Security Considerations for Cloud Deployment
Jeff Uehling, IBM i Network & Security Development[email protected] IBM - Rochester, MN
What is Cloud Computing?
Is Cloud Computing really a new
concept?
What is Cloud Computing?
…
An IT consumption and delivery model
Cloud enables:
– User self-service – Outsourcing options – Dynamic scalability
Multiple types of clouds will coexist:
– Private – Deployed Inside a customer’s firewall
– Public – Provided and managed by a 3rd party via subscription
– Hybrid – a mix of Public and Private models based on Workload
An effective cloud deployment is built on a dynamic Infrastructure and should be part of
an overall Data Center transformation plan
Cloud computing is a
consumption and delivery model
inspired by consumer
© 2010 IBM Corporation
Cloud Differentiators… There are Many!
Weeks or Months Seconds to Minutes
Time to Deploy a Server
Negotiate & Commit Year-long Contract Select from Catalog & Pay As You Go
Commitment to use Service
$K-$M in Infrastructure → $$ per IT hour No or Low Upfront → ¢ per IT hour
IT Benefits from Cloud Computing are Real…
Increasing speed and flexibility Reducing costsResults from IBM cloud computing engagements
Source: Based on IBM and client experience.
Test provisioning Weeks Minutes
Change management Months Days/hours
Release management Weeks Minutes
Service access Administered Self-service
Standardization Complex Reuse/share
Metering/billing Fixed cost Variable cost
Server/storage utilization 10–20% 70–90%
Agents End Users Support Community
Crowdsourcing
Customer Care
Payments
Int. Risk Mgmt.
Retail Banking Trade & SC Finance Payments Mobile Banking Front Office OptimizationInfrastructure Platform Services Application Services Business Services People Services
Dynamic Provisioning Process & Policy Mgmt. Problem & Change Mgmt. Service Cloud Business & Operations Support
Fulfillment Assurance Billing Mashup Server
End User Interaces Service/Software Catalogs Open Foundation (WS Framework, Service Bus)
B 2 B P a rtn e rs h ip s E xp e ri e n c e M a n a g e m e n t.
Industry Frameworks & Information Foundation
Distributed Cloud Computing Services
Infrastructure Services Platform Services Application Services Business Services 2000 2006 BCRS ISSC/SO Live ‘People’ Services 2009 S e rv ic e C lo u d L a y e rs MBPS (eHR, LBPS, etc.) ISS Live Mesh
Static, dedicated, outsourced Network-delivered, off-premises Shared, automated, dynamic
Cloud: because the majority of IT cost is in people, Cloud Computing
is becoming popular at the higher layers
What Cloud Services are available today?
Hundreds… Thousands… growing by the
Platform-as-a-Service Software-as-a-Service
Servers Networking Storage
Middleware Collaboration Business Processes CRM/ERP/HR Industry Applications Data Center Fabric Shared virtualized, dynamic provisioning
Database Web 2.0 Application Runtime Java Runtime Development Tooling Computing on Demand Developer Cloud Market Examples IBM Examples
Cloud Delivery Examples
Top private workloads
Database, application and
infrastructure workloads
emerge as most appropriate for a
Private offering
Data mining, text mining, or other analytics
Data warehouses or data marts
Business continuity and disaster recovery
Test environment infrastructure
Long-term data archiving/preservation
Transactional databases
Industry-specific applications
ERP applications
Top public workloads
Infrastructure and
collaboration workloads
emerge as most appropriate
for a Public offering
Audio/video/Web conferencing
Service help desk
Infrastructure for training and demonstration
WAN capacity and VoIP infrastructure
Desktop
Test environment infrastructure
Storage
Data center network capacity Server
Cloud Usage Models
1. End User to Cloud - Application running on the cloud with access for end-users
2. Enterprise to Cloud to Enduser (Interoperability)
-Applications running in the public cloud – access from employees and customers
3. Enterprise to Cloud (Integration) - Cloud application integrated with internal IT capabilities
4. Enterprise to Cloud to Enterprise (Interoperability) - Cloud application running in the public cloud and interoperates with partner applications (supply chain)
5. Enterprise to Cloud (Portability) - Cloud application running in the cloud – flexibility to move to a different cloud provider in the future or in-house
6. Private (intra) Clouds - Interoperability / integration within elements of a private cloud and between a private cloud and a traditional environment
Model 1: End User to Cloud
What is it ?
–
Application running in the cloud with
access for end-users
Scenarios :
–
Get new Web app provisioned
worldwide quickly (e.g., the next
facebook, linkedin, gmail, etc …)
–
Don’t need IT infrastructure, flexible
acquisition
Public Cloud
Application Application
Model 2: Enterprise to Cloud to End-user
What is it:
– Deploy cloud based application specifically for the cloud – access for employees and for customers
Scenarios:
– Online sales through catalog, needs to link back into enterprise systems for fulfillment
• web app and shopping cart in cloud, fulfillment inside existing enterprise systems
– Two sub-models
• End User is employee in the Enterprise (e.g., Travel Expense Account
application)
• End User is Web customer outside the Enterprise (e.g., online sales)
Enterprise IT (Traditional, Private Cloud or Hybrid)
External
Internal
Public Cloud
Application Application
Model 3: Enterprise to Cloud (Integration)
What is it?
–
Cloud application – integrated with
internal IT capabilities
Scenarios :
–
Typical approach of integrate with
existing on premises and
off-premises capabilities or other cloud
application (customer list, access
control, data)
External
Internal
Integrate with
existing on
premise
capabilities
Public Cloud B Application / Data Application / Data Enterprise IT (Traditional, Private Cloud or Hybrid)Model 4: Enterprise to Cloud to Enterprise
What is it?
– Cloud application running in the public cloud – interoperate with partner applications (supply chain) Scenarios :
– Brokers, common function providers (e.g., supply chain, broadcast recall to multiple customers, broadcast RFP to suppliers, “classic” B2B)
Large manufacturer B
External
Internal
Public Cloud Application ApplicationLarge manufacturer A
Model 5: Enterprise to Cloud (Portability)
What is it?
– Cloud application and/or data running in the cloud – flexibility to move to a different cloud provider in the future or in-house
Scenarios:
– Flexibility and choice to change application platform suppliers
– “Write once, run anywhere”
External
Internal
Public Cloud B Application / Data Application / Data Public Cloud A Application / Data Application / Data Application / Data Application / Data Move to another cloud Move in-houseModel 6: Private (intranet) Cloud
What is it?
– A “private” cloud-based service, offers many of the benefits of a public cloud computing environment. The difference is that data and processes are managed within the organization.
Scenarios:
– The enterprise would leverage a private cloud to provide Self-service capabilities, real-time infrastructure.
– Interoperability / integration within
elements of a private cloud and between a private cloud and a traditional environment
External
Internal
Private Cloud
On-Premise or Off Premise
Storage (SAN/NAS)
OS Images (Virtual / Physical)
If this is so logical…
We Have Control It’s located at X.
It’s stored in server’s Y, Z. We have backups in place. Our admins control access. Our uptime is sufficient. The auditors are happy.
Our security team is engaged.
Who Has Control?
Where is it located? Where is it stored? Who backs it up? Who has access? How resilient is it? How do auditors observe? How does our security team engage?
Today’s Data Center Tomorrow’s Public Cloud
So what type of business and security challenges does cloud computing
introduce?
Security is a top concern with cloud computing…
69% 54% 53% 52% 47% Security/privacy of company data Service qualityDoubts about true cost savings Performance / Insufficient responsiveness over network
Difficulty integrating with in-house IT
Source: IBM Market Insights, Cloud Computing Research
What, if anything, do you perceive as actual or potential barriers to acquiring public cloud services?
The Tale of two studies shows that Security is the number one inhibitor to customers
adopting cloud technologies.
Gartner’s security risks of cloud computing
Data Segregation Data Recovery Investigative Support Regulatory Compliance Data LocationPrivileged User Access
Disaster Recovery
Risks introduced by cloud computing
Less Control Data Security Security Management Compliance ReliabilityOver where the information is located and stored, who has access and backups, how is it
monitored & managed
including resiliency Control needed to manage
firewall and security settings for applications and runtime environments
in the cloud
Concerns with high availability and loss of service should outages
occur Challenges with an
increase in potential unauthorized exposure when migrating workloads
to a shared network and compute infrastructure Restrictions imposed
by industry regulations over the use of clouds
Top 10 factors for a secure Cloud Infrastructure
Data Protection
Access and Identity
Application Provisioning & Deprovisioning
Application & Environment Testing
Service Level Agreement
Vulnerability Management
Business Resiliency
Audit & Governance
Cross Border Protection
What are the Risks
Policy and Organizational Risk
- Things that may directly
degrade the ability of the consumer organization to conduct
business in efficient manner
Legal Risk
- Things that may put the consumer organization
in breach of the law or that may prevent compliance with specific
legal mandates
Technical Risk
- Things that may disrupt normal operations
of the consumer organization or cause loss of value over intangible
assets (data, reputation, etc.)
Transitional Risk
- Things that may temporarily put the
consumer organization’s “traditional” infrastructure and operations
under increased risk
Policy and Organizational Risk
5 INTRINSIC RISKs
1. Resource sharing and pooling - Data (intangible assets) can not be tied to physical assets (tangible HW resources), assets must be referenced by their content not their supporting media or storage location
2. Network accesses - Porous perimeter, authorization & authentication become more important issues
3. Service elasticity and scalability - Grow-on-demand and pay-as-you-go can backfire. Seemingly infinite capacity may not be so under attack.
4. On-demand self-service - Hijacking of the consumer’s control plane (user interface.
Legal Risks
E-discovery and Subpoena - Where is the evidence that I need to hand out? Intangible assets cannot be mapped to physical assets or geographical locations. Service provider may not be cooperative. Resources are pooled and shared so they can’t be “taken” without affecting co-tenants and/or service provider operations.
Change of jurisdiction - Which privacy (Data protection ) and security laws are applicable when intangible assets and processes are outsourced to service providers with distributed data centers across several continents? Do national laws local to the service provider’s data center supersede those local to consumer’s organization?
Data protection - It can be difficult for the cloud customer (in its role of data controller) to effectively check the data processing that the cloud provider carries out, and thus be sure that the data is handled in a lawful way. Conflicting data encryption standard requirements, lack of notification of data breaches by the service provider, storage of data collected unlawfully by co-tenants .
Technical Risks
Isolation failure - Break out of the VM, storage compartment, virtual network, VPN, etc.
Compromise of the management interface - Hijack of the consumer organization’s cloud computing infrastructure, loss of control plane (user interface).
Data leakage – Data Leakage to co-tenants (Intra-cloud ) or from the cloud
Insecure data lifecycle management - Insecure or ineffective deletion of data, loss of consistency, data duplication
Economic denial of service - Depletion of quota vs. runaway service costs vs loss of efficiency
Coarse access control - Insufficient granularity to implement authentication, authorization or auditing controls
Conflicting Provider- Consumer security standards - Provider can’t meet the consumer organization’s security requirements
Transitional Risks
Disruption of endpoint security - Cloud applications that require
installation of client-side components or use of specific desktop applications may weaken the consumer’s security posture
Credential Leakage - Improper lifecycle management of credentials needed to access cloud applications. Shared access for “testing purposes”, open access to cloud user interface
Punctured perimeter - Punching “temporary holes” in network filtering rules. Network IDS with lost visibility, tunneling.
Transitive trust - Internal/ legacy applications suddenly made to transitively trust the cloud. Reuse of credentials, hard-coded passwords, certificates, etc.
Security complexities raised by virtualization
New complexities:
Dynamic relocation of VMs
Increased infrastructure layers to manage and protect
Multiple operating systems and applications per server
Elimination of physical boundaries between systems
Manually tracking software and configurations of VMs
Risk depends on cloud type
Public cloud riskiest (mixed tenants)
Private cloud least risky (BAU)
–but places higher demands on the company
Hybrid (private + public) provides a balanced solution
– sensitive data stays private
– public cloud used for non-sensitive data. Can be always or just for demand spikes
•1:1 ratio of OSs and
applications per server
•1:Many ratio of OSs and applications per server •Additional layer to manage
Mission-critical workloads, personal information Need for Security Assurance Low High Training, testing with non-sensitive data
Today’s clouds are primarily here:
●Lower risk workloads
●One-size-fits-all approach to
data protection
●No significant assurance ●Price is key
Tomorrow’s high value / high risk workloads need:
•Quality of protection adapted to risk
●Direct visibility and control ●Significant level of assurance
Analysis & simulation with
public data
Different cloud workloads have different risk profiles
IBM’s Cloud Portfolio
Consulting Services in support of Cloud Computing
Smart Business Offerings:
comprehensive cloud solutions for infrastructure workloads
Workloads available on multiple delivery models ... with embedded service management
Infrastructure services & technologies enabling cloud computing
Services
●Security
●Resiliency optimization (BCRS) ●Data Center
●Tivoli Live Monitoring
Technologies
●Tivoli Service Automation Manager ●WebSphere Hypervisor Edition
●Infrastructure Strategy & Planning
●Strategy & Change Services for Cloud Adoption ●Strategy & Change Services for Cloud Providers
●Testing Services for Cloud
●Networking Strategy & Optimization
Development
and Test Desktop
IBM Cloud Services Portfolio
Smart business on the IBM cloud
IBM Smart Business Services
IBM Smart Business Systems
Standardized services on the IBM cloud
Preintegrated, workload-optimized systems Private cloud services,
behind your firewall,built and/or managed by IBM
IBM Lotus Live IBM Lotus® iNotes® IBM CloudBurst ™family IBM Smart Business Test Cloud IBM Smart Business Desktop Cloud IBM Smart Business Storage Cloud
Analytics Collaboration Development and test Desktop and devices Infrastructure storage IBM Smart Analytics System Smart Business for Small or Midsize Business (backed by the IBM Cloud) Infrastructure compute IBM Computing on Demand IBM Information Protection Services Business services BPM BlueWorks (design tools) IBM Smart Business Desktop Cloud IBM Smart Analytics Cloud Smart business expense reporting on the IBM cloud
IBM Information Archive Smart Business Development and Test on the IBM Cloud (beta)
Global Technology Services
Smart Business End User Support
Cloud Solutions for Power Systems
Cloud services definition and provisioning
Software full lifecycle management
Policy creation and enforcement
Tivoli Service Automation Manager (TSAM) Tivoli Provisioning Manager (TPM)
IBM Systems Director and VMControl
Power System Pools simplicity
Policy-based workload resilience
Best-practices image management
Automated SAN provisioning
Best-of-breed Power Systems Virtualization
Tivoli Storage Productivity Center (TPC)
Simplified SAN management
Integration with VMControl for automated disk provisioning
SAN Volume Controller (SVC)
IBM DS5000, DS8000, XIV; EMC; HDS
Heterogeneous storage management
Current IBM i strengths
Strengths - stands out in multi-tenant
Good Isolation
Object-based architecture
IBM i enforced Security and encryption
Database schema and IASP isolation
System Director
WebSphere – separate enterprise applications – role-based security
Memory Pools
Subsystems
Processor Pools
Group Profiles
Active Memory Sharing
…
IBM i Hosting Environment
V
Application-level multi-tenancy
Tenant Tenant
Data center floor Infrastructure Operating System AP Application Single app. servicing multi tenants Data Platform One application Stack per tenant
IV Platform-level multi-tenancy Tenant App App Tenant
Data center floor Infrastructure Operating System
AP
Data Platform
Data center floor
III Operating System-level multi-tenancy Tenant App AP App AP Tenant Infrastructure Operating System Data Platform One AP Stack for each
tenant II Shared Hardware multi-tenancy Tenant App AP App AP Tenant
Data center floor
OS OS Infrastructure DP DP One OS stack for each tenant Shared Dedicated Legend: I Physical-level or isolated multi-tenancy Tenant App AP Infrastr. App AP Infrastr. Tenant
Data center floor
OS OS DP DP One server stack for each tenant • PowerVM • PowerHA • Systems Director
• Apache web servers
• WebSphere Application Servers
• IBM i subsystems
• Subsystems, Memory Pools
• Threads, Users/Groups
• Validation lists
• DB2 for i
• Independent Storage Pools
• Schema isolation
Enabling Technology
IBM i performs very well here IBM i performs well here
IBM i Vision toward Cloud Enablement
Past Present Potential Future enhancements Physical systems Internal storage Static resource partitions Manual setup Physical media installLicensing per core Backups
Virtual resources
External storage w/ VIOS and SAN
Dynamic resources for partitions
Network install and backups
Scripted partition creation
Licensing per core
HA Partition mobility Partition hibernation Image (partition) provisioning/cloning Virtualized everything Workflow automation
More granular licensing
Flash copy checkpoints and snapshots
What is IBM CloudBurst?
–
A complete, pre-packaged cloud environment. Includes both
hardware and software
–
CloudBurst on Power is slated for 4Q 2010 delivery (v2.1)
Market splash:
–
The IBM CloudBurst solution on Power is planned to
provide
everything you need for a private cloud environment
including Tivoli
service management software, storage, network and the most
efficient platform for cloud computing with Power Systems, enabling
customers to rapidly realize the benefits of cloud computing
IBM Cloudburst – an Integrated Cloud solution
Tivoli Service Automation Manager (TSAM)
IBM Cloudburst
Orchestration of Cloud operations
Integration point for service mgmt capabilities
Service catalog and templates
Automated
provisioning of virtual systems
Monitor both physical and virtual server environments Monitoring Make management system DB highly available High Availability
Provide metering and accounting for cloud services
Enable integration to billing systems if needed
Usage and Accounting
Enhanced management of the virtual environment Virtualized HW Management Energy management of the hardware infrastructure Energy Management
“Built for Purpose” Cloud Solution
Preinstalled and configured on IBM hardware
20
10
20
09
Optimized for Development & TestWorkloads IBM CloudBurst 1.1 IBM CloudBurst 1.2 Key Enhancements Expand HW Platform to Power Systems,iDataplex, and System Z
Cloud Analytics and Dashboard capabilities
Cloud capacity Planning
Enhanced security & resiliency options
Compliance reporting options
Integration with public cloud offerings
IBM CloudBurst Roadmap
Capabilities
System X BladeCenter HW; scalable and modular
GTS CloudBurst QuickStart Services
Request, Deploy and Manage
IBM CloudBurst Future Optimized for Production Workloads New Enhancements
Energy metrics integrated with IT service management system
Accounting, usage and metering
High availability configuration
Enhanced security options
Integrated with WebSphere CloudBurst
Delivered!
