Embed Size (px)
DESCRIPTION
Will in-house clouds storm past your network defences?
Citation preview
1
Will in-house clouds storm past your network defenses?
� Andrew YeomansJericho Forum Board
2
A brief introduction to the Jericho Forum
� The Jericho Forum aims to drive and influence development of security standards that will meet future business needs
� These standards will:
– Facilitate the secure interoperation, collaboration and commerceover open networks
– Be based on Collaboration Oriented Architectures (COA) and design approach entitled “de-perimeterization”.
� Globally, around fifty blue-chip user organisations, from all sectors, are working together to solve the problems posed by de-perimeterization
� The Open Group hosts the Jericho Forum
� Everything published is free and open-source.
3
Cabinet Office
Foreign & Commonwealth
Office
Some of our members
4
From Connectivity to Collaboration
Full de-perimeterized workingFull de-perimeterized working
Full Internet-based Collaboration
Full Internet-based Collaboration
Consumerisation [Cheap IP based devices]
Consumerisation [Cheap IP based devices]
Limited Internet-based Collaboration
Limited Internet-based Collaboration
External WorkingVPN based
External WorkingVPN based
External collaboration [Private connections]
External collaboration [Private connections]
Internet ConnectivityWeb, e-Mail, Telnet, FTP
Internet ConnectivityWeb, e-Mail, Telnet, FTP
Connectivity forInternet e-Mail
Connectivity forInternet e-Mail
Connected LANsinteroperating protocols
Connected LANsinteroperating protocols
Local Area NetworksIslands by technology
Local Area NetworksIslands by technology
Stand-alone Computing [Mainframe, Mini, PC’s]
Stand-alone Computing [Mainframe, Mini, PC’s] Time
Connectivity
Business Value
Risk
Today
Effective Perimeter Breakdown
http://opengroup.org/jericho/Business_Case_for_DP_v1.0.pdf
5
Core business targets
Customer
ProductBackup
Infra-structure
Security
R & D
Web host
Desktop
6
Clouds – inside your data centre?
7.1>1000 Servers / Admin
140 Servers / Admin
Administra-tion
5.7$0.40 per GByte / month
$2.20 per GByte / month
Storage
7.1$13 per Mbit/ sec/ month
$95 per Mbit/ sec/ month
Network
RatioCost in Very Large DC
Cost in Medium-sized DC
Technology
Source: HAMILTON, J. Internet-Scale Service Efficiency. In Large-Scale Distributed Systems and Middleware (LADIS) Workshop (September 2008)
7
Cloud Shape Architecture Model
Perimeterised
De-
perimeterised
Proprietary Open
Internal
External
Whereis your data
?
Are theinterfaces public
?
Is data collaboratively
shared?
Adrian Secombe
8
Security Questions
PerimeterisedPerimeterisedPerimeterisedPerimeterised DeDeDeDe----perimeterisedperimeterisedperimeterisedperimeterised
InternalInternalInternalInternal
ExternalExternalExternalExternal
Distinction
Fades as
Collaboration
Increases
Can the Outsourcer integrate into my infrastructure?
Will I be able to deliver?Do I have the skills?Do I have the resources?Can do I recover costs?
Distinction Fades as
Virtualisation
IncreasesWho has access to my data?
What about export and Privacy laws?
How is the EXT/INT interface managed?
Where is my data?
What due diligence did my employees do prior to using the service?
What leaks are there from the cloud service back into my infrastructure?
How is my data protected in transit?
Who is responsible if something goes wrong?
What about business continuity?
How does my data securely enter and exit the cloud?
9
Interoperability Questions
ProprietaryProprietaryProprietaryProprietary OpenOpenOpenOpen
InternalInternalInternalInternal
ExternalExternalExternalExternal
Distinction
Hinders
Collaboration
What standards should be developed?
Who should control them?
When I run out of resources can I engage an external cloud service provider?
Distinction Fades as
Virtualisation
Increases
Will this allow me to leverage multiple cloud service providers to jointly perform a task?
Will it further enable collaboration among multiple partners?
What if I need to switch vendors?
What if my collaboration partner uses a different vendor?
Do I have to implement proprietary interfaces to do business with the provider?
Is this where I want to be?Do I still need internal cloud services?
10
Thunder clouds – the problems
� Inertia – why change?
� Availability – outages?
� Lock-in – how to get my data out again?
� Confidentiality – who else can see it?
� Auditability – and can you prove that?
� Jurisdiction – who can get to the data?
11
Internal clouds
� Where to deploy?
–Development / Test
–Disaster Recovery
–Production compute grid
–Cyclical processing – e.g. end-of-day
–Scalable web hosting
12
Cloud future – design your network
Add instance
Remove instance
Migrate
Performance
Properties
Confidentiality in cloudsR
isk
Co
ntr
ol A
ccep
tan
ce C
urv
e
Ris
k C
on
tro
l L
evel
s
85%
14%
<1%
Ratios closer to data volumes
14
Current network designs
15
Internal cloud?
16
…full of virtual servers
17
Network security?
� Where is the Firewall?
� Where is the Intrusion Detection System?
� Where is the Intrusion Protection System?
� Where are network routing controls?
� … and VLANs, DLP, WAF, sniffers…
How much value do they really add?
18
Effectiveness of security controls
Time
Relative e
ffectiveness
Data controls
Network controls
End-point and application controls
Acknowledgements to Steve Whitlock and Dan Hitchcock
2010?
19
Data separation
� Interconnected mini-clouds? (Physical)
� VLAN separation (network)
� Hypervisor? (Ring0 software)
� Data-centric? (data)
Data protection choice is easy!
• In IT systems we have two main protection methods:– Encryption (or not)
– Access controlled (or not)
EncryptedUncontrolled
EncryptedControlled access
UnencryptedControlled access
UnencryptedUncontrolled
Three Laws of Data Encryption
� Based on Rich Mogull:
� 1. External loss - Encryption for media protection – if the data moves, physically or virtually. Simple key management.
� 2. Internal access - Encryption to restrict privileged access. Complex key management if really works.
� 3. Mandated encryption (e.g. PCI)
Two other forms of protection
� Protect by monitoring– Can't always have technical controls
– Monitor for policy violations
– Advertise to reduce temptations
– Results from “DLP” can steer Data Classification and create dialogue with business
� Protect by destroying!– The best form of confidentiality
– Data Retention policies
– Need to track all assets, including data
23
But it must be manageable
� Missing – an open format for data protection
� Key management standards
� Missing - Open authentication
� Data zones
24
A look to the future - OpenEIPC
� Missing – an open format for data protection (c.f. DRM)
� Strawman – ZIP + XACML
� Also works for ODF and OOXML/OPC
� Scope and level appropriate to asset at risk
Mimetype
Pictures/1001.png
Pictures/1002.png
content.xml
hCTqkH557Q6yeIhuz+kbOfADzas2omqWD3USq4HOjh
/syMeHVH
styles.xml
meta.xml
eipc.xml
25
ACLs versus Protected Data
� Fine-grained cryptographic protection difficult
� So use traditional ACLs for fine-grained control
� Use crypto protection for provable broad protection
� Will really take off when embedded in operating system or hypervisor
26
Security by Design, not Afterthought
Risks
� Get it wrong and expose the business
� Keep adding more layers of security
� Cost and/or inability to manage
� Saddled with yesterday’s technology
� Inflexible to respond to market demands
Benefits
� Increased levels of security
� Simpler, less complex security
� Cheaper to run, easier to manage
� Tomorrows technology with ability to gain business advantage
� Flexible and adaptable solutions
27
Jericho Forum Self Assessment Scheme
28
Jericho Forum Activity
� Like many others, we see huge potential and benefits for moving into "the cloud"
� But we advise not leaping in their before understanding the:
– Risks
– Security issues
– Interoperability issues
– Business rationale
� The Jericho Forum is taking a lead on:
– Analyzing the issues
– Raising awareness
– Establishing clear requirements
� Goal: Make the cloud a safe place to collaborate
29
30
Thank You!
� Andrew YeomansJericho Forum Board
� http://jerichoforum.org
