Your SlideShare is downloading. ×
Cloud Security - A Visibility Challenge
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cloud Security - A Visibility Challenge

2,554
views

Published on

Cloud security really boils down to a visibility challenge. I am showing why companies are moving to the cloud and what the security implications are. The security challenges boil down to a …

Cloud security really boils down to a visibility challenge. I am showing why companies are moving to the cloud and what the security implications are. The security challenges boil down to a visibility, which in turn is a big data challenge. Loggly, a logging as a service provider, addresses this visibility challenge by providing a big data, cloud logging platform. The presentation outlines some visualization use-cases that can be built on top of the Loggly platform to support visibility into cloud operations.

Published in: Technology, Business

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,554
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
82
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cloud Security A Visibility Challenge Raffael Marty - @zrlram UNAM 2010, Mexico CityWednesday, December 1, 2010
  • 2. Raffael Marty • Founder @ • Chief Security Strategist and Product Manager @ Splunk • Manager Solutions @ ArcSight • Intrusion Detection Research @ IBM Research • IT Security Consultant @ PriceWaterhouse Coopers Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 Logging as a Service 2 © by Raffael MartyWednesday, December 1, 2010
  • 3. Agenda •Data Centers •Visibility and Big Data •The Cloud •Logging as a Service •A New Risk Landscape Logging as a Service 3 © by Raffael MartyWednesday, December 1, 2010
  • 4. Data Centers 4Wednesday, December 1, 2010
  • 5. 11.8 million servers in data centers “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 5Wednesday, December 1, 2010
  • 6. Servers are used at only 15% of their capacity “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 6Wednesday, December 1, 2010
  • 7. 800 billion dollars spent yearly on purchasing and maintaining enterprise software 80% of enterprise software expenditure is on installation and maintenance of software “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 7Wednesday, December 1, 2010
  • 8. Data centers consume up to 100 times more per square foot than a typical office building Data centers consume 1.5% of the USA’s electricity “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 8Wednesday, December 1, 2010
  • 9. From 2001 to 2006: • Number of servers doubled • Average power consumption per server quadrupled “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 9Wednesday, December 1, 2010
  • 10. Green technologies can reduce energy costs by 50% “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 10Wednesday, December 1, 2010
  • 11. The Cloud 11Wednesday, December 1, 2010
  • 12. The Public Cloud IaaS - Infrastructure PaaS - Platform SaaS - Software Enterprise Infrastructure Services LaaS - Logging XaaS - DNS / RDBMS /... Raffael Marty - @zrlram 12Wednesday, December 1, 2010
  • 13. Cloud “Features” • Almost infinite resources - on demand • Pay as you go • Elasticity - dynamic load allocation • Quality of service guarantees (SLAs) • Outsource non-core capabilities / responsibilities • Forces operations to streamline and automate • Availability of infrastructure services (load balancing, database, logging, etc.) • Enables higher availability - Provision in multiple data centers / multiple instances Raffael Marty - @zrlram 13Wednesday, December 1, 2010
  • 14. Why Companies Move to the Cloud “If you move your data centre to a cloud provider, it will cost a tenth of the cost.” – Brian Gammage, Gartner Fellow “Using cloud infrastructures saves 18% to 29% before considering that you no longer need to buy for peak capacity” - George Reese, founder Valtira and enStratus “Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications.” - Infoworld Raffael Marty - @zrlram 14Wednesday, December 1, 2010
  • 15. Why Companies Move to the Cloud • Ecological considerations drive economical decisions • Increased Efficiency due to better use of resources • More predictable cost • IT staff can be freed up for other initiatives • Design with redundancy and failure tolerance needed • Automation is necessary, but is a good thing • Easy integration of services for non-core capabilities (RDBMS, Load balancing, etc.) Raffael Marty - @zrlram 15Wednesday, December 1, 2010
  • 16. Changes in Security • The Good - Cloud homogeneity makes security auditing/testing simpler - Clouds enable automated security management - Redundancy / Disaster Recovery - Distributed denial of service (DDoS) protection • The Bad? - Loss of physical control - No more network-based Intrusion Detection - No data leak prevention (DLP) - Little network routing mechanisms Raffael Marty - @zrlram 16Wednesday, December 1, 2010
  • 17. What Has Changed • Data Storage and Access - Isolation management / data multi-tenancy - Data retention issues - Data dispersal and international privacy laws ‣ EU Data Protection Directive and U.S. Safe Harbor program ‣ Exposure of data to foreign governments and data subpoenas • Processing Infrastructure - Application multi-tenancy - Reliance on hypervisors - Process isolation / Application sandboxes Raffael Marty - @zrlram 17Wednesday, December 1, 2010
  • 18. Your New Risk Landscape 18Wednesday, December 1, 2010
  • 19. Risk = (Threat, Vulnerability) • Shared resources • Hypervisor escaping • Using external services • Stored credentials Proprietary implementations can’t be examined - • Web ubiquity - Availability of services - Confidentiality of services • Malicious insiders • Data storage • Trusting vendor’s security model - Obtaining support for investigations - Inability to respond to audit findings Raffael Marty - @zrlram 19Wednesday, December 1, 2010
  • 20. Visibility and Big Data 20Wednesday, December 1, 2010
  • 21. Visibility Raffael Marty - @zrlram 21Wednesday, December 1, 2010
  • 22. Visibility • Monitoring - Performance - Availability - Ephemeral Infrastructure IaaS - Similar to before • Security PaaS - Lack of Infrastructure - New Threats SaaS - Blind? - New Vulnerabilities - Different Risk Distribution Raffael Marty - @zrlram 22Wednesday, December 1, 2010
  • 23. Application Visibility • If you can’t control the infrastructure, control your applications • Application logging - need guidelines - better tools - education of developers / students? • Challenges - how to centrally collect all the data - how to mine the data - how to use/understand the data See: Raffael Marty, “Cloud Application Logging for Forensics”, SAC 2011, Taipei. Raffael Marty - @zrlram 23Wednesday, December 1, 2010
  • 24. Big Data • NoSQL • Distributed data stores • Distributed queues • Map reduce • ETL (Extract, Transform, Load) • ... Raffael Marty - @zrlram 24Wednesday, December 1, 2010
  • 25. LaaS - Logging as a Service • Log collection Benefits • all data in one place • No installation • Great scalability • Log storage and management • Easy configuration • 7x24 availability • No maintenance • Pay as you go • index, storage, archive • Extremely fast log search across all your data • data source agnostic (no parsers) • innovative Web shell • API log access • oAuth authentication • always on Logging as a Service 25 © by Raffael MartyWednesday, December 1, 2010
  • 26. “Logging Bus” Machines Mashups mobile-166 My syslog Users • Logs published to bus • Consumers read from bus Bus Individuals Mashups • Situational awareness Clouds Small businesses • Security forensics Data centers • Security monitoring Logging as a Service 26 © by Raffael MartyWednesday, December 1, 2010
  • 27. Situational Awareness • Treemap • Protovis.JS • Size: Amount • Brightness: Variance • Color: Sensor • Shows: Scans - bright spots • Thanks to Chris Horsley Logging as a Service 27 © by Raffael MartyWednesday, December 1, 2010
  • 28. Forensics mobile-166 My syslog Logging as a Service 28 © by Raffael MartyWednesday, December 1, 2010
  • 29. Security Visualization www.secviz.org Logging as a Service 29 © by Raffael MartyWednesday, December 1, 2010
  • 30. about.me/raffy loggly.com/signup 30Wednesday, December 1, 2010

×