View
214
Download
0
Category
Tags:
Preview:
Citation preview
© Cloud Security Alliance, 2015
CSA Virtualisation Working Group
Best Practices for Mitigating Risks
in Virtualized Environments Kelvin NgTao Yao Sing
Heng Yiak Por
© Cloud Security Alliance, 2015
• Co-Chairs• Kapil Raina, Zscaler• Kelvin Ng , Nanyang Polytechnic• Yao Sing , Tao , IDA Singapore
• Contributors• Abhik Chaudhuri , Tata Consultancy
Services• Heberto Ferrer , HyTrust• Hemma Prafullchandra, HyTrust• J D Sherry , Cavirin• Kelvin Ng , Nanyang Polytechnic• Xiaoyu, Ge, Huawei• Yao Sing , Tao , IDA Singapore• Yiak Por , Heng , Nanyang Polytechnic
• CSA Global Staff• Frank Guanco , Research Analyst• Victor Chin , Research Analyst
Acknowledgements
© Cloud Security Alliance, 2015
Agenda• Background• Whitepaper Development• Whitepaper Content• Scope• Introduction• Securing Virtualization
Platforms and establishing Governance
• Virtualization risks and Controls
• Risk Assessment • What next ?• Q&A
© Cloud Security Alliance, 2015.
Background• Project CharterThe CSA Virtualization Working Group provides guidance on implementation best practices for enterprises in the deployment of virtualization in the areas of compute and network.
• Deliverables1. White Paper for the enhancements on Security Guidance for critical areas of focus in cloud computing v 3.0 Domain 132. A guideline for best practices for secure network virtualization design and deployment
• Participation1. Basecamp2. Bi-Weekly Concall3. Open Peer review
© Cloud Security Alliance, 2015.
Whitepaper Development• Working Group formed• Aug 2014
• Reference Documents• Security Guidance for critical
areas of focus in cloud computing v 3.0 2011 Domain 13
• Singapore Standards Council, TR30:2012, Spring Singapore
© Cloud Security Alliance, 2015
•Scope• Provides guidance on the
identification and management of security risks specific to compute virtualization technologies that run on server hardware—as opposed to, for example, desktop, network, or storage virtualization. • The audience includes enterprise
information systems and security personnel and cloud service providers, although the primary focus is on the former
Whitepaper Content
© Cloud Security Alliance, 2015
•Introduction•Cloud Computing Top Threats 2013 report by CSA• Data breaches • Data loss • Account or service traffic hijacking • Insecure interfaces and APIs • Denial of services • Malicious insiders • Abuse of cloud services • Insufficient due diligence • Shared technology vulnerabilities
Whitepaper Content
© Cloud Security Alliance, 2015
•Securing Virtualization Platforms and establishing Governance•Initiation phase • Identify virtualization needs, •Providing an overall vision and create high-level strategy• Identifying platforms and applications that can be virtualized
Whitepaper Content
© Cloud Security Alliance, 2015
•Securing Virtualization Platforms and establishing Governance•Planning and Design phase •Major considerations include selection of virtualization software, storage system, network topology, bandwidth availability and business continuity. •Appropriate logical segregation of instances that have sensitive data. •Separate authentication should be established for application / server, guest operating system, hypervisor, and host operating system
Whitepaper Content
© Cloud Security Alliance, 2015
•Securing Virtualization Platforms and establishing Governance•Implementation phase •Virtualization platform should be hardened using vendor-provided guidelines and/or 3rd party tools. •Role-based access policies should be enforced to enable segregation of duties, thereby facilitating proof of governance. •Proper VM encryption is required to significantly reduce the risk associated with user access to physical servers and storage containing sensitive data.
Whitepaper Content
© Cloud Security Alliance, 2015
•Securing Virtualization Platforms and establishing Governance•Disposition phase • Tasks should be clearly defined in sanitizing media before disposition. • VM retirement process must meet legal and regulatory requirements in order to prevent data leakage and breaches..
Whitepaper Content
© Cloud Security Alliance, 2015
• Virtualization Risks and Controls•Risks and controls of using VM• VM Sprawl• Sensitive Data within a VM• Security of Offline and Dormant VMs• Security of Pre-Configured (Golden Image)
VM / Active VMs • Lack of Visibility Into and Controls Over
Virtual Networks • Resource Exhaustion
Whitepaper Content
© Cloud Security Alliance, 2015
• Virtualization Risks and Controls•Risks and controls on using hypervisor•Hypervisor Security •Unauthorized Access to Hypervisor
•Risks and controls due to changes in operation procedures•Account or Service Hijacking Through the Self-Service Portal •Workload of Different Trust Levels Located on the Same Server •Risk Due to Cloud Service Provider API
Whitepaper Content
© Cloud Security Alliance, 2015
• Virtualization Risks and Controls•VM Sprawl
Whitepaper Content
Risk Name VM Sprawl
Risk Description VM sprawl describes the uncontrolled proliferation of VMs. Because VM instances can be easily created and existing instances can be easily cloned and copied to physical servers, the number of dormant VM disk files is likely to increase. In addition, the unique ability to move VMs from one physical server to another creates audit and security monitoring complexity and loss of potential control. As a result, a number of VMs may be unmanaged, unpatched, and unsecured.
Relevant Security Aspect Risk to confidentiality, integrity, and availability
Relevant Governance Risk Area
Architectural and configuration risk
Vulnerabilities ● Proper policy and control processes to manage VM lifecycle do not exist.
● Placement / zoning policies or enforcement of where a dormant VM can instantiate or reside does not exist.
● A discovery tool for identification of unauthorized VMs does not exist.
Affected Assets VM
CCM v3.0.1 CCC-05
© Cloud Security Alliance, 2015
• Virtualization Risks and Controls•VM Sprawl
Whitepaper Content
Potential security impact
In a traditional IT environment, physical servers must be procured. This requirement enforces effective controls, because change requests must be created and approved before hardware and software can be acquired and connected to the data center.
In the case of virtualization, however, VMs can be allocated quickly, self-provisioned, or moved between physical servers, avoiding the conventional change management process. Without an effective control process in place, VMs and other virtual systems with unknown configurations can quickly proliferate, consuming resources, degrading overall system performance, and increasing liability and risk of exposure. Because these machines may not be readily detectable or visible, they may not be effectively monitored or tracked for the application of security patches or effectively investigated should a security incident occur.
© Cloud Security Alliance, 2015
• Virtualization Risks and Controls•VM Sprawl
Whitepaper Content
Security Controls for Mitigating Risks
To mitigate risk, consider implementing the following security controls:
● Put effective policies, guidelines, and processes in place to govern and control VM lifecycle management, including self-service and automated scripts / DevOps tools.
● Control the creation, storage, and use of VM images by a formal change management process and tools. Approve additions only when necessary.
● Keep a small number of known-good—and timely patched—images of a guest operating system separately and use them for fast recovery and restoration of systems to the desired baseline.
● Discover virtual systems, including dormant ones and the applications running on them, regularly. Discovering, classifying, and implementing appropriate security controls for each VM and its associated network connections is critical. This process includes quarantine or rollback capability in case a compromise occurs.
● Use virtualization products with management solutions to examine, patch, and apply security configuration changes to VMs.
© Cloud Security Alliance, 2015
• Asset risk evaluation based on :-• Identified vulnerabilities• Likelihood• Impact due confidentiality• Impact due to integrity• Impact due availability• Average risk level rating
• For any risk level above acceptance criteria • Mitigate risk items via recommended controls in
whitepaper
• Continuously monitor and mitigate risks
• Risk Assessment
Whitepaper Content
© Cloud Security Alliance, 2015
• Evaluation of Risk• Risk Assessment
Whitepaper Content
Type of Risk
Asset exposed to risk
Vulnerability Likelihood Impact Due to Confidentiality Compromise
Impact Due to Integrity Compromise
Impact Due to Availability Compromise
Evaluate Risk Level
Risk Treatment Control to be implemented
Evaluate Residual Risk Level
1. VM Sprawl
VM Lack of effective control process to manage VM lifecycle
LowMedium
High
LowMedium
High
LowMedium
High
LowMedium
High
Lack of placement / zoning policies or enforcement of where a dormant VM can instantiate or reside
LowMedium
High
LowMedium
High
LowMedium
High
LowMedium
High
Lack of discovery tool to identify unauthorized VMs
LowMedium
High
LowMedium
High
LowMedium
High
LowMedium
High
© Cloud Security Alliance, 2015
• Update Security Guidance for critical areas of focus in cloud computing v 3.0 Domain 13
• Plan to use it as a support document for ISO• May 2015, Kuching Malaysia• ISO Working Group 4• Either 6 month study period• Or launch new WG item with enough
support
What Next ?
Recommended