Cloud Security                              A Visibility Challenge                              Raffael Marty - @zrlram   ...
Raffael Marty      • Founder @      • Chief Security Strategist and Product Manager @ Splunk      • Manager Solutions @ Ar...
Agenda          •Data Centers                              •Visibility and Big Data          •The Cloud                   ...
Data Centers                                      4Wednesday, December 1, 2010
11.8 million servers in data centers                              “Effectively and Securely Using the Cloud Computing Para...
Servers are used at only 15% of their                                    capacity                                “Effectiv...
800 billion dollars spent yearly on purchasing             and maintaining enterprise software          80% of enterprise ...
Data centers consume up to 100 times more per              square foot than a typical office building         Data centers...
From 2001 to 2006:       • Number of servers doubled       • Average power consumption per server         quadrupled      ...
Green technologies can reduce energy                             costs by 50%                              “Effectively an...
The Cloud                                      11Wednesday, December 1, 2010
The Public Cloud        IaaS - Infrastructure        PaaS - Platform        SaaS - Software        Enterprise Infrastructu...
Cloud “Features”         • Almost infinite resources - on demand         • Pay as you go         • Elasticity - dynamic lo...
Why Companies Move to the Cloud               “If you move your data centre to a cloud provider, it will               cos...
Why Companies Move to the Cloud         • Ecological considerations drive economical decisions         • Increased Efficie...
Changes in Security         • The Good             - Cloud homogeneity makes security auditing/testing simpler            ...
What Has Changed         • Data Storage and Access             - Isolation management / data multi-tenancy             - D...
Your New                              Risk Landscape                                         18Wednesday, December 1, 2010
Risk = (Threat, Vulnerability)                 • Shared resources                                                         ...
Visibility                              and Big Data                                      20Wednesday, December 1, 2010
Visibility    Raffael Marty - @zrlram       21Wednesday, December 1, 2010
Visibility         • Monitoring             - Performance             - Availability             - Ephemeral Infrastructur...
Application Visibility        • If you can’t control the infrastructure, control your applications        • Application lo...
Big Data         • NoSQL         • Distributed data stores         • Distributed queues         • Map reduce         • ETL...
LaaS - Logging as a Service      • Log collection                                                         Benefits        ...
“Logging Bus”                              Machines           Mashups                                                   mo...
Situational Awareness         • Treemap         • Protovis.JS         • Size: Amount         • Brightness: Variance       ...
Forensics                              mobile-166                My syslog                        Logging as a Service    ...
Security Visualization                                                    www.secviz.org                        Logging as...
about.me/raffy                              loggly.com/signup                                                  30Wednesday...
Upcoming SlideShare
Loading in...5
×

Cloud Security - A Visibility Challenge

2,645

Published on

Cloud security really boils down to a visibility challenge. I am showing why companies are moving to the cloud and what the security implications are. The security challenges boil down to a visibility, which in turn is a big data challenge. Loggly, a logging as a service provider, addresses this visibility challenge by providing a big data, cloud logging platform. The presentation outlines some visualization use-cases that can be built on top of the Loggly platform to support visibility into cloud operations.

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,645
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
82
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Cloud Security - A Visibility Challenge

  1. 1. Cloud Security A Visibility Challenge Raffael Marty - @zrlram UNAM 2010, Mexico CityWednesday, December 1, 2010
  2. 2. Raffael Marty • Founder @ • Chief Security Strategist and Product Manager @ Splunk • Manager Solutions @ ArcSight • Intrusion Detection Research @ IBM Research • IT Security Consultant @ PriceWaterhouse Coopers Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 Logging as a Service 2 © by Raffael MartyWednesday, December 1, 2010
  3. 3. Agenda •Data Centers •Visibility and Big Data •The Cloud •Logging as a Service •A New Risk Landscape Logging as a Service 3 © by Raffael MartyWednesday, December 1, 2010
  4. 4. Data Centers 4Wednesday, December 1, 2010
  5. 5. 11.8 million servers in data centers “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 5Wednesday, December 1, 2010
  6. 6. Servers are used at only 15% of their capacity “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 6Wednesday, December 1, 2010
  7. 7. 800 billion dollars spent yearly on purchasing and maintaining enterprise software 80% of enterprise software expenditure is on installation and maintenance of software “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 7Wednesday, December 1, 2010
  8. 8. Data centers consume up to 100 times more per square foot than a typical office building Data centers consume 1.5% of the USA’s electricity “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 8Wednesday, December 1, 2010
  9. 9. From 2001 to 2006: • Number of servers doubled • Average power consumption per server quadrupled “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 9Wednesday, December 1, 2010
  10. 10. Green technologies can reduce energy costs by 50% “Effectively and Securely Using the Cloud Computing Paradigm AWS services” - Peter Mell, Tim Grance, NIST Raffael Marty - @zrlram 10Wednesday, December 1, 2010
  11. 11. The Cloud 11Wednesday, December 1, 2010
  12. 12. The Public Cloud IaaS - Infrastructure PaaS - Platform SaaS - Software Enterprise Infrastructure Services LaaS - Logging XaaS - DNS / RDBMS /... Raffael Marty - @zrlram 12Wednesday, December 1, 2010
  13. 13. Cloud “Features” • Almost infinite resources - on demand • Pay as you go • Elasticity - dynamic load allocation • Quality of service guarantees (SLAs) • Outsource non-core capabilities / responsibilities • Forces operations to streamline and automate • Availability of infrastructure services (load balancing, database, logging, etc.) • Enables higher availability - Provision in multiple data centers / multiple instances Raffael Marty - @zrlram 13Wednesday, December 1, 2010
  14. 14. Why Companies Move to the Cloud “If you move your data centre to a cloud provider, it will cost a tenth of the cost.” – Brian Gammage, Gartner Fellow “Using cloud infrastructures saves 18% to 29% before considering that you no longer need to buy for peak capacity” - George Reese, founder Valtira and enStratus “Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications.” - Infoworld Raffael Marty - @zrlram 14Wednesday, December 1, 2010
  15. 15. Why Companies Move to the Cloud • Ecological considerations drive economical decisions • Increased Efficiency due to better use of resources • More predictable cost • IT staff can be freed up for other initiatives • Design with redundancy and failure tolerance needed • Automation is necessary, but is a good thing • Easy integration of services for non-core capabilities (RDBMS, Load balancing, etc.) Raffael Marty - @zrlram 15Wednesday, December 1, 2010
  16. 16. Changes in Security • The Good - Cloud homogeneity makes security auditing/testing simpler - Clouds enable automated security management - Redundancy / Disaster Recovery - Distributed denial of service (DDoS) protection • The Bad? - Loss of physical control - No more network-based Intrusion Detection - No data leak prevention (DLP) - Little network routing mechanisms Raffael Marty - @zrlram 16Wednesday, December 1, 2010
  17. 17. What Has Changed • Data Storage and Access - Isolation management / data multi-tenancy - Data retention issues - Data dispersal and international privacy laws ‣ EU Data Protection Directive and U.S. Safe Harbor program ‣ Exposure of data to foreign governments and data subpoenas • Processing Infrastructure - Application multi-tenancy - Reliance on hypervisors - Process isolation / Application sandboxes Raffael Marty - @zrlram 17Wednesday, December 1, 2010
  18. 18. Your New Risk Landscape 18Wednesday, December 1, 2010
  19. 19. Risk = (Threat, Vulnerability) • Shared resources • Hypervisor escaping • Using external services • Stored credentials Proprietary implementations can’t be examined - • Web ubiquity - Availability of services - Confidentiality of services • Malicious insiders • Data storage • Trusting vendor’s security model - Obtaining support for investigations - Inability to respond to audit findings Raffael Marty - @zrlram 19Wednesday, December 1, 2010
  20. 20. Visibility and Big Data 20Wednesday, December 1, 2010
  21. 21. Visibility Raffael Marty - @zrlram 21Wednesday, December 1, 2010
  22. 22. Visibility • Monitoring - Performance - Availability - Ephemeral Infrastructure IaaS - Similar to before • Security PaaS - Lack of Infrastructure - New Threats SaaS - Blind? - New Vulnerabilities - Different Risk Distribution Raffael Marty - @zrlram 22Wednesday, December 1, 2010
  23. 23. Application Visibility • If you can’t control the infrastructure, control your applications • Application logging - need guidelines - better tools - education of developers / students? • Challenges - how to centrally collect all the data - how to mine the data - how to use/understand the data See: Raffael Marty, “Cloud Application Logging for Forensics”, SAC 2011, Taipei. Raffael Marty - @zrlram 23Wednesday, December 1, 2010
  24. 24. Big Data • NoSQL • Distributed data stores • Distributed queues • Map reduce • ETL (Extract, Transform, Load) • ... Raffael Marty - @zrlram 24Wednesday, December 1, 2010
  25. 25. LaaS - Logging as a Service • Log collection Benefits • all data in one place • No installation • Great scalability • Log storage and management • Easy configuration • 7x24 availability • No maintenance • Pay as you go • index, storage, archive • Extremely fast log search across all your data • data source agnostic (no parsers) • innovative Web shell • API log access • oAuth authentication • always on Logging as a Service 25 © by Raffael MartyWednesday, December 1, 2010
  26. 26. “Logging Bus” Machines Mashups mobile-166 My syslog Users • Logs published to bus • Consumers read from bus Bus Individuals Mashups • Situational awareness Clouds Small businesses • Security forensics Data centers • Security monitoring Logging as a Service 26 © by Raffael MartyWednesday, December 1, 2010
  27. 27. Situational Awareness • Treemap • Protovis.JS • Size: Amount • Brightness: Variance • Color: Sensor • Shows: Scans - bright spots • Thanks to Chris Horsley Logging as a Service 27 © by Raffael MartyWednesday, December 1, 2010
  28. 28. Forensics mobile-166 My syslog Logging as a Service 28 © by Raffael MartyWednesday, December 1, 2010
  29. 29. Security Visualization www.secviz.org Logging as a Service 29 © by Raffael MartyWednesday, December 1, 2010
  30. 30. about.me/raffy loggly.com/signup 30Wednesday, December 1, 2010
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×