Cloud Computing Security. Belmont Chia Data Center Solutions Architect

(1)

(2)

Cloud Computing Security

What is this Cloud stuff?

Security in Public Clouds

(3)

Defining Cloud Computing

IT Resources and Services that

Are

Abstracted

from the Underlying

Infrastructure and Provided

“

On Demand

” and “

At Scale

” in a

Multitenant and Elastic

Environment

Anywhere,

A Style of Computing Where

Massively Scalable IT-Enabled

Capabilities Are Delivered

“As a Service” to Multiple External

Customers Using Internet

Technologies

Source: Gartner “Defining and

(4)

Why is Cloud getting so much interest?

Cloud Computing can be looked as the 4

th

_Utility

• Virtualization – Reduce costs

• Low Complexity – Simplify deployment

• Scalability – Quicker time to market

• Elasticity - Economies of scale

Utility

Water

(5)

Customer Benefits

Service Providers



Consolidation and virtualization benefits for own use



Scale across multiple customers = higher margins



Economic efficiencies allowing more compelling services

Enterprise/Public Sector



Reduce complexity, cost and IT touch-points



Improve agility/flexibility/responsiveness



Enables a focus on core business vs. IT

SMB / Consumer

(6)

Cloud Definition from NIST

Public

Private

Hybrid

Community

Deployment

Models

Service

Models

Software as a

Service (SaaS)

Platform as a

Service (PaaS)

Infrastucture as a

Service (IaaS)

Essential

Characteristics

On-Demand

Self Service

Broad Network

Access

Resource

Pooling

Rapid Elasticity

Measured Service

(7)

Essential Characteristics

Traditional

Computing

Dedicated

Traditional hardware

procurement

New services added

manually

Manual repair of

system failure

Months

Incremental CapEx

purchases

Shared

Self service

Scale on-demand

Automated recovery due to

integration / interoperable

Minutes

Pay per use

(8)

Enterprise Deployment Models

Distinguishing between Ownership and Control

(9)

APIs and

Protocols

Open

Standards

Hybrid Cloud

Private

Cloud

Inter-Cloud

Public

Cloud

Virtual Private

Cloud

PRESENT

(10)

Cloud Computing Architectures

From Stand-Alone to The Inter-Cloud

Stand-Alone

Data Centers

Phase 1

Phase 4

Internal Cloud

Phase 2

Public Cloud

Phase 3

Private Cloud

Public Cloud

(Hybrid Cloud)

Virtual

Private Cloud

Open Cloud

(Federations)

PRESENT

2015-2017

Inter-Cloud

Public Cloud #1

Public Cloud #2

(11)

But what about security?



Challenges:



Dynamic environment, static barriers are no longer sufficient



Resource preservation becomes critical



Compliance requirements



What about auditing?



Solving these issues will need dramatic changes in

(12)

Cloud Computing Security

What is this Cloud stuff?

Security in Public Clouds

(13)

Clients

Systems

Provisioning

Systems

Management

Applications

Data

Data Center

1

2

3

4

5 Capacity

Public Cloud Architecture example

1 – Client sends service requests

2 – System management requests resources

3 – Systems provisioning finds correct resources

Thin Client

Thick Client

Mobile

(14)

Moving to the Public Cloud

What are the Security issues?

?

We Have Control

It’s located at X.

It’s stored in server’s Y, Z.

We have backups in place.

Our admins control access.

Our uptime is sufficient.

The auditors are happy.

Our security team is engaged.

Who Has Control?

Where is it located?

Where is it stored?

Who backs it up?

Who has access?

How resilient is it?

(15)

Trust & Security : Foundations of Cloud

Before the Economics of Cloud Computing Can Be Considered,

Trust and Security Must Be Addressed:

Security

Control

Service-Level

(16)



The A6 (Automated Audit, Assertion, Assessment,

and Assurance API) Working Group:



Allow Cloud Providers to automate the process of

Audit, Assertion, Assessment, and Assurance



Also, allow authorized consumers of their services to

do the same!



For more information and to participate in this

work, see http://www.cloudaudit.org/

TRUST

(17)

Cloud Computing Security

What is this Cloud stuff?

Security in Public Clouds

(18)

Private Clouds

Virtualized & Automate the Data Center

Custom

Email

Web

V V V V V V V V V V V V V V V V

Database

Virtual Desktops

But what

(19)

Security issue #1: VM Mobility

(20)

now you see it

now you

don’t

(21)



Security issue #2:

(22)

#@!%

Security issue #2:

(23)

Security issue #3: VM Security

AFTER

BEFORE

Equipment is Physical

Wires and cables.

Routers and switches.

Servers on racks.

Storage arrays and disks.

Memory and CPUs.

Machines stay put.

Security is in place.

Equipment is Virtual

How do we watch the network?

Where are VMs located?.

Are they moving around?

What’s our change control policy?

Are VMs patched?

Is the hypervisor secure?

Who’s responsible for security?

?

(24)

Internet

Partners

CRS-1

Nexus 7000

Nexus 5000

Nexus 1000v

Application

Software

Virtual

Machine

VSwitch

Access

Aggregation

Core

Edge

IP-NGN

Backbone

VMWare

CRS-1

Storage

& SAN

Compute

Cisco and

10G Ethernet

10G FCoE

4G

FC

1G

Ethernet

VM to vSwitch

vSwitch to HW

App to HW / VM

App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS

IP-NGN

Application

Control (SLB+)

Service Control

Intrusion

Detection

Firewall Services

Virtual Device

Contexts

Fibre Channel

Forwarding

Fabric Extension

Fabric-Hosted

Storage

Virtualization

Storage Media

Encryption

Virtual Contexts

for FW & SLB

Port Profiles &

VN-Link

Port Profiles &

VN-Link

Line-Rate

NetFlow

Virtual Device

Contexts

Secure Domain

Routing

Service Profiles

Virtual Machine

Optimization

Unified Computing

MDS 9000 +

(25)

Internet

Partners

Application

Software

Virtual

Machine

Aggregation

Core

Edge

IP-NGN

Backbone

Compute &

Access

App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS