Security Considerations for Cloud Deployment - … · an overall Data Center transformation plan ... Servers Networking Storage Middleware Collaboration ... Gartner’s security risks

© 2010 IBM Corporation

Security Considerations for Cloud Deployment

IBM Power Systems

Jeff Uehling, IBM i Network & Security Development

[email protected]

IBM - Rochester, MN


IBM Power Systems

What is Cloud Computing?

Is Cloud Computing really a new concept?


IBM Power Systems

What is Cloud Computing?… An IT consumption and delivery model

Cloud enables:

– User self-service

– Outsourcing options

– Dynamic scalability

Multiple types of clouds will coexist:

– Private – Deployed Inside a customer’s firewall

– Public – Provided and managed by a 3rd party via subscription

– Hybrid – a mix of Public and Private models based on Workload

An effective cloud deployment is built on a dynamic Infrastructure and should be part of

an overall Data Center transformation plan

Cloud computing is a consumption and delivery model inspired by consumer Internet service and is optimized for IT / Business Services


IBM Power Systems


Clouds enable a broad spectrum of deployment options


IBM Power Systems

Cloud Differentiators… There are Many!

Weeks or Months Seconds to Minutes

Time to Deploy a Server

Negotiate & Commit Year-long Contract Select from Catalog & Pay As You Go

Commitment to use Service

$K-$M in Infrastructure → $$ per IT hour No or Low Upfront → ¢ per IT hour

Necessary Upfront Investment $


IBM Power Systems

IT Benefits from Cloud Computing are Real…

Increasing speed and flexibility

Reducing

costs

Results from IBM cloud computing engagements

Source: Based on IBM and client experience.

Test provisioning Weeks Minutes

Change management Months Days/hours

Release management Weeks Minutes

Service access Administered Self-service

Standardization Complex Reuse/share

Metering/billing Fixed cost Variable cost

Server/storage utilization 10–20% 70–90%

Payback period Years Months


IBM Power Systems

Agents End Users Support

Community

Crowdsourcing

Customer Care Payments Int. Risk Mgmt.

Retail Banking Trade & SC Finance Payments Mobile Banking Front Office Optimization

InfrastructureServices

PlatformServices

ApplicationServices

BusinessServices

PeopleServices

Data Mgmt. Virtualization Workload Mgmt SLA & Capacity Provisioning Security Monitoring

Dynamic Provisioning Process & Policy Mgmt. Problem & Change Mgmt.

Service Cloud Business & Operations Support

Fulfillment Assurance Billing

Mashup ServerEnd User Interaces Service/SoftwareCatalogs

Open Foundation (WS Framework, Service Bus)

B2B

Partn

ers

hip

s

Exp

erience

Managem

ent.

Industry Frameworks & Information Foundation

Distributed Cloud Computing Services

Cloud technologies can offer operational expense reductions and improved service at all layers


IBM Power Systems

Infrastructure Services

Platform Services

Application Services

Business Services

2000 2006

BCRS

ISSC/SO

Live

‘People’ Services

2009

Serv

ice C

loud L

ayers

MBPS(eHR, LBPS, etc.)

ISS

Live Mesh

Static, dedicated, outsourced Network-delivered, off-premises Shared, automated, dynamic

Cloud: because the majority of IT cost is in people, Cloud Computing is becoming popular at the higher layers


IBM Power Systems

What Cloud Services are available today?

Hundreds… Thousands… growing by the day!


IBM Power Systems

Platform-as-a-Service

Software-as-a-Service

Servers Networking Storage

Middleware

Collaboration

Business Processes

CRM/ERP/HR

Industry Applications

Data Center Fabric

Shared virtualized, dynamic provisioning

Database

Web 2.0 ApplicationRuntime

JavaRuntime

DevelopmentTooling

Computing on

Demand

Developer Cloud

Market Examples

IBM Examples

Cloud Delivery Examples

Infrastructure-as-a-Service


IBM Power Systems

Top private workloads

Database, application and

infrastructure workloads emerge as most appropriate for a

Private offering

� Data mining, text mining, or other analytics

� Data warehouses or data marts

� Business continuity and disaster recovery

� Test environment infrastructure

� Long-term data archiving/preservation

� Transactional databases

� Industry-specific applications

� ERP applications

Top public workloads

Infrastructure and

collaboration workloads emerge as most appropriate

for a Public offering

� Audio/video/Web conferencing

� Service help desk

� Infrastructure for training and demonstration

� WAN capacity and VoIP infrastructure

� Desktop

� Test environment infrastructure

� Storage

� Data center network capacity

� Server


IBM Power Systems

Cloud Usage Models

1. End User to Cloud - Application running on the cloud with access for end-users

2. Enterprise to Cloud to End-user (Interoperability) -Applications running in the public cloud – access from employees and customers

3. Enterprise to Cloud (Integration) - Cloud application integrated with internal IT capabilities

4. Enterprise to Cloud to Enterprise (Interoperability) - Cloud application running in the public cloud and interoperates with partner applications (supply chain)

5. Enterprise to Cloud (Portability) - Cloud application running in the cloud – flexibility to move to a different cloud provider in the future or in-house

6. Private (intra) Clouds - Interoperability / integration within elements of a private cloud and between a private cloud and a traditional environment


IBM Power Systems

Model 1: End User to Cloud

� What is it ?

– Application running in the cloud with access for end-users

� Scenarios :

– Get new Web app provisioned worldwide quickly (e.g., the next facebook, linkedin, gmail, etc …)

– Don’t need IT infrastructure, flexible acquisition

Public Cloud

ApplicationApplication


IBM Power Systems

Model 2: Enterprise to Cloud to End-user

� What is it:– Deploy cloud based application specifically

for the cloud – access for employees and for customers

� Scenarios:– Online sales through catalog, needs to link

back into enterprise systems for fulfillment • web app and shopping cart in cloud,

fulfillment inside existing enterprise systems

– Two sub-models• End User is employee in the Enterprise

(e.g., Travel Expense Account application)

• End User is Web customer outside the Enterprise (e.g., online sales)

Enterprise IT (Traditional,

Private Cloud or Hybrid)

External

Internal

Public Cloud

ApplicationApplication


IBM Power Systems

Model 3: Enterprise to Cloud (Integration)

� What is it?

– Cloud application – integrated with internal IT capabilities

� Scenarios :

– Typical approach of integrate with existing on premises and off-premises capabilities or other cloud application (customer list, access control, data)

External

InternalIntegrate with

existing on

premise

capabilities

Public Cloud B

Application /

Data

Application /

Data




IBM Power Systems

Model 4: Enterprise to Cloud to Enterprise

� What is it?– Cloud application running in the

public cloud – interoperate with partner applications (supply chain)

� Scenarios :– Brokers, common function providers

(e.g., supply chain, broadcast recall to multiple customers, broadcast RFP to suppliers, “classic” B2B)

Large manufacturer B

External

Internal

Public Cloud

Application Application

Large manufacturer A


IBM Power Systems

Model 5: Enterprise to Cloud (Portability)

� What is it?

– Cloud application and/or data running in the cloud – flexibility to move to a different cloud provider in the future or in-house

� Scenarios:

– Flexibility and choice to change application

platform suppliers

– “Write once, run anywhere” External

Internal

Public Cloud B

Application /

Data

Application /

Data

Public Cloud A

Application /

Data

Application /

Data

Application /

Data

Application /

Data

Move to

another cloud

Move in-

house




IBM Power Systems

Model 6: Private (intranet) Cloud

� What is it?

– A “private” cloud-based service, offers many of the benefits of a public cloud computing environment. The difference is that data and processes are managed within the organization.

� Scenarios:

– The enterprise would leverage a private cloud to provide Self-service capabilities, real-time infrastructure.

– Interoperability / integration within elements of a private cloud and between a private cloud and a traditional environment

External

Internal

Private Cloud

On-Premise or Off Premise

Storage (SAN/NAS)

OS Images (Virtual / Physical)

Database Schema /Instances


IBM Power Systems

If this is so logical…

Why isn’t everyone doing it?


IBM Power Systems

We Have Control

It’s located at X.

It’s stored in server’s Y, Z.

We have backups in place.

Our admins control access.

Our uptime is sufficient.

The auditors are happy.

Our security team is engaged.

Who Has Control?

Where is it located?

Where is it stored?

Who backs it up?

Who has access?

How resilient is it?

How do auditors observe?

How does our security team engage?

Today’s Data Center Tomorrow’s Public Cloud

So what type of business and security challenges does cloud computing introduce?


IBM Power Systems

Security is a top concern with cloud computing…

69%

54%

53%

52%

47%

Security/privacy of company data

Service quality

Doubts about true cost savings

Performance / Insufficient responsiveness over network

Difficulty integrating with in-house IT

Source: IBM Market Insights, Cloud Computing Research

What, if anything, do you perceive as actual or potential barriers to acquiring public cloud services?

The Tale of two studies shows that Security is the number one inhibitor to customers adopting cloud technologies.

Source: Oliver Wyman Interviews


IBM Power Systems

Gartner’s security risks of cloud computing

Data Segregation

Data Recovery

Investigative Support

Regulatory Compliance

Data Location

Privileged User Access

Disaster Recovery

Gartner: Assessing the Security Risks of Cloud Computing, June 2008


IBM Power Systems

Risks introduced by cloud computing

LessControl

DataSecurity

Security Management

Compliance Reliability

Over where the information is

located and stored, who has

access and backups, how is it

monitored & managed

including resiliency Control needed to manage

firewall and security

settings for applications

and runtime environments

in the cloud

Concerns with high

availability and loss of

service should outages

occur

Challenges with an

increase in potential

unauthorized exposure

when migrating workloads

to a shared network and

compute infrastructure

Restrictions imposed

by industry regulations

over the use of clouds

for some application


IBM Power Systems

Top 10 factors for a secure Cloud Infrastructure

� Data Protection

� Access and Identity

� Application Provisioning & Deprovisioning

� Application & Environment Testing

� Service Level Agreement

� Vulnerability Management

� Business Resiliency

� Audit & Governance

� Cross Border Protection

� Intellectual Property & Export Laws


IBM Power Systems

What are the Risks

� Policy and Organizational Risk - Things that may directly degrade the ability of the consumer organization to conduct business in efficient manner

� Legal Risk - Things that may put the consumer organization in breach of the law or that may prevent compliance with specific legal mandates

� Technical Risk - Things that may disrupt normal operations of the consumer organization or cause loss of value over intangible assets (data, reputation, etc.)

� Transitional Risk - Things that may temporarily put the consumer organization’s “traditional” infrastructure and operations under increased risk


IBM Power Systems

Policy and Organizational Risk

5 INTRINSIC RISKs

1. Resource sharing and pooling - Data (intangible assets) can not be tied to physical assets (tangible HW resources), assets must be referenced by their content not their supporting media or storage location

2. Network accesses - Porous perimeter, authorization & authentication become more important issues

3. Service elasticity and scalability - Grow-on-demand and pay-as-you-go can backfire. Seemingly infinite capacity may not be so under attack.

4. On-demand self-service - Hijacking of the consumer’s control plane (user interface.

5. Measured service - Economic denial of service, depletion of service quota


IBM Power Systems

Legal Risks

� E-discovery and Subpoena - Where is the evidence that I need to hand out? Intangible assets cannot be mapped to physical assets or geographical locations. Service provider may not be cooperative. Resources are pooled and shared so they can’t be “taken” without affecting co-tenants and/or service provider operations.

� Change of jurisdiction - Which privacy (Data protection ) and security laws are applicable when intangible assets and processes are outsourced to service providers with distributed data centers across several continents? Do national laws local to the service provider’s data center supersede those local to consumer’s organization?

� Data protection - It can be difficult for the cloud customer (in its role of datacontroller) to effectively check the data processing that the cloud provider carries out, and thus be sure that the data is handled in a lawful way. Conflicting data encryption standard requirements, lack of notification of data breaches by the service provider, storage of data collected unlawfully by co-tenants .


IBM Power Systems

Technical Risks

� Isolation failure - Break out of the VM, storage compartment, virtual network, VPN, etc.

� Compromise of the management interface - Hijack of the consumer organization’s cloud computing infrastructure, loss of control plane (user interface).

� Data leakage – Data Leakage to co-tenants (Intra-cloud ) or from the cloud

� Insecure data lifecycle management - Insecure or ineffective deletion of data, loss of consistency, data duplication

� Economic denial of service - Depletion of quota vs. runaway service costs vs loss of efficiency

� Coarse access control - Insufficient granularity to implement authentication, authorization or auditing controls

� Conflicting Provider- Consumer security standards - Provider can’t meet the consumer organization’s security requirements


IBM Power Systems

Transitional Risks

� Disruption of endpoint security - Cloud applications that require installation of client-side components or use of specific desktop applications may weaken the consumer’s security posture

� Credential Leakage - Improper lifecycle management of credentials needed to access cloud applications. Shared access for “testing purposes”, open access to cloud user interface

� Punctured perimeter - Punching “temporary holes” in network filtering rules. Network IDS with lost visibility, tunneling.

� Transitive trust - Internal/ legacy applications suddenly made to transitively trust the cloud. Reuse of credentials, hard-coded passwords, certificates, etc.


IBM Power Systems

Security complexities raised by virtualization

New complexities:

�Dynamic relocation of VMs

�Increased infrastructure layers to manage and protect

�Multiple operating systems and applications per server

�Elimination of physical boundaries between systems

�Manually tracking software and configurations of VMs

Risk depends on cloud type

�Public cloud riskiest (mixed tenants)�Private cloud least risky (BAU)

– but places higher demands on the company

�Hybrid (private + public) provides a balanced solution

– sensitive data stays private– public cloud used for non-sensitive

data. Can be always or just for demand spikes

•1:1 ratio of OSs and applications per server

•1:Many ratio of OSs and applications per server

•Additional layer to manage and secure


IBM Power Systems

Low-risk Mid-risk High-risk

Mission-critical workloads, personal

information

Business Risk

Need for Security Assurance

Low

High

Training, testing with non-sensitive

data

Today’s clouds are primarily here:

● Lower risk workloads

● One-size-fits-all approach to data protection

● No significant assurance

● Price is key

Tomorrow’s high value / high risk workloads need:

• Quality of protection adapted to risk

● Direct visibility and control

● Significant level of assuranceAnalysis &

simulation with public data

Different cloud workloads have different risk profilesOne-size does not fit-all


IBM Power Systems

IBM Cloud Offerings


IBM Power Systems

IBM’s Cloud Portfolio

Consulting Services in support of Cloud Computing

Smart Business Offerings:comprehensive cloud solutions for infrastructure workloads

Workloads available on multiple delivery models... with embedded service management

Infrastructure services & technologies enabling cloud computingServices● Security● Resiliency optimization (BCRS)● Data Center● Tivoli Live Monitoring

Technologies● Tivoli Service Automation Manager● WebSphere Hypervisor Edition

● Infrastructure Strategy & Planning● Strategy & Change Services for Cloud Adoption● Strategy & Change Services for Cloud Providers

● Testing Services for Cloud ● Networking Strategy & Optimization

Development and Test

Desktop Infrastructure Storage Analytics Collaboration

Maintenance


IBM Power Systems

IBM Cloud Services Portfolio

Smart business on the IBM cloud

IBM Smart Business Services

IBM Smart Business Systems

Standardized services on the IBM cloud

Preintegrated, workload-optimized systems

Private cloud services, behind your firewall, built and/or managed by IBM

IBM Lotus LiveIBM Lotus®

iNotes®

IBM CloudBurst™ family

IBM Smart Business Test Cloud

IBM Smart Business Desktop Cloud

IBM Smart Business Storage Cloud

Analytics Collaboration Development and test

Desktop and devices

Infrastructurestorage

IBM Smart Analytics System

Smart Business for Small or Midsize Business (backed by the IBM Cloud)

Infrastructurecompute

IBM Computing on Demand

IBM Information Protection Services

Business services

BPM BlueWorks (design tools)

IBM Smart Business Desktop Cloud

IBM Smart Analytics Cloud

Smart business expense reporting on the IBM cloud

IBM Information Archive

Smart Business Development and Test on the IBM Cloud (beta)

Global Technology Services

Smart Business End User Support


IBM Power Systems

Cloud Solutions for Power Systems

� Cloud services definition and provisioning

� Software full lifecycle management

� Policy creation and enforcement

Tivoli Service Automation Manager (TSAM)

Tivoli Provisioning Manager (TPM)

IBM Systems Director and VMControl

� Power System Pools simplicity

� Policy-based workload resilience

� Best-practices image management

� Automated SAN provisioning

� Best-of-breed Power Systems Virtualization

� Sharing and dynamic allocation of resources across environments

� Multi-OS support: AIX, i, Linux

Tivoli Storage Productivity Center (TPC)

� Simplified SAN management

� Integration with VMControl for automated disk provisioning

SAN Volume Controller (SVC)

� IBM DS5000, DS8000, XIV; EMC; HDS

� Heterogeneous storage management

� Decoupling of physical and virtual storage

� Pooling for increased virtualization


IBM Power Systems

IBM i as a Cloud Server


IBM Power Systems

Current IBM i strengths

Strengths - stands out in multi-tenant

Good Isolation� Object-based architecture� IBM i enforced Security and encryption� Database schema and IASP isolation� System Director � WebSphere – separate enterprise applications – role-based security� Memory Pools� Subsystems� Processor Pools� Group Profiles� Active Memory Sharing� …

In short, a multi-user, multi-app OS from day 1


IBM Power Systems

IBM i Hosting Environment

V

Application-level multi-tenancy

Tenant Tenant

Data center floor

Infrastructure

Operating System

AP

Application

Single app.

servicing

multi

tenants

Data Platform

One application

Stack per tenant

IV

Platform-level multi-tenancy

Tenant

App App

Tenant

Data center floor

Infrastructure

Operating System

AP

Data Platform

Data center floor

III

Operating System-level multi-tenancy

Tenant

App

AP

App

AP

Tenant

Infrastructure

Operating System

Data Platform

One AP

Stack for each

tenant

II

Shared Hardware multi-tenancy

Tenant

App

AP

App

AP

Tenant

Data center floor

OS OS

Infrastructure

DP DP

One OS

stack for

each tenant

Shared

Dedicated

Legend:I

Physical-level or isolated multi-

tenancy

Tenant

App

AP

Infrastr.

App

AP

Infrastr.

Tenant

Data center floor

OS OS

DP DP

One server

stack for

each tenant

• PowerVM

• PowerHA

• Systems Director

• Apache web servers

• WebSphere Application Servers

• IBM i subsystems

• Subsystems, Memory Pools

• Threads, Users/Groups

• Validation lists

• DB2 for i

• Independent Storage Pools

• Schema isolation

Enabling Technology

IBM i performs very well hereIBM i performs well here


IBM Power Systems

IBM i Vision toward Cloud Enablement

Past

Present

Potential Future

enhancements

� Physical systems

� Internal storage

� Static resource partitions

� Manual setup

� Physical media install

� Licensing per core

� Backups

� Virtual resources

� External storage w/ VIOS and SAN

� Dynamic resources for partitions

� Network install and backups

� Scripted partition creation

� Licensing per core

� HA

� Partition mobility

� Partition hibernation

� Image (partition) provisioning/cloning

� Virtualized everything

� Workflow automation

� More granular licensing

� Flash copy checkpoints and snapshots

� HA


IBM Power Systems

IBM CloudBurst


IBM Power Systems

What is IBM CloudBurst?

– A complete, pre-packaged cloud environment. Includes both hardware and software

– CloudBurst on Power is slated for 4Q 2010 delivery (v2.1)

Market splash:

– The IBM CloudBurst solution on Power is planned to provide everything you need for a private cloud environment including Tivoli service management software, storage, network and the most efficient platform for cloud computing with Power Systems, enabling customers to rapidly realize the benefits of cloud computing


IBM Power Systems

IBM Cloudburst – an Integrated Cloud solution

Tivoli Service Automation

Manager (TSAM)

IBM Cloudburst

�Orchestration of Cloud operations

�Integration point for service mgmt capabilities

�Service catalog and templates

�Automated provisioning of virtual systems

�Monitor both physical and virtual server environments

Monitoring

�Make management system DB highly available

High Availability

�Provide metering and accounting for cloud services

�Enable integration to billing systems if needed

Usage and Accounting

�Enhanced management of the virtual environment

Virtualized HW Management

�Energy management of the hardware infrastructure

Energy Management

“Built for Purpose” Cloud Solution

�Preinstalled and configured on IBM hardware

Server, Storage, Network HW


IBM Power Systems

2010

2009

Optimized for Development & Test Workloads

IBM CloudBurst 1.1

IBM CloudBurst 1.2

Key Enhancements� Expand HW Platform to

Power Systems,iDataplex, and System Z

� Cloud Analytics and Dashboard capabilities

� Cloud capacity Planning� Enhanced security &

resiliency options� Compliance reporting

options� Integration with public

cloud offerings

IBM CloudBurst Roadmap

Capabilities� System X BladeCenter HW;

scalable and modular� GTS CloudBurst QuickStart

Services� Request, Deploy and Manage

VMWare virtual environments� Energy Utilization metrics� Backup and Recovery

IBM CloudBurst

Future

Optimized for ProductionWorkloads

IBM WebSphere CloudBurst Appliance

New Enhancements� Energy metrics integrated with IT

service management system� Accounting, usage and metering � High availability configuration� Enhanced security options� Integrated with WebSphere

CloudBurst

Delivered!

New!


IBM Power Systems

Thank you!

For more information, please visit:ibm.com/cloud

Or, contact me: Jeff [email protected]

Documents

Security Considerations for Cloud Deployment - … · an overall Data Center transformation plan ... Servers Networking Storage Middleware Collaboration ... Gartner’s security risks