Kinamik Cloud Governance


Published on

The importance of Trust, Accountability and Transparency in Cloud Computing. Explains how Immutable Audit Logs can foster Cloud Computing adoption

Published in: Technology, Business
1 Like
  • Nadeem,
    Excellent pitch - and more validation of the importance of immutable audit logs as a key element of establishing a trusted infrastructure for cloud services. MPeterson, Strategic Research Corp.
    Are you sure you want to  Yes  No
    Your message goes here
  • Thanks for the comments. Please feel free to contact me directly or pass on my details. Email: Tel Office: +34 931 835 814 Tel Mobile: +34 628 629 322
    Are you sure you want to  Yes  No
    Your message goes here
  • I'm not an expert in corporate IT audits... but I know this is a big concern of ours in using the Cloud. As I lead a cloud team to explore the possibility, the Audit team jumped out of the wood work and said they must be part of the team. I'm glad to be able to point to you guys as being someone who appreciates the MNC's concerns and are addressing them.

    Are you sure you want to  Yes  No
    Your message goes here
  • We would apreciate and comments and feedback on the proposition of setting up Immutable Audit logs in Cloud infrastructures in order to achieve better governance, transparency and trust. Thanks. The Kinamik team
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Kinamik Cloud Governance

  1. 1. Trust, Transparency and Accountability for Cloud Computing June 2009
  2. 2. Table of Contents <ul><li>Governance, Audit and Compliance Issues </li></ul><ul><li>Trust and Accountability Requirements of the Federal Cloud </li></ul><ul><li>Audit and Integrity </li></ul><ul><li>Kinamik Secure Audit Vault </li></ul><ul><li>Questions and Next Steps </li></ul>
  3. 3. The issues <ul><li>Lack of trust in electronic information </li></ul><ul><li>Additional evidence required to support forensics and auditors </li></ul><ul><li>Unsubstantiated accountability </li></ul><ul><li>Compensating controls considered sufficient </li></ul><ul><li>Evidence laws are evolving </li></ul><ul><li>Imposed threats are not fully rationalized </li></ul><ul><li>Lack of commercial technology </li></ul><ul><li>Trust in administrators </li></ul><ul><li>Trust in the perimeter </li></ul>
  4. 4. Paradigm shift from perimeter to data level security <ul><li>The security industry has been starting at the edge (perimeter) and working its way to the data itself </li></ul><ul><li>The traditional security perimeter is shifting: </li></ul><ul><ul><li>Attackers are continually evolving and finding newer ways to break through the security perimeters </li></ul></ul><ul><ul><li>Insider threats are becoming more prevalent </li></ul></ul><ul><ul><li>External threat are becoming more organised </li></ul></ul><ul><ul><li>The notion of perimeter is changing: SOA, SaaS, Grids, Virtualization are eliminating the borders, increasing data mobility </li></ul></ul><ul><li>The data element itself is the crown jewels </li></ul>
  5. 5. Cloud Governance <ul><li>&quot;By 2012, 80 percent of Fortune 1000 companies will pay for some cloud computing service, and 30 percent of them will pay for cloud computing infrastructure” (Gartner 08) </li></ul><ul><li>Within the cloud the complexity of vendor contracts, expectations surrounding Service Level Agreements (SLAs), and the increasingly complex regulatory and legislative environment are placing demands on Cloud Governance </li></ul><ul><li>Cloud governance demands that organizations begin by addressing policy enforcement and monitoring </li></ul><ul><li>The focal point of risk shifts closer to the data level </li></ul><ul><li>Most cloud providers (IaaS, SaaS, PaaS) do not have strong data auditing capabilities </li></ul><ul><ul><li>For example Amazon AWS “server logging feature is offered on a best-effort basis” (Amazon Docs) </li></ul></ul><ul><li>Low trustworthiness in auditing capabilities is a significant inhibitor of cloud governance </li></ul><ul><ul><li>For example: Amazon´s EC2 PayPer Use model “CloudService Elacticity” requires trustworthy audit information to ensure appropriateness of changes </li></ul></ul><ul><li>Lack of evidential weight of audit data makes litigation support difficult </li></ul><ul><li>The “Not knowing what to log” problem will diminish as regulations, legislation and data owners requirement appear </li></ul>
  6. 6. Centralized Audit Vaults with tamper resistance <ul><li>Sample of regulations that requires audit-trails GRC </li></ul><ul><ul><li>US Sarbanes-Oxley (SoX), Gramm-Leach-Bliley Act (GLBA), US Health Insurance Portability and Accountability Act (HIPPA); Payment Card Industry – Data Security Standard (PCI-DSS); FAA DOT/FAA/AR-06/2; EU Data Retention Directive (DRD); FDA 21 CFR Part 11; Data Protection Act (DPA); eDiscovery … .. </li></ul></ul><ul><li>Sample of tamper resistance requirements </li></ul><ul><ul><li>ISO27001/ISO17799 - 10.10.3 “ Logging facilities and log information shall be protected against tampering and unauthorized access. ” </li></ul></ul><ul><ul><li>PCI DSS - 10.5.5 “ ensure that existing log data cannot be changed without generating alerts . ” </li></ul></ul><ul><ul><li>NIST 800-92 “ Ensuring that the original logs are not altered to support their use for evidentiary purposes </li></ul></ul>
  7. 7. Digital Evidence <ul><li>BS 10008:2008 Evidential weight and legal admissibility of electronic information </li></ul><ul><li>Foundations of Digital Evidence, George L. Paul, American Bar Associations, 2009 </li></ul><ul><li>NIST 800-92: Guide to computer security log management </li></ul><ul><ul><li>“ In cases where logs may be needed as evidence, organizations may wish to acquire copies of the original log files” </li></ul></ul><ul><li>Cloud Computing Brings New Legal Challenges , </li></ul><ul><ul><li>&quot;companies that face the prospect or likelihood of litigation should make certain that they choose cloud providers that are able to ensure the authenticity and reliability of the data they are maintaining, including metadata“ </li></ul></ul>
  8. 8. Immutable Audit Log <ul><li>Immutable Audit logs (IALs) are logs protected from tampering and erroneous insertion </li></ul><ul><li>An IAL cannot be changed without it becoming evident by anyone regardless of privilege </li></ul><ul><li>The primary values are: </li></ul><ul><ul><li>Trust - “IALs can increase trust by assuring that activities in the system will be recorded” (Markle, 2006) </li></ul></ul><ul><ul><li>Transparency – The ability to perform oversight by appropriate stakeholders outside of the system </li></ul></ul><ul><ul><li>Accountability – Proving policy violations </li></ul></ul><ul><ul><li>Deterrence – Users will know in advance that logging and auditing are being used to identify policy violations </li></ul></ul><ul><li>Immutability increases evidential weight </li></ul><ul><li>“ Immutable audit logs (IALs) will be a critical component for the information sharing environment” (Markle, 2006) </li></ul><ul><ul><li>“ where levels of trust have been historically low, for example, information sharing between federal law enforcement state/local…Federal Bureau of Investigations, and the Central Intelligence Agency… Department of Homeland Security and the Office of the Director of National Intelligence” (Markle, 2006) </li></ul></ul><ul><li>Access to IALs can be provided to Trusted Parties such as Data Owners, Regulators, the Government Accountability Office etc. </li></ul><ul><li>Implementing a Trusted Information Sharing Environment: Using Immutable Audit Logs to Increase </li></ul><ul><li> Security, Trust and Accountability, Markle Foundation, 2006 ( Markle , 2006) </li></ul>
  9. 9. Kinamik Immutable Audit Log <ul><li>Kinamik provides an Immutable audit log (IAL) repository that collects, secures and centralizes audit information from different sources, while providing irrefutable proof of integrity </li></ul><ul><li>Trust, Transparency and Accountability </li></ul><ul><ul><li>Irrefutable Integrity - The implementation of Chain Hashing is a computationally cheap method of achieving tamper evidence in an un-trusted environment [1] </li></ul></ul><ul><ul><li>Granularity – in opposition to digital signatures each event is key chain hashed with only 570 Bytes/message overhead (excluding message size). </li></ul></ul><ul><ul><li>Trusted time through the use of external trusted time stamping authorities </li></ul></ul><ul><ul><li>Confidentiality and access to only privileged users through the use of PKI, Access Control and Encryption </li></ul></ul><ul><ul><ul><li>Non-repudiation through the use of Public Key Cryptography </li></ul></ul></ul><ul><li>General Capabilities </li></ul><ul><ul><li>High performance 7500 events/ second on a single instance. </li></ul></ul><ul><ul><li>Interoperability Data Collection Agents – Send events in real time to Kinamik's Immutable Audit Log </li></ul></ul><ul><ul><li>Data retention policy </li></ul></ul><ul><ul><li>Searchability - Regular Expression Search </li></ul></ul><ul><ul><li>Alerting SNMP and SMTP alerting functionality </li></ul></ul><ul><ul><li>Reporting - Integration with reporting tool </li></ul></ul><ul><ul><li>Secure Key Management - Optional use of a Hardware Security Module </li></ul></ul>[1]Secure Audit Logs to Support Computer Forensics, Schneier/ Kelsey
  10. 10. Immutable Audit Log Resident in an Amazon EC2 Cloud Instance General Purpose Support Services Management/ Security Components Networking Components (Routers etc) Elastic Block Store Management Console Multiple Regions Auto Scaling Elastic Load Balancing Amazon CloudWatch Availability Zones Elastic IP Address S3 Audit Bucket Kinamik Immutable Audit Log Databases (Oracle, MySQL etc) Operating Systems (Unix, MS etc) Middleware (JBOSS, etc) Custom Applications (.NET, Java etc) Privileged Auditor (Data Owner, Regulator, Government Authority etc) Traditional Services Stack Native Audit Data Trusted Chain Applications (CRM, ERP, Mail etc) Cloud Services Audit Data
  11. 11. Limited Audit Capabilities Within Amazon AWS <ul><li>Amazon’s AWS Auditing capabilities </li></ul><ul><ul><li>Availability Zone - CPU Load, Disk I/O Rates and Network I/O Rates (Only retain for 2 weeks on in S3) </li></ul></ul><ul><ul><li>Instance Scaling - Amazon EC2 will automatically scale the EC2 instance </li></ul></ul><ul><ul><li>CloudFront’s Logs: The Object Popularity, Traffic by IP, Total of traffic, Total number of requests, Total number of bytes transferred, and the number of request broken down by HTTP response code etc </li></ul></ul><ul><ul><li>Creation, deletion and enumeration of objects within the bucket </li></ul></ul><ul><ul><li>Amazon Web Services (AWS) Usage - Instance owner is responsible for all costs including requester costs </li></ul></ul><ul><ul><li>DevPay: Requester Pay Bucket Activities </li></ul></ul><ul><li>Amazon disclaimers: </li></ul><ul><ul><li>&quot;4.3: We are not responsible for any unauthorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store any of, Your Content (as defined in Section 10.2), your Applications, or other data which you submit or use in connection with your account or the Services.“ </li></ul></ul><ul><ul><li>&quot;7.2: We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications.” </li></ul></ul><ul><li>Negative Impacts </li></ul><ul><ul><li>Not compliance to FISMA/NIST 800-53 “AU-9 PROTECTION OF AUDIT INFORMATION” </li></ul></ul><ul><ul><li>Trustworthiness of Management capabilities (SLA, Billing etc) </li></ul></ul><ul><ul><li>Limited Guarantees on Data Quality (Data manipulation etc) </li></ul></ul><ul><ul><li>&quot;The server access logging feature is designed for best effort ... most log records will be delivered within a few hours of the time that they were recorded...server logging feature is offered on a best-effort basis... server logging is not guaranteed ... </li></ul></ul><ul><ul><li>Usage Report Consistency - It follows from the best-effort nature of the server logging feature that the usage reports available at the AWS portal might include usage that does not correspond to any request in a delivered server log .“ ( ) </li></ul></ul>
  12. 12. In Summary Kinamik’s IAL <ul><ul><li>Collects, Centralize and Secures audit trail data from Cloud Services and traditional Network, OS, Application etc, and supports log diversity </li></ul></ul><ul><ul><li>Provides tamper protection supporting many legislative, regulatory and standards requirements, including FISMA through NIST 800-53 control AU-9 Protection of audit information </li></ul></ul><ul><ul><li>Provides privileged auditor access to data through the use of PKI and access controls </li></ul></ul><ul><ul><li>Provides data mining and reporting features to support billing, service levels, security, compliance, forensics etc. </li></ul></ul><ul><ul><li>Kinamik’s IAL can enable Trust, Accountability and Compliance by providing independent operational visibility to a cloud providers services </li></ul></ul><ul><ul><li>The IAL data carries significant evidential weight </li></ul></ul>
  13. 13. Q&A & Next Steps <ul><ul><li>Questions and Answers </li></ul></ul><ul><ul><li>Next Steps </li></ul></ul>