Rationalization and Defense in Depth - Two Steps Closer to the Cloud


Published on

Security represents one of the biggest concerns about cloud computing. In this session we’ll get past the FUD with a real-world look at some key issues. We’ll discuss the infrastructure necessary to support rationalization and security services, explore architecture for defense –in-depth, and deal frankly with the good, the bad, and the ugly in Cloud security. (As presented by Dave Chappelle at OTN Architect Day in Chicago, October 24, 2011.)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Rationalization and Defense in Depth - Two Steps Closer to the Cloud

  1. 1. <Insert Picture Here>OTN Architect Day Security Breakout SessionDave Chappelle24 October 2011
  2. 2. Rationalization and Defense in Depth - Two Steps Closer to the CloudsOTN Architect Day 2011
  3. 3. Perimeter Security DB All network traffic All network traffic blocked blocked except for except from the proxy. specific ports. Web Server Application Message Mainframe (app Proxy) Server Queue Application Client Firewall Firewall DB DB DMZ Unprotected Zone Perimeter Protected Zone(s) • Can establish multiple perimeters • Alone, often involves a lot of implied trust • Each perimeter can be more restrictive • Modern environments don’t have such a clearly • Perimeters can be at varying degrees of granularity defined perimeterOTN Architect Day 2011
  4. 4. Defense in Depth • Military defensive strategy to secure a position using multiple defense "Krak des Chavaliers“, Syria mechanisms. • Less emphasis is placed on a single perimeter wall • Several barriers and different types of fortifications • Objective is to win the battle by attrition. The attacker may overcome some barriers but can’t sustain the attack for such a long period of time.OTN Architect Day 2011
  5. 5. Several Layers of Defense Data Each layer introduces Each layer can contain Application additional security multiple levels of measures Host control Internal Network Perimeter Physical Policies, Procedures, & AwarenessOTN Architect Day 2011
  6. 6. Defense in Depth: Greater Control Many enforcement points Data Application / Service Host Internal Network Perimeter Physical Policies & Procedures Consistent set of policies & proceduresOTN Architect Day 2011
  7. 7. Security Silos Support • Application silos with their own standalone security architecture • Integration is hard enough without security ! ! • End users have many logins & passwords End User Security Administrator • Administration is time- consuming and error-prone • Auditing is inaccurate ? and/or impossible Finance Sales Security AuditorOTN Architect Day 2011
  8. 8. Security Framework Support • Security is part of the foundation, not an inconvenient afterthought • Users have one identity and a set of roles & attributes that govern access End User Security Security Administrator • Administration operator-centric, not Framework system-centric • Auditing is possible and realistic Finance Sales Security AuditorOTN Architect Day 2011
  9. 9. Security Framework High Level Architecture Information Processing: Information Management: • Provides a secure run-time environment • Provides confidentiality, integrity, and • Offer security services to business logic availability for information management • Allow solution-level security admin • Allow db-level security administration Security Framework: Development & Administration Business • Provides shared security services Information Design & Logic • Manage security data for the enterprise • Allow enterprise-level security admin Information Security Interfaces Management Processing Security Interfaces: Security Services • Provide consistent access to security Shared Security Services services • Embrace open, common industry Enterprise Security Information standards Security Management & Administration Enterprise Security FrameworkOTN Architect Day 2011
  10. 10. Container-Based Computing Platform • Container enforces security on behalf of the protected resources Inbound Requests • Access to security services via Web BusinessClient Pages Logic standard APIs & libraries Protected Resources • Plug-in framework allows one to Container configure multiple providers for each Standard Security APIs & Libraries security service Platform Security Plug-in Framework • Providers may be selected and Security Providers configured based on the needs of the solution Security Services Authentication Authorization Credential Mapping • Providers can be included with the Role Mapping Auditing Encryption … platform or custom written for a specific purposeOTN Architect Day 2011
  11. 11. Database Platform Security • Transactional • Historical Administration • Unstructured Information Design & Administrative • Audit • Access Control • Security Information • SoD Rules & Controls • Realms Management • Auditing Security Services Access Control Encryption & Masking Auditing & Availability • Multi-Factor AuthN • Network • Central collection & control • Label Security • Persistence • Local online archive • Table Policies • Backup Firewall • Connection Id • Dev & Test Masking • SQL inspection & rejectionOTN Architect Day 2011
  12. 12. Security Framework Security Framework Authentication Federation Self Service Key Mgmt Services: Authorization WSS Policy SSO Audit Attribute Security Users & Federated Groups Access WSS Audit Certs Information: Identity Identities & Roles Policies Policies Logs & Keys Administration & Management: Role Management Key Management Access Policy Identity Management Directory Management Governance Management • UIs & APIs • Synchronization • Attestation • Approval Workflows • Virtualization • Risk Analysis Authentication • Provisioning Workflows • Change Detection & Alerts • Reporting Policy • System Integration • Reconciliation • Auditing ManagementOTN Architect Day 2011
  13. 13. SOA Scenario Policy Manager App Server App Server Service WSS WSS Service Consumer Agent Agent Provider Platform Security Id CM Mediation AAA Id Platform Security WSS Agent Legacy DB Platform Service Firewalls Security Provider DMZ Security External WSS AuthN AuthZ Audit Token Consumer Gateway Service Service Service ServiceOTN Architect Day 2011
  14. 14. Jumping to Cloud Before You Leap…OTN Architect Day 2011
  15. 15. (Some of) The Good… • Cloud providers have a deep vested interest in security • Must prove themselves to the market • Often much greater investment and attention to detail than traditional IT • Cloud homogeneity makes security auditing/testing simpler • Shifting public data to an external cloud reduces the exposure of the internal sensitive data • Data held by an unbiased partyhttp://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.pptOTN Architect Day 2011
  16. 16. …The Bad… • Multi-tenancy; need for isolation management • High value target for hackers • Fragmentation; creation of more silos • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issueshttp://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.pptOTN Architect Day 2011
  17. 17. …& The Ugly • Trusting another vendor’s security model • Proprietary implementations • Audit & compliance • Availability: Relying on a vendor to stay in businesshttp://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.pptOTN Architect Day 2011
  18. 18. SaaS Patterns Authorization Authorization Access Policy Access Policy Management Management Provider B Identity Provider Management A Provider SAML C User id & attributes User Id SPML SAML Authentication Authorization Authentication Authorization STS Identity Provider D Management Identity Access Policy Management Management SAML, WS-Trust, Access Policy WS-Federation ManagementOTN Architect Day 2011
  19. 19. Recommendations 1. Assess your risks 2. Classify your information 3. Define policies and procedures 4. Maintain most sensitive data in house 5. Don’t outsource your security management 6. Follow a security architecture / roadmap 7. Design patterns for cloud computing 8. Choose a secure platformOTN Architect Day 2011
  20. 20. Takeaways (Cloud or not)  Deploy Defense in Depth • Good general strategy to protect highly distributed systems (SOA, BPM, Cloud, etc.) • Limit your risks  Rationalize & Consolidate • Standardized frameworks, services, & technologies • Implement processes & policies  Plan Ahead • Classification strategy: know your systems & data • Cloud strategy: know your options & vendors • Risk management: choose wisely & CYAVisit the ITSO Reference Library at www.oracle.com/goto/itstrategies