Data Security In The Cloud LOGO Presented by: Gary Dischner TxMQ Enterprise Architect
What Is The Cloud? NIST 800-145 Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service-provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.
Essential Characteristics On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations). Resource pooling. The provider s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence because the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g. country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth. Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time. Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g. storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported to provide transparency for both the provider and consumer of the utilized service.
CSA s Definition Cloud computing is a model for enabling on-demand access to a shared pool of computer resources such as server, application & service. In other words, cloud computing is a model for delivering IT services. Instead of a direct connection to the server, the resources are retrieved from the Internet though web-based tools and applications. These services are broadly divided into three categories / delivery models: Infrastructure-as-a-Service (IaaS) Platform-as-a-Service (PaaS) (GoogleApps are examples of PaaS) Software-as-a-Service (SaaS) Data and software packages are stored in servers. The cloud computing structure allows access to information as long as an electronic device has access to the web. This allows employees to work remotely
Software as a Service (SaaS) is a cloud delivery model that has actually existed for a long time. An SaaS is an implementation of a business application or process that is developed on a cloud platform and hosted in a cloud infrastructure. SaaS providers deliver domain-specific applications or services over the Internet and charge end users on a pay-per-usage basis. A Platform as a Service (PaaS) cloud lies directly upon an IaaS layer with a solution stack summarising everything required for the entire softwareengineering lifecycle (design, development, debugging, testing, and deployment). The potential consumers of a PaaS cloud service are therefore software developers and testers. Most PaaS vendors lock developers into particular development platforms and debugging tools, and do not allow direct communication with lower computing infrastructures, although certain programming APIs might be provided with limited functionalities of infrastructure control and management.
Deployment Models
Deployment Models A cloud system (IaaS, PaaS, or SaaS) can be deployed using the following three main models. A public cloud sells services to anyone on the Internet. (Amazon Web Services is currently the largest public cloud provider.) A private cloud is a proprietary network or a datacenter that supplies hosted services to a limited number of people. When a service provider uses public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT services. A hybrid cloud is needed when private clouds run out of capacity. It is a composition of two or more clouds that remain unique entities but are bound together.
Infrastructure as a Service (IaaS) According to the different types of resources offered, IaaS cloud can be further divided into three sub-categories: Computing as a Service (CaaS) offers customers access to raw computing power on virtual servers or virtual-machine instances. CaaS provides self-service interfaces for on-demand provisioning and management (i.e. start, stop, reboot, destroy) of virtualmachine instances. A CaaS provider may also provide self-management interfaces for auto-scaling and other automatable management facilities. Storage as a Service offers online storage services allowing ondemand storing and access to data on third-party storage spaces. Database as a service (DaaS) includes standardized processes for accessing and manipulating (writing, updating, deleting) data through database management systems (DBMS) that are hosted in the cloud.
CIA Aspects of Security Confidentiality: Prevent unauthorized disclosure of sensitive information Integrity: Prevent unauthorized modification of systems and information Availability: Prevent disruption of service and productivity
Cloud Service Models And Their Security Demands Cloud computing will not be accepted by common users unless the trust and dependability issues are resolved satisfactorily [1].
Security Issues In The Cloud Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege
Why Cloud Computing Brings New Threats? Traditional system security mostly means keeping bad guys out. The attacker needs to either compromise the auth/access control system, or impersonate existing users.
Why Cloud Computing Brings New Threats? Cloud Security problems are coming from: Loss of control Lack of trust (mechanisms) Multi-tenancy These problems exist mainly in third-partymanagement models Self-managed clouds still have security issues, but not related to above
Why Cloud Computing Brings New Threats? Data, applications, and resources are located with provider User identity management is handled by the cloud User access control rules, security policies and enforcement are managed by the cloud provider Consumer relies on provider to ensure Data security and privacy Resource availability Monitoring and repairing of services/resources
Why Cloud Computing Brings New Threats? Multi-tenancy : Multiple independent users share the same physical infrastructure So, an attacker can legitimately be in the same physical machine as the target
Challenges For The Attacker How to find out where the target is located How to be co-located with the target in the same (physical) machine How to gather information about the target
Insider? Who is the attacker? Malicious employees at client Malicious employees at Cloud provider Cloud provider itself Outsider? Intruders Network attackers?
Streamlined Security Analysis Process Identify Assets Which assets are we trying to protect? What properties of these assets must be maintained? Identify Threats What attacks can be mounted? What other threats are there (natural disasters, etc.)? Identify Countermeasures How can we counter those attacks? Appropriate for Organization-Independent Analysis We have no organizational context or policies
Identify Assets & Principles Customer Data Confidentiality, integrity, and availability Customer Applications Confidentiality, integrity, and availability Client Computing Devices Confidentiality, integrity, and availability
Identifying Threats Failures in Provider Security Attacks by Other Customers Availability and Reliability Issues Legal and Regulatory Issues Perimeter Security Model Broken Integrating Provider and Customer Security Systems
Attacks By Other Customers Threats Provider resources shared with untrusted parties CPU, storage, network Customer data and applications must be separated Failures will violate CIA principles Countermeasures Hypervisors for compute separation MPLS, VPNs, VLANs, firewalls for network separation Cryptography (strong) Application-layer separation (less strong)
Perimeter Security Model
Perimeter Security with Cloud Computing?
Concerns On A Broad Level, Two Major Questions : 1. How secure is the data? 2. How secure is the code? Information security can be viewed as including three functions: Access control, secure communications, and protection of data.
The servers in cloud computing can be virtual servers because the user does not know which server will provide the services that he requires. Virtual servers offer different challenges.
Static or Dynamic Cloud i. Static data: Is data that cannot be altered or edited and any amendment thereto will become the new data and this data can be read and rewritten but without modification. Example: Datacenters. ii. Dynamic data: Is the data obtained by the modification or that change continuously which are used in transfer between users on cloud computing. Example: E-mail.
Data Issue: Confidentiality Transit between cloud and intranet Example: Use HTTPS Possible for simple storage Example: Data in Amazon S3 encrypted with AES-256 Difficult for data processed by cloud Overhead of searching, indexing etc. icloud does not encrypt data on mail server* If encrypted, data decrypted before processing Is it possible to perform computations on encrypted data?^
Security Issues From Virtualization Virtualization providers offer Use of ParaVirtualization or full-system virtualization. Instance Isolation: Ensuring that different instances running on the same physical machine are isolated from each other. Control of Administrator on Host O/S and Guest O/S. Current VMs do not offer perfect isolation: Many bugs have been found in all popular VMMs that allow escape. Virtual machine monitor should be root secure meaning that no level of privilege within the virtualized guest environment permits interference with the host system.
Security Best Practices For Virtual Machines Plan for a network firewall or an additional VM-based IPS protection if needed VMware virtual machines communicate with each via a network switch, just as with any physical server, so there is no reason for increased rate of infection Keep signatures, filters and rules updated for offline VMs VMware is actively working about patching offline images Protect invisible internal network traffic Place a "network-based IPS" inside of the server (a hostbased network IPS that monitors internal virtual network traffic) to inspect this traffic
Algorithms Proprietary vs. standards Key size Encryption Management Key management Ideally by customer Does CSP have decryption keys? E.g. Apple uses master key to decrypt icloud data to screen objectionable content*
Data Issue: Comingled Data Cloud uses multi-tenancy Data comingled with other users data Application vulnerabilities may allow unauthorized access E.g. Google docs unauthorized sharing, Mar 2009 identified and fixed a bug which may have caused you to share some of your documents without your knowledge.
Privacy Challenges Protect PII Ensure conformance to FIPs principles Compliance with laws and regulations GLBA, HIPAA, PCI-DSS, Patriot Act etc. Multi-jurisdictional requirements EU Directive, EU-US Safe Harbor
Key FIPs Requirements Use limitation It is easier to combine data from multiple sources in the cloud. How do we ensure data is used for originally specified purposes? Retention Is CSP retention period consistent with company needs? Does CSP have proper backup and archival? Deletion Does CSP delete data securely and from all storage sources? Security Does CSP provide reasonable security for data, e.g., encryption of PII, access control and integrity? Accountability Company can transfer liability to CSP, but not accountability. How does company identify privacy breaches and notify its users? Access Can company provide access to data on the cloud?
Information Privacy, Security Threat Disconnected provider and customer security systems Fired employee retains access to cloud Misbehavior in cloud not reported to customer Countermeasures At least, integrate identity management Consistent access controls Better, integrate monitoring and notifications Notes Can use SAML, LDAP, RADIUS, XACML, IF-MAP, etc.
NIST provides a risk assessment strategy What, When, How to Move to the Cloud Identify the asset(s) for cloud deployment Data Applications/functions/process Evaluate the asset Determine how important the data or function is to the organization
Evaluate the Asset How would we be harmed if: The asset became widely public & widely distributed? An employee of our cloud provider accessed the asset? The process of function were manipulated by an outsider? The process or function failed to provide expected results? The info/data was unexpectedly changed? The asset were unavailable for a period of time?
Map Asset to Models 4 Cloud Models Public Private (internal, external) Community Hybrid Which cloud model addresses your security concerns?
Compliance & Audit Hard to maintain with your sec/reg requirements, harder to demonstrate to auditors Right to Audit clause Analyze compliance scope Regulatory impact on data security Evidence requirements are met Does Provider have SAS 70 Type II, SSAE 16
Introduction to Cloud Computing, Prof. Yeh-Ching Chung, http://cs5421.sslab.cs.nthu.edu.tw/home/materials/lecture2- IntroductiontoCloudComputing.pdf?attredirects=0&d=1 NIST (National Institute of Standards and Technology). http://csrc.nist.gov/groups/sns/cloud-computing/ M. Armbrust et. al., Above the Clouds: A Berkeley View of Cloud Computing, Technical Report No. UCB/EECS-2009-28, University of California at Berkeley, 2009. R. Buyya et. al., Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Computer Systems, 2009. Cloud Computing Use Cases. http://groups.google.com/group/cloudcomputing-use-cases Cloud Computing Explained. http://www.andyharjanto.com/2009/11/wanted-cloud-computing-explained-in.html All resources of the materials and pictures were partially retrieved from the Internet. All material from Security Guidance for Critical Areas of Focus in Cloud Computing v2.1, http://www.cloudsecurityalliance.org Various cloud working groups Open Cloud Computing Interface Working Group, Amazon EC2 API, Sun Open Cloud API, Rackspace API, GoGrid API, DMTF Open Virtualization Format (OVF) Cloud Computing Security Issues, Randy Marchany, VA Tech IT Security, marchany@vt.edu Research in Cloud Security and Privacy, www.cs.purdue.edu/homes/bb/cloud/cloud-complete.ppt Introduction to Security and Privacy in Cloud Computing, Introduction to Security and Privacy in Cloud Computing. Spring 2010 course at the Johns Hopkins University. By Ragib Hassan
Contact Us For more information please call TxMQ VP Miles Roty, 716-636-0070 (228), or email miles@txmq.com. Visit us at TxMQ.com.