0
1
Will in-house clouds storm past your network
defenses?
Andrew Yeomans
Jericho Forum Board
2
A brief introduction to the Jericho Forum
The Jericho Forum aims to drive and influence development
of security standard...
3
Cabinet
Office
Foreign &
Commonwealth
Office
Some of our members
4
From Connectivity to Collaboration
Full de-perimeterized working
Full de-perimeterized working
Full Internet-based
Colla...
5
Core business targets
Customer
ProductBackup
Infra-
structure
Email
Security
R & D
Web host
Desktop
6
Clouds – inside your data centre?
7.1>1000 Servers
/ Admin
140 Servers /
Admin
Administra-
tion
5.7$0.40 per
GByte / mon...
7
Cloud Shape Architecture Model
Perimeterised
De-
perimeterised
Proprietary Open
Internal
External
Where
is your data
?
A...
8
Security Questions
PerimeterisedPerimeterisedPerimeterisedPerimeterised DeDeDeDe----perimeterisedperimeterisedperimeteri...
9
Interoperability Questions
ProprietaryProprietaryProprietaryProprietary OpenOpenOpenOpen
InternalInternalInternalInterna...
10
Thunder clouds – the problems
Inertia – why change?
Availability – outages?
Lock-in – how to get my data out again?
Con...
11
Internal clouds
Where to deploy?
– Development / Test
– Disaster Recovery
– Production compute grid
– Cyclical processi...
12
Cloud future – design your network
Add instance
Remove instance
Migrate
Performance
Properties
Confidentiality in cloudsRiskControlAcceptanceCurve
RiskControlLevels
85%
14%
<1%
Ratios closer to data volumes
14
Current network designs
15
Internal cloud?
16
…full of virtual servers
17
Network security?
Where is the Firewall?
Where is the Intrusion Detection System?
Where is the Intrusion Protection Sys...
18
Effectiveness of security controls
Time
Relativeeffectiveness
Data controls
Network controls
End-point and
application ...
19
Data separation
Interconnected mini-clouds? (Physical)
VLAN separation (network)
Hypervisor? (Ring0 software)
Data-cent...
Data protection choice is easy!
• In IT systems we have two main protection
methods:
– Encryption (or not)
– Access contro...
Three Laws of Data Encryption
Based on Rich Mogull:
1. External loss - Encryption for media
protection – if the data moves...
Two other forms of protection
Protect by monitoring
– Can't always have technical controls
– Monitor for policy violations...
23
But it must be manageable
Missing – an open
format for data
protection
Key management
standards
Missing - Open
authenti...
24
A look to the future - OpenEIPC
Missing – an open format for
data protection (c.f. DRM)
Strawman – ZIP + XACML
Also wor...
25
ACLs versus Protected Data
Fine-grained cryptographic protection
difficult
So use traditional ACLs for fine-grained
con...
26
Security by Design, not Afterthought
Risks
Get it wrong and
expose the business
Keep adding more
layers of security
Cos...
27
Jericho Forum Self Assessment Scheme
28
Jericho Forum Activity
Like many others, we see huge potential and benefits for
moving into "the cloud"
But we advise n...
29
30
Thank You!
Andrew Yeomans
Jericho Forum Board
http://jerichoforum.org
Upcoming SlideShare
Loading in...5
×

Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht

820

Published on

Will in-house clouds storm past your network defences?

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
820
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht"

  1. 1. 1 Will in-house clouds storm past your network defenses? Andrew Yeomans Jericho Forum Board
  2. 2. 2 A brief introduction to the Jericho Forum The Jericho Forum aims to drive and influence development of security standards that will meet future business needs These standards will: – Facilitate the secure interoperation, collaboration and commerce over open networks – Be based on Collaboration Oriented Architectures (COA) and design approach entitled “de-perimeterization”. Globally, around fifty blue-chip user organisations, from all sectors, are working together to solve the problems posed by de-perimeterization The Open Group hosts the Jericho Forum Everything published is free and open-source.
  3. 3. 3 Cabinet Office Foreign & Commonwealth Office Some of our members
  4. 4. 4 From Connectivity to Collaboration Full de-perimeterized working Full de-perimeterized working Full Internet-based Collaboration Full Internet-based Collaboration Consumerisation [Cheap IP based devices] Consumerisation [Cheap IP based devices] Limited Internet-based Collaboration Limited Internet-based Collaboration External Working VPN based External Working VPN based External collaboration [Private connections] External collaboration [Private connections] Internet Connectivity Web, e-Mail, Telnet, FTP Internet Connectivity Web, e-Mail, Telnet, FTP Connectivity for Internet e-Mail Connectivity for Internet e-Mail Connected LANs interoperating protocols Connected LANs interoperating protocols Local Area Networks Islands by technology Local Area Networks Islands by technology Stand-alone Computing [Mainframe, Mini, PC’s] Stand-alone Computing [Mainframe, Mini, PC’s] Time Connectivity Business Value Risk Today Effective Perimeter Breakdown http://opengroup.org/jericho/Business_Case_for_DP_v1.0.pdf
  5. 5. 5 Core business targets Customer ProductBackup Infra- structure Email Security R & D Web host Desktop
  6. 6. 6 Clouds – inside your data centre? 7.1>1000 Servers / Admin 140 Servers / Admin Administra- tion 5.7$0.40 per GByte / month $2.20 per GByte / month Storage 7.1$13 per Mbit/ sec/ month $95 per Mbit/ sec/ month Network RatioCost in Very Large DC Cost in Medium- sized DC Technology Source: HAMILTON, J. Internet-Scale Service Efficiency. In Large-Scale Distributed Systems and Middleware (LADIS) Workshop (September 2008)
  7. 7. 7 Cloud Shape Architecture Model Perimeterised De- perimeterised Proprietary Open Internal External Where is your data ? Are the interfaces public ? Is data collaboratively shared ? Adrian Secombe
  8. 8. 8 Security Questions PerimeterisedPerimeterisedPerimeterisedPerimeterised DeDeDeDe----perimeterisedperimeterisedperimeterisedperimeterised InternalInternalInternalInternal ExternalExternalExternalExternal Distinction Fades as Collaboration Increases Can the Outsourcer integrate into my infrastructure? Will I be able to deliver? Do I have the skills? Do I have the resources? Can do I recover costs? Distinction Fades as Virtualisation Increases Who has access to my data? What about export and Privacy laws? How is the EXT/INT interface managed? Where is my data? What due diligence did my employees do prior to using the service? What leaks are there from the cloud service back into my infrastructure? How is my data protected in transit? Who is responsible if something goes wrong? What about business continuity? How does my data securely enter and exit the cloud?
  9. 9. 9 Interoperability Questions ProprietaryProprietaryProprietaryProprietary OpenOpenOpenOpen InternalInternalInternalInternal ExternalExternalExternalExternal Distinction Hinders Collaboration What standards should be developed? Who should control them? When I run out of resources can I engage an external cloud service provider? Distinction Fades as Virtualisation Increases Will this allow me to leverage multiple cloud service providers to jointly perform a task? Will it further enable collaboration among multiple partners? What if I need to switch vendors? What if my collaboration partner uses a different vendor? Do I have to implement proprietary interfaces to do business with the provider? Is this where I want to be? Do I still need internal cloud services?
  10. 10. 10 Thunder clouds – the problems Inertia – why change? Availability – outages? Lock-in – how to get my data out again? Confidentiality – who else can see it? Auditability – and can you prove that? Jurisdiction – who can get to the data?
  11. 11. 11 Internal clouds Where to deploy? – Development / Test – Disaster Recovery – Production compute grid – Cyclical processing – e.g. end-of-day – Scalable web hosting
  12. 12. 12 Cloud future – design your network Add instance Remove instance Migrate Performance Properties
  13. 13. Confidentiality in cloudsRiskControlAcceptanceCurve RiskControlLevels 85% 14% <1% Ratios closer to data volumes
  14. 14. 14 Current network designs
  15. 15. 15 Internal cloud?
  16. 16. 16 …full of virtual servers
  17. 17. 17 Network security? Where is the Firewall? Where is the Intrusion Detection System? Where is the Intrusion Protection System? Where are network routing controls? … and VLANs, DLP, WAF, sniffers… How much value do they really add?
  18. 18. 18 Effectiveness of security controls Time Relativeeffectiveness Data controls Network controls End-point and application controls Acknowledgements to Steve Whitlock and Dan Hitchcock 2010?
  19. 19. 19 Data separation Interconnected mini-clouds? (Physical) VLAN separation (network) Hypervisor? (Ring0 software) Data-centric? (data)
  20. 20. Data protection choice is easy! • In IT systems we have two main protection methods: – Encryption (or not) – Access controlled (or not) Encrypted Uncontrolled Encrypted Controlled access Unencrypted Controlled access Unencrypted Uncontrolled
  21. 21. Three Laws of Data Encryption Based on Rich Mogull: 1. External loss - Encryption for media protection – if the data moves, physically or virtually. Simple key management. 2. Internal access - Encryption to restrict privileged access. Complex key management if really works. 3. Mandated encryption (e.g. PCI)
  22. 22. Two other forms of protection Protect by monitoring – Can't always have technical controls – Monitor for policy violations – Advertise to reduce temptations – Results from “DLP” can steer Data Classification and create dialogue with business Protect by destroying! – The best form of confidentiality – Data Retention policies – Need to track all assets, including data
  23. 23. 23 But it must be manageable Missing – an open format for data protection Key management standards Missing - Open authentication Data zones
  24. 24. 24 A look to the future - OpenEIPC Missing – an open format for data protection (c.f. DRM) Strawman – ZIP + XACML Also works for ODF and OOXML/OPC Scope and level appropriate to asset at risk Mimetype Pictures/1001.png Pictures/1002.png content.xml hCTqkH557Q6yeIh uz+kbOfADzas2o mqWD3USq4HOjh /syMeHVH styles.xml meta.xml eipc.xml
  25. 25. 25 ACLs versus Protected Data Fine-grained cryptographic protection difficult So use traditional ACLs for fine-grained control Use crypto protection for provable broad protection Will really take off when embedded in operating system or hypervisor
  26. 26. 26 Security by Design, not Afterthought Risks Get it wrong and expose the business Keep adding more layers of security Cost and/or inability to manage Saddled with yesterday’s technology Inflexible to respond to market demands Benefits Increased levels of security Simpler, less complex security Cheaper to run, easier to manage Tomorrows technology with ability to gain business advantage Flexible and adaptable solutions
  27. 27. 27 Jericho Forum Self Assessment Scheme
  28. 28. 28 Jericho Forum Activity Like many others, we see huge potential and benefits for moving into "the cloud" But we advise not leaping in their before understanding the: – Risks – Security issues – Interoperability issues – Business rationale The Jericho Forum is taking a lead on: – Analyzing the issues – Raising awareness – Establishing clear requirements Goal: Make the cloud a safe place to collaborate
  29. 29. 29
  30. 30. 30 Thank You! Andrew Yeomans Jericho Forum Board http://jerichoforum.org
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×