This document summarizes Anne Thomas Manes' presentation on new security models for cloud computing. It discusses how cloud computing requires rethinking security architectures, with services spanning internal and external clouds. It recommends a service-oriented approach to security using layered defenses, mutual reinforcement of service-oriented architecture and security, and considering cloud brokers to enforce policies. Cloud governance is seen as the evolution of service-oriented architecture governance to provide visibility, security and control in cloud environments.
2. Cloud Computing 2
The set of disciplines, technologies, and business
models used to deliver IT capabilities
(software, platforms, hardware)
as on-demand, scalable, elastic services
How can I Look more
make this... like this?
4. What…Me Worry?
• Public cloud’s multi-tenant,
dynamic characteristics may
put sensitive, or regulated
data at risk
• Vendor viability creates
strategic risk
• Denial of service attacks
could create systemic risk
• A lack of transparency and
accountability about security
from cloud vendors lowers IDC survey: 74% rate
trust cloud security issues as
“very significant”
5. How’s the Public Cloud Security?
Incidents
• November 2007: Salesforce Staff Speared by Phishers
• July, 2008 Hey Spammers, Get Off My Cloud!
• March 2009: Google Privacy Blunder Shares Your Docs…
• June 2009: Webhost hack wipes out data for 100,000 sites
• October 2009: Amazon Web Services DDoS Attack And The
Cloud
• More at
http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database
6. Service
consumer
Service request
(console or API)
Service
Cloud Computing catalog Service interface
Enterprise service management
Enterprise service management
Cloud
Requires a New Virtual DC Virtual DC Virtual DC
External
application(s)
Security
Architecture
Cloud OS
Service bus
External service
• Virtual data centers Internal IT Cloud management provider
• Service oriented organization
Service interface
Virtual infrastructure management
interfaces
• Next generation Traditional
Virtual infrastructure Cloud OS
operating systems and infrastructure
Compute Network Storage Security Virtual infrastructure
management tools Physical infrastructure Physical infrastructure
Compute Network Storage Security
7. Rethinking Security Architecture
Security perimeters are changing
• Activities and data move across open, untrusted
networks
• “Zones of trust” must become more logical than physical
• Identity and application-aware firewalls
• Security vendors must embrace virtualization security
• Security management must span internal and external
clouds
8. Rethinking Security Architecture
Service-oriented security and identity management
• Security must span internal and external clouds
• Service oriented interfaces must be secured
• Existing domain access control must give way to
standards-based identity services
• Multiple sources of identity
• Encryption and key management must “follow” sensitive
data
9. Security Zone Model 9
Zone definition: “A grouping of IT resources which may
reside at multiple locations but have similar business
communication and network protection requirements”
Typical
organization
has
equivalent
of some or
all of these
zones
* Audit zone
optional
10. Changing Zone Implementations 10
Physical view – “old school” zone implementation
Separation between the enterprise resources (sites, servers,
devices) and the untrusted zone accomplished by
Perimeter Devices
Enterprise Controlled/Owned Enterprise Controlled/Owned
User Site Data Center
Not necessarily secure protocols Monitoring
and
Enforce-
Site to Site VPN ment
Not
or Private WAN
Necessarily
Access Server
secure
Perimeter “Farm”
endpoint
Internet
11. Changing Zone Implementations 11
Physical view – “new school” zone implementation
Separation between the enterprise resources (sites, servers,
devices) and the untrusted zone accomplished by
cryptography, e.g.
Security Overlays
Enterprise Controlled/Owned
Data Center
Secure Protocols Monitoring
VPN
and
Any network or Or Proxy
Enforce-
site System End to
ment
Secure End Sec
Endpoint
(VPN client, End to Access Server
system End Sec Perimeter “Farm”
firewall, etc.)
(resulting in this kind of topology)
12. Dynamic Perimeter Enforcement 12
New model: Logical zones with dynamic perimeters
• Numerous, coordinated endpoint security agents
• Centralized policy controls connection rules
• Smarter firewalls
• Smarter switching fabric
• Common theme: Multi-layer enforcement (L4 + L7)
• Access decisions based on identity and application protocol, not just
IP address and port
13. Mutually Reinforcing SOA and Security 13
• SOA adds a new dimension to the security landscape
• Loosely coupled connections
• Requirements for cross-domain federation
• Don’t assume the average developer understands all the issues
• Don’t assume that all services can safely combine in all security
contexts
• Recommended strategy
• Build on existing IdM strategy
• Externalize security as much as possible (e.g. authentication,
authorization, crypto, audit)
• Combine transport-level and application-level protections
• Use layered defenses
• Establish good governance processes
14. Applying SOA to Security 14
Layered defenses
• Policy enforcement points (PEPs) as intermediaries and at endpoint s
• Externalize security functions to the PEPs
Firewalls
(Perimeter PEPs)
Service Service Service
External
Service Endpoint Endpoint Endpoint
PEP PEP PEP
External
Service
Centralized Intermediary Intermediary
PEP PEP PEP
External
Service
Endpoint Endpoint Endpoint
External
DMZ PEP PEP PEP
Service Service Service Service
15. Mediation in the Cloud 15
Cloud broker or gateway product
Typical functionality
• Secure communications
• Multi-protocol
• Enforce policy
• Authentication Firewall
• Access control
• Logging and audit
Cloud gateway
Source of diagram: Layer7 (originally concerning the SecureSpan product)
16. New Security Models for the Cloud 16
Recommendations and takeaways
• Think “service-oriented” when you’re thinking cloud
• Mutually reinforce SOA and security:
• Secure communications methods
• Layered defense
• Good governance
• Consider cloud brokers to enforce policies in the cloud
17. New Security Model Requirements for the Cloud
Enabling Safe Cloud Computing
K. Scott Morrison
CTO & Chief Architect
18. Trust is the fundamental requirement
of cloud computing
19. Anne showed us we need to:
Understand Risk
Control Boundaries
Trust is the measure of your confidence in these
20. But How Do We Gain Control Over SaaS?
Consider the degrees of
freedom SOA offers us
21. Pattern 1: Assert Outgoing Control
Single Sign On
Managed access to
authorized services
SLA enforcement
Firewall
Audit
Directory
NetOps
22. Pattern 2: Manage Access to Corporate Resources
Access Control
Alarms and audit
Safe routing
DMZ Firewall
Secure
Zone
Directory
SaaS
Application
NetOps User
24. Pattern 3: Manage Cloud-Based SOA Apps with Virtual PEP
Hardware PEP Virtual PEP
Cloud
Services
Identical Functionality
Virtual
PEP
Hardware PEP
Instances
Secure Services, Not
Networks
25. What Does Layered Defense Look Like In The Cloud?
Firewalls
(Perimeter PEPs)
Service Service Service
External
Service Endpoint Endpoint Endpoint
PEP PEP PEP
External
Service
Centralized Intermediary Intermediary
PEP PEP PEP
External
Service
Endpoint Endpoint Endpoint
External
DMZ PEP PEP PEP
Service Service Service Service
26. Zones of Trust
? Application-
? Layer
? Isolation,
Monitoring, &
Control
? ?
Cloud Edge Virtual
Secure Message PEP
This is true SOA
defense-in-depth
27. This Is The Ultimate Realization Of SOA
Visibility
Security
Control
Cloud Governance is the
evolution of SOA
NetOps Governance
28. For More Information:
K. Scott Morrison Anne Thomas Manes
Layer 7 Technologies Burton Group
CTO and Chief Architect VP & Research Director
smorrison@layer7tech.com amanes@burtongroup.com
http://www.layer7tech.com http://www.brutongroup.com
Twitter: @kscottmorrison Twitter: @atmanes