dr giles hogben - terena · how to procure a secure cloud ... virtual machines are very attractive....
TRANSCRIPT
![Page 1: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/1.jpg)
www.enisa.europa.euwww.enisa.europa.eu
How to procure a secure cloud service
Dr Giles HogbenEuropean Network and Information Security Agency
![Page 2: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/2.jpg)
www.enisa.europa.eu
Can cloud meet your security requirements
Choose the provider that meets security requirements
Set up the contract/SLA
Fulfilling your responsibilities for security
Managing the contract
Security in the cloud contracting lifecycle
![Page 3: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/3.jpg)
www.enisa.europa.eu
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Investment in Infrastructure
Demand for infrastructure
Resources
used/purchased
Traditional IT investment
Wasted investment
![Page 4: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/4.jpg)
www.enisa.europa.eu
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Investment in Infrastructure
Demand for infrastructure
Resources
used/purchased
Cloud IT investment
![Page 5: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/5.jpg)
www.enisa.europa.eu
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Investment in Infrastructure
Demand for infrastructure
Resources
used/purchased
Cloud IT investment
![Page 6: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/6.jpg)
www.enisa.europa.eu
=> Shared Resources
• Hardware, database, memory, etc... – like buying a hotel room or booking an aircraft.
![Page 7: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/7.jpg)
www.enisa.europa.eu
Implications for security
![Page 8: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/8.jpg)
www.enisa.europa.eu
=> Economies of scale and security • All kinds of security measures, are cheaper when implemented on a larger scale.– (e.g. filtering, patch management, hardening of virtual machine instances and hypervisors, etc)
• The same amount of investment in security buys better protection.
• Key Question: Is your current setup really better from a security standpoint?
![Page 9: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/9.jpg)
www.enisa.europa.eu
But….
![Page 10: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/10.jpg)
www.enisa.europa.eu
=> Very high value assets• Most risks are not new, but they are amplified by
resource concentration – the asset values arehigh.o Trustworthiness of insiders.o Hypervisors- hypervisor layer attacks on
virtual machines are very attractive.o More Data in transit (Without encryption?)o Management interfaces – big juicy targets
![Page 11: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/11.jpg)
www.enisa.europa.eu
=> Co‐tenancy and Isolation failureo Like a Hotel– you may be able to hear your neighbours if the walls are not well insulated
Storage (e.g. Side channel attacks) see http://bit.ly/12h5YhVirtual machinesEntropy pools (http://bit.ly/41sIiN)Resource use (e.g. Bandwidth)
![Page 12: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/12.jpg)
www.enisa.europa.eu
=> Lock in
• Few tools, procedures or standard formats for data and service portability.
• Difficult to migrate from one provider to another (or take your data back home).
• You went into cloud to store massive amounts of data cheaply – keeping a copy at home defeats the object?
![Page 13: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/13.jpg)
www.enisa.europa.eu
=> Loss of Governance• The client cedes control to the provider – Security measures (crocodiles vselectric fences)
– Limited information available about incidents
– Outsource or sub‐contract services to third‐parties (fourth parties?)
![Page 14: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/14.jpg)
www.enisa.europa.eu
Just encrypt your data in the cloud and you don’t have to worry about a thing?
Unfortunately not.... Practical processing operations on encrypted data are not possible
![Page 15: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/15.jpg)
www.enisa.europa.eu
Legal and contractual risks• Lack of compliance with EU Data Protection Directive
– Difficult for the customer (data controller) to check the security of data handling practices of the provider
• Subpoena and e‐discovery• Risk allocation and limitation of liability• Intellectual Property
![Page 16: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/16.jpg)
www.enisa.europa.eu
Can cloud meet your security requirements
Choosing the provider that meets security requirements
Setting up the contract/SLA
Fulfilling the customer’s
responsibilities for security
Managing the contract
Security in the cloud contracting lifecycle
![Page 17: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/17.jpg)
www.enisa.europa.eu
![Page 18: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/18.jpg)
www.enisa.europa.eu
ENISA Cloud Assurance Framework
A minimum baseline for:• Comparing cloud offers• Assessing the risk to go Cloud
• Includes legal and contractual considerations
(also to reduce audit burden on cloud providers)
http://is.gd/pTIyit
![Page 19: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/19.jpg)
www.enisa.europa.eu
CSA Controls Matrix
• http://is.gd/8cGwwn
![Page 20: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/20.jpg)
www.enisa.europa.eu
Can cloud meet your security requirements
Choosing the provider that meets security requirements
Setting up the contract/SLA
Fulfilling the customer’s
responsibilities for security
Managing the contract
Security in the cloud contracting lifecycle
![Page 21: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/21.jpg)
www.enisa.europa.eu
Contract hints
• Get a security expert to review the contract terms
• Check existing certifications (ISO, PCI, etc…)• If you have enough bargaining muscle, get some security clauses in the contract/SLA –otherwise choose the contract which is most secure
![Page 22: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/22.jpg)
www.enisa.europa.eu
Contract hints
• Availability– Well‐defined (reachability, response time, functional)
– Defined over shorter period (per week)• Scalability (e.g. max number of instances available per customer per day)
• Time‐to‐provision• Authentication levels (e.g. NIST levels)• CSA/ENISA controls
![Page 23: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/23.jpg)
www.enisa.europa.eu
Can cloud meet your security requirements
Choosing the provider that meets security requirements
Setting up the contract/SLA
Fulfilling the customer’s
responsibilities for security
Managing the contract
Security in the cloud contracting lifecycle
![Page 24: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/24.jpg)
www.enisa.europa.eu
Somebody else’s problem (SEP) syndrome
“Appirio Cloud Storage fully encrypts each piece ofdata as it passes from your computer to theAmazon S3 store. Once there, it is protected bythe same strong security mechanisms thatprotect thousands of customers using Amazon’sservices”
![Page 25: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/25.jpg)
www.enisa.europa.eu
Amazon AWS ToS
o “YOU ARE SOLELY RESPONSIBLE FOR APPLYINGAPPROPRIATE SECURITY MEASURES TO YOURDATA, INCLUDING ENCRYPTING SENSITIVEDATA.”
o “You are personally responsible for allApplications running on and traffic originatingfrom the instances you initiate within AmazonEC2. As such, you should protect yourauthentication keys and security credentials.Actions taken using your credentials shall bedeemed to be actions taken by you.”
![Page 26: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/26.jpg)
www.enisa.europa.eu
Customer side of the bargain
• IaaS– Encrypt
• At rest and in motion
– Look after your keys and credentials– Identity management– Guest security platform– Compliance with data protection law
![Page 27: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/27.jpg)
www.enisa.europa.eu
Customer side of the bargain IaaS
– Design for failure• Redundant implementation
– Geographical
• Performance and incident monitoring• Decouple
– Parallelise– Use distributed queues etc…– Use REST
![Page 28: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/28.jpg)
www.enisa.europa.eu
How smugmug survived the Amazon outage
• Redundancy: Multiple availability zones• Design for failure – any instance can fail• Design for the reliability of individual components – e.g. don’t use temporary storage methods for permanent storage
• Not completely cloud• http://don.blogs.smugmug.com/2011/04/24/how‐smugmug‐survived‐the‐amazonpocalypse/
![Page 29: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/29.jpg)
www.enisa.europa.eu
![Page 30: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/30.jpg)
www.enisa.europa.eu
Customer side of the bargain• PaaS
– Credential management– Encryption– System staging– Compliance with data protection law
• SaaS– Credential management– Encryption and key management for selected data– Compliance with data protection law
![Page 31: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/31.jpg)
www.enisa.europa.eu
Can cloud meet your security requirements
Choosing the provider that meets security requirements
Setting up the contract/SLA
Fulfilling the customer’s
responsibilities for security
Managing the contract
Security in the cloud contracting lifecycle
![Page 32: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/32.jpg)
www.enisa.europa.eu
Monitoring and Enforcement
• Penalties• SLRs – you need something to monitor• => SP should ideally report
– Availability– Incidents (reported within a defined time‐frame)– Recovery time– Security metrics (e.g. intrusions blocked)
![Page 33: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/33.jpg)
www.enisa.europa.eu
Monitoring and Enforcement
• Testing– Availability (using probes and samples for instance)
– Penetration tests– Failover and backup tests– Data portability– Load testing– Unit tests
![Page 34: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/34.jpg)
www.enisa.europa.eu
ENISA Deliverables and Ongoing Activities
34
• Cloud Computing: Benefits, Risks and Recommendations for Information security 2009 http://is.gd/cem9H
• Assurance framework http://is.gd/cnp9V02009
• Gov-Cloud security and resilience analysis http://is.gd/0m4Pfi (2010)
![Page 35: Dr Giles Hogben - TERENA · How to procure a secure cloud ... virtual machines are very attractive. o More Data in transit (Without encryption?) o Management interfaces – big juicy](https://reader034.vdocuments.mx/reader034/viewer/2022042412/5f2bbb2babb536615f594f39/html5/thumbnails/35.jpg)
www.enisa.europa.eu
Giles Hogben (giles.hogbenQenisa.europa.eu)
Secure applications and services, ENISAhttps://www.enisa.europa.eu/act/application‐security
Questions?
35