1. 클라우드 컴퓨팅 보안 이슈
극복을 위한 제언
한국전자통신연구원
은성경
2011.09.01
2. 클라우드 컴퓨팅 - 정의
■ 프로그램이나 데이터를 가상 데이터센터에 분산 처리하고, 이 데이터
를 PC나 휴대폰 등 다양한 단말기로 접속해 장소에 구애받지 않고 원
하는 전산 작업을 수행할 수 있는 환경 - TTA용어사전
■ 인터넷 기술을 활용하여 다수의 고객들에게 높은 수준의 확장성을 가
진 IT 자원들을 '서비스'로 제공하는 컴퓨팅 - Gartner
■ Internet-based ("cloud") development and use of computer
technology ("computing"). - Wikipedia
■ A model for enabling convenient, on-demand network access to a s
hared pool of configurable computing resources (e.g., networks, ser
vers, storage, applications, and services) that can be rapidly provisio
ned and released with minimal management effort or service provid
er interaction. - NIST
■ CLOUD: Common, Location-independent, Online Utility provisioned
on-Demand - AT&T vice president of solutions sales
2
3. 클라우드 컴퓨팅 - 특성 및 모델
■ Cloud Computing - NIST
• Essential Characteristics
» On-demand self-service
» Broad network access
» Resource pooling
» Rapid elasticity
» Measured Service
• Service Models
» Cloud Softare as a Service (SaaS)
» Cloud Platform as a Service (PaaS) SaaS (Software as a Service)
- Provide App SW (Enterpise/Personal SW)
» Cloud Infrastructure as a Service (IaaS) (Ex) Salesforce.com CRM
• Deployment Models PaaS (Platform as a Service)
» Private cloud - Provide SW development env. (Language etc)
(Ex) Google App Engine
» Community cloud
IaaS (Infrastructure as a Service)
» Public cloud - HW Resources (CPU, disk, etc)
» Hybrid cloud (Ex) Amazon Simple Storage Service
케이블
지상파
IPv6 WLAN
BCN Cellular
위성
Wired Network Broadcast Network Wireless Network
3
4. 클라우드 컴퓨팅 - 이유
■ Problem in IT
• 70c per 1$ used for maintenance
• 85% idle time
Resource
Waste Resource
Utilization
Utilization Waste
Time Time
4
6. 보안 이슈
■ IDC recently conducted a survey of 244 IT executives/CIOs and
their line-of-business (LOB) colleagues about their companies' use
of, and views about, IT Cloud Services.
6
23. 보안 표준 - ITU
■ FGCC (Focus Group on Cloud Computing, '10.5~)
• WG1 WA 1-3 Cloud Security
• Cloud Computing Security (Draft)
» Threats
» Security Requirements
– For Cloud Users, Cloud Service Providers
» Study Subjects
■ SG17 Security
• Work items for cloud computing security
» Security guideline for cloud computing in telecommunication area
(X.ccsec)
» Security requirements and framework of cloud based
telecommunication service environment (X.srfcts)
» Security functional requirements for Software as a Service (SaaS)
application environment (X.sfcse)
» Requirement of idM in cloud computing (X.idmcc)
23
24. 보안 표준 - ISO/IEC JTC1
■ SC38 Distributed Application Platforms and Services
• SG1. Study Group on Cloud Computing
» No security activities
■ SC27 IT Security Techniques
• Study Period on Cloud Computing Security and Privacy ('10.10 ~ '11.3)
• NP for WG1 project (ISO/IEC 27017-2)
24
출처: ISO/IEC JTC1 SC27
41. 클라우드 보안 = 통제권
■ Need to Know What
• Data Classification
■ Need to Know Where
• Location of Data
• Existence
• Sure Erase
■ Need to Know How
• Encryption
• Mointering
• Integrity Checking
• Migration
41
42. 클라우드 보안 - 필요 기술
■ Standard for All
• Security Model (Public, Private)
• Inter-cloud Security
■ Privacy for Individual
• Secure Erase
• Usage Pattern Hiding
• Privacy Enhancing Cryptography
• Security Protocol for Data Existence, Integrity & Less-encryption
■ Compliance for Enterprise
• Security Monitoring & Audit
• Firewall & DDoS Mitigation
• De-duplication aware Encryption
42
43. 클라우드 보안 - 방향
■ 클라우드 컴퓨팅 환경 보호
Cloud 2
Inter-cloud 보안, 호환성
응용보안/사용자인증/
결재
Overflow Load
물리보안
SLA보장
Certification
OS/Hypervisor 보안
네트워크 보안
Cloud 1
스토리지 보안
단말 보안
43
44. 클라우드 보안 - 방향
■ 클라우드 컴퓨팅 환경 보호
• OS/Hypervisor 보안 예
http://www.vmware.com/technical-resources/security/vmsafe.html
44
45. 클라우드 보안 - 방향
■ 기존 보안 제품의 클라우드화
• Anti-virus, Firewall, IDP/IPS, DDoS, Data Loss
Prevention, E-discovery, …
NexR's Terapot : Email Archiving & E-discovery using Cloud Computing
http://www.nexr.co.kr/products/terapot/
45
46. 클라우드 보안 - 방향
■ Security as a Service
• 클라우드 컴퓨팅을 이용하여 보다 나은 보안 서비스 제
공
안연구소 Smart Defense : 바이러스 검색을 개별PC가 아닌 보안센터에서 수행
(No signature file download)
http://home.ahnlab.com
46
47. 클라우드 보안 - 방향
■ 보안을 차별화 전략으로
• 보안 기능을 강점으로 클라우드 컴퓨팅 시장 진출
47