Security Considerations for Cloud Deployment Jeff Uehling, IBM i Network & Security Development uehling@us.ibm.com IBM - Rochester, MN
What is Cloud Computing? Is Cloud Computing really a new concept?
What is Cloud Computing? An IT consumption and delivery model Cloud computing is a consumption and delivery model inspired by consumer Internet service and is optimized for IT / Business Services Cloud enables: User self-service Outsourcing options Dynamic scalability Multiple types of clouds will coexist: Private Deployed Inside a customer s firewall Public Provided and managed by a 3 rd party via subscription Hybrid a mix of Public and Private models based on Workload An effective cloud deployment is built on a dynamic Infrastructure and should be part of an overall Data Center transformation plan
Clouds enable a broad spectrum of deployment options 2010 2010 IBM Corporation IBM Corporation
Cloud Differentiators There are Many! Time to Deploy a Server Weeks or Months Seconds to Minutes Commitment to use Service Negotiate & Commit Year-long Contract Select from Catalog & Pay As You Go Necessary Upfront Investment $ $K-$M in Infrastructure $$ per IT hour No or Low Upfront per IT hour
IT Benefits from Cloud Computing are Real Results from IBM cloud computing engagements Increasing speed and flexibility Test provisioning Weeks Minutes Change management Months Days/hours Release management Weeks Minutes Service access Administered Self-service Standardization Complex Reuse/share Metering/billing Fixed cost Variable cost Reducing costs Server/storage utilization 10 20% 70 90% Payback period Years Months Source: Based on IBM and client experience.
Cloud technologies can offer operational expense reductions and improved service at all layers People Services Agents End Users Support Community Crowdsourcing Retail Banking Trade & SC Finance Payments Mobile Banking Front Office Optimization Business Services Customer Care Payments Int. Risk Mgmt. Application Services Platform Services Experience Management. Industry Frameworks & Information Foundation End User Interaces Fulfillment Assurance Billing Service Cloud Business & Operations Support Dynamic Provisioning Mashup Server Service/Software Catalogs Open Foundation (WS Framework, Service Bus) Process & Policy Mgmt. Problem & Change Mgmt. B2B Partnerships Infrastructure Services Distributed Cloud Computing Services Data Mgmt. Virtualization Workload Mgmt SLA & Capacity Provisioning Security Monitoring
Cloud: because the majority of IT cost is in people, Cloud Computing is becoming popular at the higher layers People Services MBPS (ehr, LBPS, etc.) Live Mesh Service Cloud Layers Business Services Application Services Platform Services ISSC/SO BCRS Live ISS Infrastructure Services 2000 2006 2009 Static, dedicated, outsourced Network-delivered, off-premises Shared, automated, dynamic
What Cloud Services are available today? Hundreds Thousands growing by the day!
Market Examples Cloud Delivery Examples IBM Examples Collaboration CRM/ERP/HR Business Processes Industry Applications Software-as-a-Service Middleware Web 2.0 Application Runtime Java Runtime Database Development Tooling Platform-as-a-Service Developer Cloud Data Center Servers Networking Storage Fabric Shared virtualized, dynamic provisioning Infrastructure-as-a-Service Computing on Demand
Top public workloads Audio/video/Web conferencing Service help desk Infrastructure for training and demonstration WAN capacity and VoIP infrastructure Desktop Test environment infrastructure Storage Data center network capacity Server Infrastructure and collaboration workloads emerge as most appropriate for a Public offering Top private workloads Data mining, text mining, or other analytics Data warehouses or data marts Business continuity and disaster recovery Test environment infrastructure Long-term data archiving/preservation Transactional databases Industry-specific applications ERP applications Database, application and infrastructure workloads emerge as most appropriate for a Private offering
Cloud Usage Models 1. End User to Cloud - Application running on the cloud with access for end-users 2. Enterprise to Cloud to End-user (Interoperability) - Applications running in the public cloud access from employees and customers 3. Enterprise to Cloud (Integration) - Cloud application integrated with internal IT capabilities 4. Enterprise to Cloud to Enterprise (Interoperability) - Cloud application running in the public cloud and interoperates with partner applications (supply chain) 5. Enterprise to Cloud (Portability) - Cloud application running in the cloud flexibility to move to a different cloud provider in the future or in-house 6. Private (intra) Clouds - Interoperability / integration within elements of a private cloud and between a private cloud and a traditional environment
Model 1: End User to Cloud What is it? Application running in the cloud with access for end-users Scenarios : Get new Web app provisioned worldwide quickly (e.g., the next facebook, linkedin, gmail, etc ) Don t need IT infrastructure, flexible acquisition Public Cloud Application
Model 2: Enterprise to Cloud to End-user What is it: Deploy cloud based application specifically for the cloud access for employees and for customers Scenarios: Online sales through catalog, needs to link back into enterprise systems for fulfillment web app and shopping cart in cloud, fulfillment inside existing enterprise systems Two sub-models End User is employee in the Enterprise (e.g., Travel Expense Account application) End User is Web customer outside the Enterprise (e.g., online sales) Public Cloud Application External Internal Enterprise IT (Traditional, Private Cloud or Hybrid)
Model 3: Enterprise to Cloud (Integration) What is it? Cloud application integrated with internal IT capabilities Scenarios : Typical approach of integrate with existing on premises and offpremises capabilities or other cloud application (customer list, access control, data) Integrate with existing on premise capabilities Public Cloud B Application / Data External Internal Enterprise IT (Traditional, Private Cloud or Hybrid)
Model 4: Enterprise to Cloud to Enterprise What is it? Cloud application running in the public cloud interoperate with partner applications (supply chain) Scenarios : Brokers, common function providers (e.g., supply chain, broadcast recall to multiple customers, broadcast RFP to suppliers, classic B2B) Large manufacturer A Public Cloud Application External Internal Large manufacturer B
Model 5: Enterprise to Cloud (Portability) What is it? Cloud application and/or data running in the cloud flexibility to move to a different cloud provider in the future or in-house Scenarios: Flexibility and choice to change application platform suppliers Write once, run anywhere Public Cloud A Application / Data Move to another cloud Public Cloud B Application / Data External Move inhouse Internal Application / Data Enterprise IT (Traditional, Private Cloud or Hybrid)
IBM Power Systems Model 6: Private (intranet) Cloud What is it? A private cloud-based service, offers many of the benefits of a public cloud computing environment. The difference is that data and processes are managed within the organization. Scenarios: The enterprise would leverage a private cloud to provide Self-service capabilities, real-time infrastructure. Interoperability / integration within elements of a private cloud and between a private cloud and a traditional environment On-Premise or Off Premise Private Cloud OS Images (Virtual / Physical) External Internal Database Schema /Instances Storage (SAN/NAS)
If this is so logical Why isn t everyone doing it?
So what type of business and security challenges does cloud computing introduce? Today s Data Center Tomorrow s Public Cloud We Have Control It s located at X. It s stored in server s Y, Z. We have backups in place. Our admins control access. Our uptime is sufficient. The auditors are happy. Our security team is engaged. Who Has Control? Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage?
Security is a top concern with cloud computing The Tale of two studies shows that Security is the number one inhibitor to customers adopting cloud technologies. What, if anything, do you perceive as actual or potential barriers to acquiring public cloud services? Security/privacy of company data 69% Service quality Doubts about true cost savings Performance / Insufficient responsiveness over network Difficulty integrating with in-house IT 54% 53% 52% 47% Source: IBM Market Insights, Cloud Computing Research Source: Oliver Wyman Interviews
Gartner s security risks of cloud computing Privileged User Access Data Segregation Data Recovery Investigative Support Regulatory Compliance Data Location Disaster Recovery Gartner: Assessing the Security Risks of Cloud Computing, June 2008
Risks introduced by cloud computing Restrictions imposed by industry regulations over the use of clouds for some application Challenges with an increase in potential unauthorized exposure when migrating workloads to a shared network and compute infrastructure Data Security Over where the information is located and stored, who has access and backups, how is it monitored & managed including resiliency Less Control Control needed to manage firewall and security settings for applications and runtime environments in the cloud Security Management Concerns with high availability and loss of service should outages occur Compliance Reliability
Top 10 factors for a secure Cloud Infrastructure Data Protection Access and Identity Application Provisioning & Deprovisioning Application & Environment Testing Service Level Agreement Vulnerability Management Business Resiliency Audit & Governance Cross Border Protection Intellectual Property & Export Laws
What are the Risks Policy and Organizational Risk - Things that may directly degrade the ability of the consumer organization to conduct business in efficient manner Legal Risk - Things that may put the consumer organization in breach of the law or that may prevent compliance with specific legal mandates Technical Risk - Things that may disrupt normal operations of the consumer organization or cause loss of value over intangible assets (data, reputation, etc.) Transitional Risk - Things that may temporarily put the consumer organization s traditional infrastructure and operations under increased risk
Policy and Organizational Risk 5 INTRINSIC RISKs 1. Resource sharing and pooling - Data (intangible assets) can not be tied to physical assets (tangible HW resources), assets must be referenced by their content not their supporting media or storage location 2. Network accesses - Porous perimeter, authorization & authentication become more important issues 3. Service elasticity and scalability - Grow-on-demand and pay-as-you-go can backfire. Seemingly infinite capacity may not be so under attack. 4. On-demand self-service - Hijacking of the consumer s control plane (user interface. 5. Measured service - Economic denial of service, depletion of service quota
Legal Risks E-discovery and Subpoena - Where is the evidence that I need to hand out? Intangible assets cannot be mapped to physical assets or geographical locations. Service provider may not be cooperative. Resources are pooled and shared so they can t be taken without affecting co-tenants and/or service provider operations. Change of jurisdiction - Which privacy (Data protection ) and security laws are applicable when intangible assets and processes are outsourced to service providers with distributed data centers across several continents? Do national laws local to the service provider s data center supersede those local to consumer s organization? Data protection - It can be difficult for the cloud customer (in its role of data controller) to effectively check the data processing that the cloud provider carries out, and thus be sure that the data is handled in a lawful way. Conflicting data encryption standard requirements, lack of notification of data breaches by the service provider, storage of data collected unlawfully by co-tenants.
Technical Risks Isolation failure - Break out of the VM, storage compartment, virtual network, VPN, etc. Compromise of the management interface - Hijack of the consumer organization s cloud computing infrastructure, loss of control plane (user interface). Data leakage Data Leakage to co-tenants (Intra-cloud ) or from the cloud Insecure data lifecycle management - Insecure or ineffective deletion of data, loss of consistency, data duplication Economic denial of service - Depletion of quota vs. runaway service costs vs loss of efficiency Coarse access control - Insufficient granularity to implement authentication, authorization or auditing controls Conflicting Provider- Consumer security standards - Provider can t meet the consumer organization s security requirements
Transitional Risks Disruption of endpoint security - Cloud applications that require installation of client-side components or use of specific desktop applications may weaken the consumer s security posture Credential Leakage - Improper lifecycle management of credentials needed to access cloud applications. Shared access for testing purposes, open access to cloud user interface Punctured perimeter - Punching temporary holes in network filtering rules. Network IDS with lost visibility, tunneling. Transitive trust - Internal/ legacy applications suddenly made to transitively trust the cloud. Reuse of credentials, hard-coded passwords, certificates, etc.
Security complexities raised by virtualization New complexities: Dynamic relocation of VMs Increased infrastructure layers to manage and protect Multiple operating systems and applications per server Elimination of physical boundaries between systems Manually tracking software and configurations of VMs Risk depends on cloud type Public cloud riskiest (mixed tenants) Private cloud least risky (BAU) but places higher demands on the company Hybrid (private + public) provides a balanced solution sensitive data stays private public cloud used for non-sensitive data. Can be always or just for demand spikes 1:1 ratio of OSs and applications per server 1:Many ratio of OSs and applications per server Additional layer to manage and secure
Different cloud workloads have different risk profiles One-size does not fit-all High Mission-critical workloads, personal information Tomorrow s high value / high risk workloads need: Need for Security Assurance Analysis & simulation with public data Quality of protection adapted to risk Direct visibility and control Significant level of assurance Today s clouds are primarily here: Low Training, testing with non-sensitive data Low-risk Mid-risk High-risk Business Risk Lower risk workloads One-size-fits-all approach to data protection No significant assurance Price is key
IBM Cloud Offerings
IBM s Cloud Portfolio Consulting Services in support of Cloud Computing Infrastructure Strategy & Planning Strategy & Change Services for Cloud Adoption Strategy & Change Services for Cloud Providers Testing Services for Cloud Networking Strategy & Optimization Smart Business Offerings: comprehensive cloud solutions for infrastructure workloads Development and Test Desktop Infrastructure Storage Analytics Collaboration Workloads available on multiple delivery models... with embedded service management Infrastructure services & technologies enabling cloud computing Services Security Resiliency optimization (BCRS) Data Center Tivoli Live Monitoring Maintenance Technologies Tivoli Service Automation Manager WebSphere Hypervisor Edition
IBM Cloud Services Portfolio Analytics Collaboration Development and test Desktop and devices Infrastructure compute Infrastructure storage Business services Smart business on the IBM cloud Standardized services on the IBM cloud IBM Lotus Live IBM Lotus inotes Smart Business Development and Test on the IBM Cloud (beta) IBM Smart Business Desktop Cloud Smart Business End User Support IBM Computing on Demand IBM Information Protection Services BPM BlueWorks (design tools) Smart business expense reporting on the IBM cloud IBM Smart Business Services Private cloud services, behind your firewall, built and/or managed by IBM IBM Smart Analytics Cloud IBM Smart Business Test Cloud IBM Smart Business Desktop Cloud IBM Smart Business Storage Cloud IBM Smart Business Systems Preintegrated, workloadoptimized systems IBM Smart Analytics System IBM CloudBurst family IBM Information Archive Smart Business for Small or Midsize Business (backed by the IBM Cloud) Global Technology Services
Cloud Solutions for Power Systems Tivoli Service Automation Manager (TSAM) Tivoli Provisioning Manager (TPM) IBM Systems Director and VMControl Cloud services definition and provisioning Software full lifecycle management Policy creation and enforcement Power System Pools simplicity Policy-based workload resilience Best-practices image management Automated SAN provisioning Tivoli Storage Productivity Center (TPC) SAN Volume Controller (SVC) Simplified SAN management Integration with VMControl for automated disk provisioning Best-of-breed Power Systems Virtualization Sharing and dynamic allocation of resources across environments Multi-OS support: AIX, i, Linux IBM DS5000, DS8000, XIV; EMC; HDS Heterogeneous storage management Decoupling of physical and virtual storage Pooling for increased virtualization
IBM i as a Cloud Server
Current IBM i strengths Strengths - stands out in multi-tenant Good Isolation Object-based architecture IBM i enforced Security and encryption Database schema and IASP isolation System Director WebSphere separate enterprise applications role-based security Memory Pools Subsystems Processor Pools Group Profiles Active Memory Sharing In short, a multi-user, multi-app OS from day 1
IBM i Hosting Environment One server stack for each tenant One OS stack for each tenant One AP Stack for each tenant One application Stack per tenant Single app. servicing multi tenants Tenant Tenant Tenant Tenant Tenant Tenant Tenant Tenant Tenant Tenant Enabling Technology App App App App App App App App Application Apache web servers WebSphere Application Servers IBM i subsystems AP AP AP AP AP AP AP AP DB2 for i Independent Storage Pools Schema isolation DP DP DP DP Data Platform Data Platform Data Platform Subsystems, Memory Pools Threads, Users/Groups Validation lists OS OS OS OS Operating System Operating System Operating System PowerVM PowerHA Systems Director Infrastr. Infrastr. Infrastructure Infrastructure Infrastructure Infrastructure Data center floor Data center floor Data center floor Data center floor Data center floor Legend: Dedicated Shared I Physical-level or isolated multitenancy II Shared Hardware multi-tenancy III Operating System-level multi-tenancy IV Platform-level multi-tenancy V Application-level multi-tenancy IBM i performs well here IBM i performs very well here
IBM i Vision toward Cloud Enablement Physical systems Internal storage Static resource partitions Manual setup Physical media install Licensing per core Backups Past Virtual resources External storage w/ VIOS and SAN Dynamic resources for partitions Network install and backups Scripted partition creation Licensing per core HA Present Partition mobility Partition hibernation Image (partition) provisioning/cloning Virtualized everything Workflow automation More granular licensing Flash copy checkpoints and snapshots HA Potential Future enhancements
IBM CloudBurst
What is IBM CloudBurst? A complete, pre-packaged cloud environment. Includes both hardware and software CloudBurst on Power is slated for 4Q 2010 delivery (v2.1) Market splash: The IBM CloudBurst solution on Power is planned to provide everything you need for a private cloud environment including Tivoli service management software, storage, network and the most efficient platform for cloud computing with Power Systems, enabling customers to rapidly realize the benefits of cloud computing
IBM Cloudburst an Integrated Cloud solution Usage and Accounting Provide metering and accounting for cloud services Enable integration to billing systems if needed IBM Cloudburst Built for Purpose Cloud Solution Monitoring Monitor both physical and virtual server environments High Availability Make management system DB highly available Virtualized HW Management Enhanced management of the virtual environment Energy Management Energy management of the hardware infrastructure Tivoli Service Automation Manager (TSAM) Orchestration of Cloud operations Integration point for service mgmt capabilities Service catalog and templates Automated provisioning of virtual systems Server, Storage, Network HW Preinstalled and configured on IBM hardware
IBM CloudBurst Roadmap 2010 Optimized for Development & Test Workloads 2009 Optimized for Production Workloads IBM CloudBurst 1.2 Delivered! New! IBM CloudBurst Future New Enhancements Energy metrics integrated with IT service management system Accounting, usage and metering High availability configuration Enhanced security options Integrated with WebSphere CloudBurst Key Enhancements Expand HW Platform to Power Systems, idataplex, and System Z Cloud Analytics and Dashboard capabilities Cloud capacity Planning Enhanced security & resiliency options Compliance reporting options Integration with public cloud offerings IBM CloudBurst 1.1 IBM WebSphere CloudBurst Appliance Capabilities System X BladeCenter HW; scalable and modular GTS CloudBurst QuickStart Services Request, Deploy and Manage VMWare virtual environments Energy Utilization metrics Backup and Recovery
Thank you! For more information, please visit: ibm.com/cloud Or, contact me: Jeff Uehling uehling@us.ibm.com