1) The Jericho Forum aims to develop security standards to facilitate secure collaboration over open networks as businesses move away from traditional network perimeter security models. 2) Around fifty large organizations from different sectors globally work together through the Jericho Forum to address problems posed by this "de-perimeterization". 3) The document discusses security challenges posed by internal cloud computing and outlines the Jericho Forum's work to analyze issues, raise awareness, and establish requirements to help make cloud computing a safer option for collaboration.

1. 1
Will in-house clouds storm past your network
defenses?
Andrew Yeomans
Jericho Forum Board

2. 2
A brief introduction to the Jericho Forum
The Jericho Forum aims to drive and influence development
of security standards that will meet future business needs
These standards will:
– Facilitate the secure interoperation, collaboration and commerce
over open networks
– Be based on Collaboration Oriented Architectures (COA) and
design approach entitled “de-perimeterization”.
Globally, around fifty blue-chip user organisations, from all
sectors, are working together to solve the problems posed by
de-perimeterization
The Open Group hosts the Jericho Forum
Everything published is free and open-source.

3. 3
Cabinet
Office
Foreign &
Commonwealth
Office
Some of our members

4. 4
From Connectivity to Collaboration
Full de-perimeterized working
Full de-perimeterized working
Full Internet-based
Collaboration
Full Internet-based
Collaboration
Consumerisation
[Cheap IP based devices]
Consumerisation
[Cheap IP based devices]
Limited Internet-based
Collaboration
Limited Internet-based
Collaboration
External Working
VPN based
External Working
VPN based
External collaboration
[Private connections]
External collaboration
[Private connections]
Internet Connectivity
Web, e-Mail, Telnet, FTP
Internet Connectivity
Web, e-Mail, Telnet, FTP
Connectivity for
Internet e-Mail
Connectivity for
Internet e-Mail
Connected LANs
interoperating protocols
Connected LANs
interoperating protocols
Local Area Networks
Islands by technology
Local Area Networks
Islands by technology
Stand-alone Computing
[Mainframe, Mini, PC’s]
Stand-alone Computing
[Mainframe, Mini, PC’s] Time
Connectivity
Business
Value
Risk
Today
Effective Perimeter Breakdown
http://opengroup.org/jericho/Business_Case_for_DP_v1.0.pdf

5. 5
Core business targets
Customer
ProductBackup
Infra-
structure
Email
Security
R & D
Web host
Desktop

6. 6
Clouds – inside your data centre?
7.1>1000 Servers
/ Admin
140 Servers /
Admin
Administra-
tion
5.7$0.40 per
GByte / month
$2.20 per
GByte / month
Storage
7.1$13 per Mbit/
sec/ month
$95 per Mbit/
sec/ month
Network
RatioCost in Very
Large DC
Cost in
Medium-
sized DC
Technology
Source: HAMILTON, J. Internet-Scale Service Efficiency. In Large-Scale Distributed Systems and Middleware (LADIS) Workshop
(September 2008)

7. 7
Cloud Shape Architecture Model
Perimeterised
De-
perimeterised
Proprietary Open
Internal
External
Where
is your data
?
Are the
interfaces public
?
Is data
collaboratively
shared
?
Adrian Secombe

8. 8
Security Questions
PerimeterisedPerimeterisedPerimeterisedPerimeterised DeDeDeDe----perimeterisedperimeterisedperimeterisedperimeterised
InternalInternalInternalInternal
ExternalExternalExternalExternal
Distinction
Fades as
Collaboration
Increases
Can the Outsourcer integrate into
my infrastructure?
Will I be able to deliver?
Do I have the skills?
Do I have the resources?
Can do I recover costs?
Distinction Fades as
Virtualisation
Increases
Who has access to my data?
What about export and Privacy
laws?
How is the EXT/INT interface
managed?
Where is my data?
What due diligence did my employees
do prior to using the service?
What leaks are there from the cloud
service back into my infrastructure?
How is my data protected in transit?
Who is responsible if something
goes wrong?
What about business continuity?
How does my data securely enter
and exit the cloud?

9. 9
Interoperability Questions
ProprietaryProprietaryProprietaryProprietary OpenOpenOpenOpen
InternalInternalInternalInternal
ExternalExternalExternalExternal
Distinction
Hinders
Collaboration
What standards should be
developed?
Who should control them?
When I run out of resources
can I engage an external
cloud service provider?
Distinction Fades as
Virtualisation
Increases
Will this allow me to leverage
multiple cloud service providers
to jointly perform a task?
Will it further enable
collaboration among multiple
partners?
What if I need to switch vendors?
What if my collaboration partner
uses a different vendor?
Do I have to implement
proprietary interfaces to do
business with the provider?
Is this where I want to be?
Do I still need internal cloud
services?

10. 10
Thunder clouds – the problems
Inertia – why change?
Availability – outages?
Lock-in – how to get my data out again?
Confidentiality – who else can see it?
Auditability – and can you prove that?
Jurisdiction – who can get to the data?

11. 11
Internal clouds
Where to deploy?
– Development / Test
– Disaster Recovery
– Production compute grid
– Cyclical processing – e.g. end-of-day
– Scalable web hosting

12. 12
Cloud future – design your network
Add instance
Remove instance
Migrate
Performance
Properties

13. Confidentiality in cloudsRiskControlAcceptanceCurve
RiskControlLevels
85%
14%
<1%
Ratios closer to data volumes

14. 14
Current network designs

15. 15
Internal cloud?

16. 16
…full of virtual servers

17. 17
Network security?
Where is the Firewall?
Where is the Intrusion Detection System?
Where is the Intrusion Protection System?
Where are network routing controls?
… and VLANs, DLP, WAF, sniffers…
How much value do they really add?

18. 18
Effectiveness of security controls
Time
Relativeeffectiveness
Data controls
Network controls
End-point and
application controls
Acknowledgements to Steve Whitlock
and Dan Hitchcock
2010?

19. 19
Data separation
Interconnected mini-clouds? (Physical)
VLAN separation (network)
Hypervisor? (Ring0 software)
Data-centric? (data)

20. Data protection choice is easy!
• In IT systems we have two main protection
methods:
– Encryption (or not)
– Access controlled (or not)
Encrypted
Uncontrolled
Encrypted
Controlled access
Unencrypted
Controlled access
Unencrypted
Uncontrolled

21. Three Laws of Data Encryption
Based on Rich Mogull:
1. External loss - Encryption for media
protection – if the data moves, physically or
virtually. Simple key management.
2. Internal access - Encryption to restrict
privileged access. Complex key
management if really works.
3. Mandated encryption (e.g. PCI)

22. Two other forms of protection
Protect by monitoring
– Can't always have technical controls
– Monitor for policy violations
– Advertise to reduce temptations
– Results from “DLP” can steer Data Classification
and create dialogue with business
Protect by destroying!
– The best form of confidentiality
– Data Retention policies
– Need to track all assets, including data

23. 23
But it must be manageable
Missing – an open
format for data
protection
Key management
standards
Missing - Open
authentication
Data zones

24. 24
A look to the future - OpenEIPC
Missing – an open format for
data protection (c.f. DRM)
Strawman – ZIP + XACML
Also works for ODF and
OOXML/OPC
Scope and level appropriate to
asset at risk
Mimetype
Pictures/1001.png
Pictures/1002.png
content.xml
hCTqkH557Q6yeIh
uz+kbOfADzas2o
mqWD3USq4HOjh
/syMeHVH
styles.xml
meta.xml
eipc.xml

25. 25
ACLs versus Protected Data
Fine-grained cryptographic protection
difficult
So use traditional ACLs for fine-grained
control
Use crypto protection for provable broad
protection
Will really take off when embedded in
operating system or hypervisor

26. 26
Security by Design, not Afterthought
Risks
Get it wrong and
expose the business
Keep adding more
layers of security
Cost and/or inability
to manage
Saddled with
yesterday’s
technology
Inflexible to respond
to market demands
Benefits
Increased levels of
security
Simpler, less complex
security
Cheaper to run, easier
to manage
Tomorrows technology
with ability to gain
business advantage
Flexible and adaptable
solutions

27. 27
Jericho Forum Self Assessment Scheme

28. 28
Jericho Forum Activity
Like many others, we see huge potential and benefits for
moving into "the cloud"
But we advise not leaping in their before understanding the:
– Risks
– Security issues
– Interoperability issues
– Business rationale
The Jericho Forum is taking a lead on:
– Analyzing the issues
– Raising awareness
– Establishing clear requirements
Goal: Make the cloud a safe place to collaborate

29. 29

30. 30
Thank You!
Andrew Yeomans
Jericho Forum Board
http://jerichoforum.org