization technology shows no sign of abating, as the potential benefits to IT such as streamlining operations and reducing operating costs are real and significant. Yet IT must recognize that the virtualization environment itself creates new security issues, issues that are best addressed with a comprehensive content-aware identity and access management solution. CA Technologies provides a robust set of identity and access management solutions that can improve security and simplify compliance in both physical and virtualized environments. Section 5: References Securing Virtualized Environments & Accelerating Cloud Computing, white paper by Nimrod Vax. Identity and Access Management for the Cloud: CA s Strategy and Vision CA s Solution for Cloud Security Section 6: About the author Chris Wraight has spent 25+ years in the technology world in various positions of product management, marketing, and sales. He is currently working on the Access Control security solution in CA Technologies Security Management business. Chris has a B.S. in Management with Computer Applications from WPI. 1 Gartner Research Report Addressing the Most Common Security Risks in Data Center Virtualization Projects, N. MacDonald, 25 January 2010, #G Copyright 2010 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or noninfringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such damages