Data Security In The Cloud

Data Security In The Cloud

Presented by:

Gary Dischner

TxMQ Enterprise Architect

What Is The Cloud?

NIST – 800-145

Cloud computing is a model for enabling ubiquitous,

convenient, on-demand network access to a shared

pool of configurable computing resources (e.g.

networks, servers, storage, applications, and services)

that can be rapidly provisioned and released with

minimal management effort or service-provider

interaction. This cloud model is composed of five

essential characteristics, three service models, and four

deployment models.

Essential Characteristics

•

On-demand self-service. A consumer can unilaterally provision computing capabilities, such as

server time and network storage, as needed automatically without requiring human interaction

with each service provider.

•

Broad network access. Capabilities are available over the network and accessed through standard

mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones,

tablets, laptops, and workstations).

•

Resource pooling. The provider’s computing resources are pooled to serve multiple consumers

using a multi-tenant model, with different physical and virtual resources dynamically assigned and

reassigned according to consumer demand. There is a sense of location independence because the

customer generally has no control or knowledge over the exact location of the provided resources

but may be able to specify location at a higher level of abstraction (e.g. country, state, or

datacenter). Examples of resources include storage, processing, memory, and network bandwidth.

•

Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases

automatically, to scale rapidly outward and inward commensurate with demand. To the consumer,

the capabilities available for provisioning often appear to be unlimited and can be appropriated in

any quantity at any time.

•

Measured service. Cloud systems automatically control and optimize resource use by leveraging a

metering capability at some level of abstraction appropriate to the type of service (e.g. storage,

processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled,

and reported to provide transparency for both the provider and consumer of the utilized service.

CSA’s Definition

•

Cloud computing is a model for enabling on-demand access to a shared

pool of computer resources such as server, application & service.

•

In other words, cloud computing is a model for delivering IT services.

Instead of a direct connection to the server, the resources are retrieved

from the Internet though web-based tools and applications.

•

These services are broadly divided into three categories / delivery models:

–

Infrastructure-as-a-Service (IaaS)

–

Platform-as-a-Service (PaaS) (GoogleApps are examples of PaaS)

–

Software-as-a-Service (SaaS)

Data and software packages are stored in servers. The cloud computing

structure allows access to information as long as an electronic device has

access to the web. This allows employees to work remotely

Software as a Service (SaaS) is a cloud delivery model that has actually existed

for a long time.

•

An SaaS is an implementation of a business application or process that is

developed on a cloud platform and hosted in a cloud infrastructure.

•

SaaS providers deliver domain-specific applications or services over the

Internet and charge end users on a pay-per-usage basis.

A Platform as a Service (PaaS) cloud lies directly upon an IaaS layer with a

solution stack summarising everything required for the entire

software-engineering lifecycle (design, development, debugging, testing, and deployment).

•

The potential consumers of a PaaS cloud service are therefore software

developers and testers.

•

Most PaaS vendors lock developers into particular development platforms and

debugging tools, and do not allow direct communication with lower

computing infrastructures, although certain programming APIs might be

provided with limited functionalities of infrastructure control and

Deployment Models

A cloud system (IaaS, PaaS, or SaaS) can be deployed using the

following three main models.

•

A

public cloud

sells services to anyone on the Internet. (Amazon

Web Services is currently the largest public cloud provider.)

•

A

private cloud

is a proprietary network or a datacenter that

supplies hosted services to a limited number of people.

•

When a service provider uses public cloud resources to create their

private cloud, the result is called a virtual private cloud. Private or

public, the goal of cloud computing is to provide easy, scalable

access to computing resources and IT services.

•

A

hybrid cloud

is needed when private clouds run out of capacity. It

is a composition of two or more clouds that remain unique entities

but are bound together.

Infrastructure as a Service (IaaS)

•

According to the different types of resources offered, IaaS cloud can

be further divided into three sub-categories:

•

Computing as a Service (CaaS)

offers customers access to raw

computing power on virtual servers or virtual-machine instances.

CaaS provides self-service interfaces for on-demand provisioning

and management (i.e. start, stop, reboot, destroy) of

virtual-machine instances.

•

A CaaS provider may also provide self-management interfaces for

auto-scaling and other automatable management facilities.

•

Storage as a Service

offers online storage services allowing

on-demand storing and access to data on third-party storage spaces.

•

Database as a service (DaaS)

includes standardized processes for

accessing and manipulating (writing, updating, deleting) data

through database management systems (DBMS) that are hosted in

the cloud.

CIA Aspects of Security

Confidentiality: Prevent unauthorized disclosure of sensitive information

Integrity: Prevent unauthorized modification of systems and information

Availability: Prevent disruption of service and productivity

Cloud computing will not be accepted by common users unless the trust and

dependability issues are resolved satisfactorily [1].

Security Issues In The Cloud

•

S

poofing identity

•

T

ampering with data

•

R

epudiation

•

I

nformation disclosure

•

D

enial of service

Why Cloud Computing Brings New Threats?

Traditional system security mostly means

keeping bad guys out. The attacker needs to

either compromise the auth/access control

system, or impersonate existing users.

Why Cloud Computing Brings New Threats?

•

Cloud Security problems are coming from:

–

Loss of control

–

Lack of trust (mechanisms)

–

Multi-tenancy

•

These problems exist mainly in

third-party-management models

•

Self-managed clouds still have security issues,

but not related to above

Why Cloud Computing Brings New Threats?

–

Data, applications, and resources are located with

provider

–

User identity management is handled by the cloud

–

User access control rules, security policies and

enforcement are managed by the cloud provider

–

Consumer relies on provider to ensure

•

Data security and privacy

•

Resource availability

Multi-tenancy :

•

Multiple independent

users share the same

physical infrastructure

•

So, an attacker can

legitimately be in the

same physical machine

as the target

Challenges For The Attacker

•

How to find out where the target is located

•

How to be co-located with the target in the

same (physical) machine

Who is the attacker?

Insider?

–

Malicious employees at client

–

Malicious employees at Cloud provider

–

Cloud provider itself

Outsider?

–

Intruders

Streamlined Security Analysis Process

•

Identify Assets

–

Which assets are we trying to protect?

–

What properties of these assets must be maintained?

•

Identify Threats

–

What attacks can be mounted?

–

What other threats are there (natural disasters, etc.)?

•

Identify Countermeasures

–

How can we counter those attacks?

•

Appropriate for Organization-Independent Analysis

Identify Assets & Principles

•

Customer Data

–

Confidentiality, integrity, and availability

•

Customer Applications

–

Confidentiality, integrity, and availability

•

Client Computing Devices

Identifying Threats

•

Failures in Provider Security

–

Attacks by Other Customers

–

Availability and Reliability Issues

–

Legal and Regulatory Issues

–

Perimeter Security Model Broken

–

Integrating Provider and Customer Security

Attacks By Other Customers

•

Threats

–

Provider resources shared with untrusted parties

–

CPU, storage, network

–

Customer data and applications must be separated

–

Failures will violate CIA principles

•

Countermeasures

–

Hypervisors for compute separation

–

MPLS, VPNs, VLANs, firewalls for network separation

–

Cryptography (strong)

Concerns

On A Broad Level, Two Major Questions :

1. How secure is the data?

2. How secure is the code?

Information security can be viewed as including three

functions: Access control, secure communications, and

protection of data.

The servers in cloud computing can be virtual servers because the user does not know

which server will provide the services that he requires. Virtual servers offer different

challenges.

Static or Dynamic Cloud

i. Static data: Is data that cannot be altered or

edited and any amendment thereto will become

the new data and this data can be read and

re-written but without modification. Example:

Datacenters.

ii. Dynamic data: Is the data obtained by the

modification or that change continuously which

are used in transfer between users on cloud

Data Issue: Confidentiality

•

Transit between cloud and intranet

–

Example: Use HTTPS

•

Possible for simple storage

–

Example: Data in Amazon S3 encrypted with AES-256

•

Difficult for data processed by cloud

–

Overhead of searching, indexing etc.

•

iCloud does not encrypt data on mail server*

–

If encrypted, data decrypted before processing

Security Issues From Virtualization

•

Virtualization providers offer

–

Use of ParaVirtualization or full-system virtualization.

•

Instance Isolation: Ensuring that different instances running on the

same physical machine are isolated from each other.

–

Control of Administrator on Host O/S and Guest O/S.

–

Current VMs do not offer perfect isolation: Many bugs have been

found in all popular VMMs that allow escape.

•

Virtual machine monitor should be “root secure” – meaning that no

level of privilege within the virtualized guest environment permits

interference with the host system.

Security Best Practices For Virtual Machines

•

Plan for a network firewall or an additional VM-based

IPS protection if needed

–

VMware virtual machines communicate with each via a

network switch, just as with any physical server, so there is

no reason for increased rate of infection

•

Keep signatures, filters and rules updated for offline

VMs

–

VMware is actively working about patching offline images

•

Protect invisible internal network traffic

–

Place a "network-based IPS" inside of the server (a

host-based network IPS that monitors internal virtual network

traffic) to inspect this traffic

•

Algorithms

–

Proprietary vs. standards

•

Key size

•

Key management

–

Ideally by customer

–

Does CSP have decryption keys?

–

E.g. Apple uses master key to decrypt iCloud data

to screen “objectionable” content*

Data Issue: Comingled Data

•

Cloud uses multi-tenancy

–

Data comingled with other users’ data

•

Application vulnerabilities may allow

unauthorized access

–

E.g. Google docs unauthorized sharing, Mar 2009

–

“identified and fixed a bug which may have caused

you to share some of your documents without

your knowledge.”

Privacy Challenges

•

Protect PII

•

Ensure conformance to FIPs principles

•

Compliance with laws and regulations

–

GLBA, HIPAA, PCI-DSS, Patriot Act etc.

•

Multi-jurisdictional requirements

Key FIPs Requirements

Use limitation

–

It is easier to combine data from multiple sources in the cloud. How do

we ensure data is used for originally specified purposes?

Retention

–

Is CSP retention period consistent with company needs? Does CSP

have proper backup and archival?

Deletion

–

Does CSP delete data securely and from all storage sources?

Security

–

Does CSP provide reasonable security for data, e.g., encryption of PII,

access control and integrity?

Accountability

–

Company can transfer liability to CSP, but not accountability. How

does company identify privacy breaches and notify its users?

Access

Information Privacy, Security

•

Threat

–

Disconnected provider and customer security systems

–

Fired employee retains access to cloud

–

Misbehavior in cloud not reported to customer

•

Countermeasures

–

At least, integrate identity management

–

Consistent access controls

–

Better, integrate monitoring and notifications

•

Notes

NIST provides a risk assessment strategy

What, When, How to Move to the Cloud

•

Identify the asset(s) for cloud deployment

–

Data

–

Applications/functions/process

•

Evaluate the asset

–

Determine how important the data or function is

Evaluate the Asset

How would we be harmed if:

–

The asset became widely public & widely distributed?

–

An employee of our cloud provider accessed the asset?

–

The process of function were manipulated by an outsider?

–

The process or function failed to provide expected results?

–

The info/data was unexpectedly changed?

–

The asset were unavailable for a period of time?

Map Asset to Models

•

4 Cloud Models

–

Public

–

Private (internal, external)

–

Community

–

Hybrid

Which cloud model addresses your security

concerns?

Compliance & Audit

–

Hard to maintain with your sec/reg requirements,

harder to demonstrate to auditors

–

Right to Audit clause

–

Analyze compliance scope

–

Regulatory impact on data security

–

Evidence requirements are met

Does Provider have SAS 70 Type II, SSAE 16

Introduction to Cloud Computing , Prof. Yeh-Ching Chung, http://cs5421.sslab.cs.nthu.edu.tw/home/Materials/Lecture2-IntroductiontoCloudComputing.pdf?attredirects=0&d=1

NIST (National Institute of Standards and Technology). http://csrc.nist.gov/groups/SNS/cloud-computing/

M. Armbrust et. al., “Above the Clouds: A Berkeley View of Cloud Computing,” Technical Report No. UCB/EECS-2009-28, University of California at Berkeley, 2009.

R. Buyya et. al., “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Future Generation Computer Systems, 2009.

Cloud Computing Use Cases. http://groups.google.com/group/cloud- computing-use-cases

Cloud Computing Explained. http://www.andyharjanto.com/2009/11/wanted-cloud-computing-explained-in.html

All resources of the materials and pictures were partially retrieved from the Internet.

All material from “Security Guidance for Critical Areas of Focus in Cloud Computing v2.1”, http://www.cloudsecurityalliance.org

Various cloud working groups

Open Cloud Computing Interface Working Group, Amazon EC2 API, Sun Open Cloud API, Rackspace API, GoGrid API, DMTF Open Virtualization Format (OVF)

Cloud Computing Security Issues, Randy Marchany, VA Tech IT Security, [email protected]

Research in Cloud Security and Privacy,

www.cs.purdue.edu/homes/bb/cloud/cloud-complete.ppt

Introduction to Security and Privacy in Cloud Computing, Introduction to Security and Privacy in Cloud Computing. Spring 2010 course at the Johns

Contact Us

For more information please call TxMQ VP Miles

Roty, 716-636-0070 (228), or email

[email protected]

.