Cloud Security - A Visibility Challenge

  • Published on
    18-Oct-2014

  • View
    2.949

  • Download
    1

DESCRIPTION

Cloud security really boils down to a visibility challenge. I am showing why companies are moving to the cloud and what the security implications are. The security challenges boil down to a visibility, which in turn is a big data challenge. Loggly, a logging as a service provider, addresses this visibility challenge by providing a big data, cloud logging platform. The presentation outlines some visualization use-cases that can be built on top of the Loggly platform to support visibility into cloud operations.

Transcript

Cloud SecurityA Visibility ChallengeUNAM 2010, Mexico CityRaffael Marty - @zrlramWednesday, December 1, 2010 by Raffael MartyLogging as a ServiceRaffael Marty2 Founder @ Chief Security Strategist and Product Manager @ Splunk Manager Solutions @ ArcSight Intrusion Detection Research @ IBM Research IT Security Consultant @ PriceWaterhouse CoopersApplied Security VisualizationPublisher: Addison Wesley (August, 2008)ISBN: 0321510100Wednesday, December 1, 2010 by Raffael MartyLogging as a ServiceAgenda3Data CentersThe CloudA New Risk LandscapeVisibility and Big DataLogging as a Service Wednesday, December 1, 2010Data Centers4Wednesday, December 1, 2010Raffael Marty - @zrlram11.8 million servers in data centers5Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NISTWednesday, December 1, 2010Raffael Marty - @zrlramServers are used at only 15% of their capacity6Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NISTWednesday, December 1, 2010Raffael Marty - @zrlram800 billion dollars spent yearly on purchasing and maintaining enterprise software 7Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NIST80% of enterprise software expenditure is on installation and maintenance of software Wednesday, December 1, 2010Raffael Marty - @zrlramData centers consume up to 100 times more per square foot than a typical office building8Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NISTData centers consume 1.5% of the USAs electricityWednesday, December 1, 2010Raffael Marty - @zrlram 9Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NISTFrom 2001 to 2006: Number of servers doubled Average power consumption per server quadrupled Wednesday, December 1, 2010Raffael Marty - @zrlramGreen technologies can reduce energy costs by 50%10Effectively and Securely Using the Cloud Computing Paradigm AWS services - Peter Mell, Tim Grance, NISTWednesday, December 1, 2010The Cloud11Wednesday, December 1, 2010Raffael Marty - @zrlramThe Public Cloud12IaaS - InfrastructurePaaS - PlatformSaaS - SoftwareEnterprise Infrastructure ServicesLaaS - LoggingXaaS - DNS / RDBMS /...Wednesday, December 1, 2010Raffael Marty - @zrlramCloud Features Almost infinite resources - on demand Pay as you go Elasticity - dynamic load allocation Quality of service guarantees (SLAs) Outsource non-core capabilities / responsibilities Forces operations to streamline and automate Availability of infrastructure services (load balancing, database, logging, etc.) Enables higher availability- Provision in multiple data centers / multiple instances13Wednesday, December 1, 2010Raffael Marty - @zrlramWhy Companies Move to the Cloud14Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications. - InfoworldIf you move your data centre to a cloud provider, it will cost a tenth of the cost. Brian Gammage, Gartner FellowUsing cloud infrastructures saves 18% to 29% before considering that you no longer need to buy for peak capacity - George Reese, founder Valtira and enStratusWednesday, December 1, 2010Raffael Marty - @zrlramWhy Companies Move to the Cloud15 Ecological considerations drive economical decisions Increased Efficiency due to better use of resources More predictable cost IT staff can be freed up for other initiatives Design with redundancy and failure tolerance needed Automation is necessary, but is a good thing Easy integration of services for non-core capabilities (RDBMS, Load balancing, etc.)Wednesday, December 1, 2010Raffael Marty - @zrlramChanges in Security The Good- Cloud homogeneity makes security auditing/testing simpler- Clouds enable automated security management- Redundancy / Disaster Recovery- Distributed denial of service (DDoS) protection The Bad?- Loss of physical control - No more network-based Intrusion Detection- No data leak prevention (DLP)- Little network routing mechanisms16Wednesday, December 1, 2010Raffael Marty - @zrlramWhat Has Changed Data Storage and Access- Isolation management / data multi-tenancy- Data retention issues - Data dispersal and international privacy laws EU Data Protection Directive and U.S. Safe Harbor program Exposure of data to foreign governments and data subpoenas Processing Infrastructure- Application multi-tenancy- Reliance on hypervisors- Process isolation / Application sandboxes17Wednesday, December 1, 2010Your New Risk Landscape18Wednesday, December 1, 2010Raffael Marty - @zrlramRisk = (Threat, Vulnerability) Trusting vendors security model- Obtaining support for investigations- Inability to respond to audit findings19 Hypervisor escaping Stored credentials Web ubiquity Shared resources Using external services- Proprietary implementations cant be examined- Availability of services- Confidentiality of services Malicious insiders Data storageWednesday, December 1, 2010Visibility and Big Data20Wednesday, December 1, 2010Raffael Marty - @zrlramVisibility21Wednesday, December 1, 2010Raffael Marty - @zrlramVisibility22Monitoring-Performance-Availability-Ephemeral InfrastructureSecurity-New Threats-New Vulnerabilities-Different Risk DistributionIaaS - Similar to beforePaaS - Lack of InfrastructureSaaS - Blind?Wednesday, December 1, 2010Raffael Marty - @zrlramApplication Visibility If you cant control the infrastructure, control your applicationsApplication logging- need guidelines- better tools- education of developers / students?Challenges- how to centrally collect all the data- how to mine the data- how to use/understand the data23See: Raffael Marty, Cloud Application Logging for Forensics, SAC 2011, Taipei.Wednesday, December 1, 2010Raffael Marty - @zrlramBig Data24NoSQLDistributed data storesDistributed queuesMap reduceETL (Extract, Transform, Load)...Wednesday, December 1, 2010 by Raffael MartyLogging as a ServiceLaaS - Logging as a Service25 Log collection all data in one place Log storage and management index, storage, archive Extremely fast log search across all your data data source agnostic (no parsers) innovative Web shell API log access oAuth authentication always onBenefits No installation Easy configuration No maintenance Great scalability 7x24 availability Pay as you goWednesday, December 1, 2010 by Raffael MartyLogging as a ServiceLogging BusLogs published to busConsumers read from busMashupsSituational awarenessSecurity forensicsSecurity monitoring26mobile-166 My syslogBusCloudsData centersSmall businessesIndividualsMachines Mashups UsersWednesday, December 1, 2010 by Raffael MartyLogging as a ServiceSituational Awareness Treemap Protovis.JS Size: Amount Brightness: Variance Color: Sensor Shows: Scans - bright spots Thanks to Chris Horsley27Wednesday, December 1, 2010 by Raffael MartyLogging as a ServiceForensics28mobile-166 My syslogWednesday, December 1, 2010 by Raffael MartyLogging as a ServiceSecurity Visualization29www.secviz.orgWednesday, December 1, 201030about.me/raffyloggly.com/signupWednesday, December 1, 2010

Recommended

View more >