CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments

(1)

CSA Virtualisation Working Group

Best Practices for Mitigating Risks

in Virtualized Environments

Kelvin Ng Tao Yao Sing Heng Yiak Por

•Co-Chairs

•Kapil Raina, Zscaler

•Kelvin Ng , Nanyang Polytechnic

•Yao Sing , Tao , IDA Singapore

•Contributors

•Abhik Chaudhuri , Tata Consultancy Services

•Heberto Ferrer , HyTrust

•Hemma Prafullchandra, HyTrust

•J D Sherry , Cavirin

•Kelvin Ng , Nanyang Polytechnic

•Xiaoyu, Ge, Huawei

•Yao Sing , Tao , IDA Singapore

•Yiak Por , Heng , Nanyang Polytechnic

•CSA Global Staff

•Frank Guanco , Research Analyst

•Victor Chin , Research Analyst

(2)

Agenda

• Background • Whitepaper Development • Whitepaper Content • Scope • Introduction • Securing Virtualization

Platforms and establishing Governance

• Virtualization risks and

Controls • Risk Assessment • What next ? • Q&A Background • Project Charter

The CSA Virtualization Working Group provides guidance on implementation best practices for enterprises in the deployment of virtualization in the areas of compute and network.

• Deliverables

1. White Paper for the enhancements on Security Guidance for critical areas of focus in cloud computing v 3.0 Domain 13

2. A guideline for best practices for secure network virtualization design and deployment

• Participation

1. Basecamp

(3)

Whitepaper Development

•

Working Group formed

•

Aug 2014

•

Reference Documents

•

Security Guidance for critical areas of focus in cloud computing v 3.0 2011 Domain 13

•

Singapore Standards Council, TR30:2012, Spring Singapore

• Scope

•Provides guidance on the identification

and management of security risks specific to compute virtualization technologies that run on server hardware—as opposed to, for example, desktop, network, or storage virtualization.

•The audience includes enterprise

information systems and security personnel and cloud service providers, although the primary focus is on the former

(4)

• Introduction

• Cloud Computing Top Threats 2013

report by

CSA

•Data breaches

•Data loss

•Account or service traffic hijacking

•Insecure interfaces and APIs

•Denial of services

•Malicious insiders

•Abuse of cloud services

•Insufficient due diligence

•Shared technology vulnerabilities

Whitepaper Content

• Securing Virtualization Platforms and establishing

Governance

• Initiation phase

•

Identify virtualization needs,

•

Providing an overall vision and create high-level strategy

•

Identifying platforms and applications that can be virtualized

(5)

• Securing Virtualization Platforms and establishing

Governance

• Planning and Design phase

•

Major considerations include selection of

virtualization software, storage system, network topology, bandwidth availability and business continuity.

•

Appropriate logical segregation of instances that have sensitive data.

•

Separate authentication should be established for application / server, guest operating system, hypervisor, and host operating system

Whitepaper Content

• Securing Virtualization Platforms and establishing

Governance

• Implementation phase

•

Virtualization platform should be hardened using vendor-provided guidelines and/or 3rd party tools.

•

Role-based access policies should be enforced to enable segregation of duties, thereby facilitating proof of governance.

•

Proper VM encryption is required to significantly reduce the risk associated with user access to physical servers and storage containing sensitive data.

(6)

• Securing Virtualization Platforms and establishing

Governance

• Disposition phase

•Tasks should be clearly defined in sanitizing media

before disposition.

•VM retirement process must meet legal and regulatory requirements in order to prevent data leakage and breaches..

Whitepaper Content

• Virtualization Risks and Controls

• Risks and controls of using VM

•

VM Sprawl

•

Sensitive Data within a VM

•

Security of Offline and Dormant VMs

•

Security of Pre-Configured (Golden Image) VM / Active VMs

•

Lack of Visibility Into and Controls Over Virtual Networks

•

Resource Exhaustion

(7)

• Virtualization Risks and Controls

• Risks and controls on using hypervisor

•Hypervisor Security

•Unauthorized Access to Hypervisor

• Risks and controls due to changes in operation

procedures

•

Account or Service Hijacking Through the Self-Service Portal

•

Workload of Different Trust Levels Located on the Same Server

•

Risk Due to Cloud Service Provider API

Whitepaper Content

• Virtualization Risks and Controls

• VM Sprawl

Whitepaper Content

Risk Name VM Sprawl

Risk Description VM sprawl describes the uncontrolled proliferation of VMs. Because VM instances can be easily created and existing instances can be easily cloned and copied to physical servers, the number of dormant VM disk files is likely to increase. In addition, the unique ability to move VMs from one physical server to another creates audit and security monitoring complexity and loss of potential control. As a result, a number of VMs may be unmanaged, unpatched, and unsecured. Relevant Security Aspect Risk to confidentiality, integrity, and availability

Relevant Governance Risk Area Architectural and configuration risk

Vulnerabilities ● Proper policy and control processes to manage VM lifecycle do not exist.

● Placement / zoning policies or enforcement of where a dormant VM can instantiate or reside does not exist.

● A discovery tool for identification of unauthorized VMs does not exist. Affected Assets VM

(8)

• Virtualization Risks and Controls

• VM Sprawl

Whitepaper Content

Potential security impact

In a traditional IT environment, physical servers must be procured. This requirement enforces effective controls, because change requests must be created and approved before hardware and software can be acquired and connected to the data center.

In the case of virtualization, however, VMs can be allocated quickly, self-provisioned, or moved between physical servers, avoiding the conventional change management process. Without an effective control process in place, VMs and other virtual systems with unknown configurations can quickly proliferate, consuming resources, degrading overall system performance, and increasing liability and risk of exposure. Because these machines may not be readily detectable or visible, they may not be effectively monitored or tracked for the application of security patches or effectively investigated should a security incident occur.

• Virtualization Risks and Controls

• VM Sprawl

Whitepaper Content

Security Controls for Mitigating Risks

To mitigate risk, consider implementing the following security controls:

● Put effective policies, guidelines, and processes in place to govern and control VM lifecycle management, including self-service and automated scripts / DevOps tools.

● Control the creation, storage, and use of VM images by a formal change management process and tools. Approve additions only when necessary.

● Keep a small number of known-good—and timely patched—images of a guest operating system separately and use them for fast recovery and restoration of systems to the desired baseline. ● Discover virtual systems, including dormant ones and the applications running on them, regularly.

(9)

•

Asset risk evaluation based on

:-•

Identified vulnerabilities

• Likelihood

• Impact due confidentiality

• Impact due to integrity

• Impact due availability

• Average risk level rating

•

For any risk level above acceptance criteria

• Mitigate risk items via recommended controls in whitepaper

•

Continuously monitor and mitigate risks

• Risk Assessment

Whitepaper Content

•

Evaluation of Risk

• Risk Assessment

Whitepaper Content

Type of Risk Asset exposed to risk

(10)

•

Update Security Guidance for critical areas of focus in cloud computing v 3.0 Domain 13

•

Plan to use it as a support document for ISO

•

May 2015, Kuching Malaysia

•

ISO Working Group 4

•

Either 6 month study period

•

Or launch new WG item with enough support

What Next ?

?