Global Challenges in Cloud Security

Sadie CreeseJoint work with Paul Hopkins

International Digital Laboratory

1

Overview• Why• What• Drivers and Barriers• Sources of Future Risk

• Maturity and Vulnerability• Future Threats

• Global Security Challenges• Questions for debate

2

Why

3

$$$

Hosted apps market currently at $6.4b, $14.8b in 2012 (Gartner Dec 08)

Services market currently at $56b, $150b in 2013 (Gartner March 09)

Services market currently worth $16.2b, $42b in 2012 (IDC Dec 08)

Services market to be worth $160b in 2011 (Merril Lynch May 08)

How do we protect our digital assets both data and function when using the clouds?

How might malicious entities use the cloud?

How might current security practice not scale up?

What will require a collaborative response?

What – the technology model• Utility / Pay-Per-Use, on-demand access, shared resources,

rapid provisioning, agile, responsive

4

Gmail, Google Docs

Google App Engine

Amazon EC2

Amazon S3/SimpleDB

VMWare/XEN

What - system

5

VM VMVM

Broker

VM VMVM

VM VMVM

User

What - applications• Repackaging of products for deployment in clouds• Existing data centres expanding market offerings to include

utility services• MS, Google, salesforce.com offering rich application

frameworks but with little portability• Market analysts predict enterprise apps for niche/common.

• Archiving & eDiscovery, Collaboration (Secure), ERP, Online backup, Supply chain mgt, Web content mgt & conferencing….

• Lock-in and lack of interoperability key issue• Web mash-ups composing 3rd party apps

6

What – application ecosystem

7

Extract from slides : “Prophet a Path out of the cloud”, Best Practical, Presented at O’Reilly Open Source Conf, 2008

Cloud Drivers• Enterprise Drivers

• Compression of deployment cycles• Instant upgrade and try-it-out• Elasticity• Cost alignment• Reduction of IT team costs• Accessibility and sharing• Dependability• Waste reduction and carbon footprint

• Consumer drivers• Up to speed with latest apps• Pay-as-you-use• Accessibility and sharing• Dependability

8

Enterprise Cloud Drivers Stats

9

Cloud Barriers• Data security concerns• Privacy compromise/ practice• Service dependability and QoS• Loss of control over IT and data• Management difficulties around performance, support and

maintenance• Service integration• Lock-in• Usability• Lack of market maturity

10

Cloud Barriers Stats

11

Future Risk - maturity and vulnerability

12

Initial Services Architected Services Alligned and responsive

Optimised and Dynamically

Reconfigurable Cloud Services

Enterprise Componentised   Strategy and vision for broad adoption   Cloud services alligned

and integrated   Multiple suppliers, seamless integration

       

Governance Due dilligence of external   Based on best practice   Cloud and Enterprise alligned   Dynamically monitored

and enforced       

Methods Standard contractual arrangement   Best practice, SLAs

emerging  Support team, common

service environment, automated SLAs

 

Extended team, dynamic SLAs, consumption

monitoring and optimisation

       

Applications Additional functionality   Cloud enabled new external channels   Process integration,

enhanced productivity   Dynamic and bespoke service offerings

       

Information Information as a cloud service   Enterprise service meta-data

available  Single enterprise

ontology shared with partners

 Semantic data,

analytics, information applications

       

Infosec Monitoring and control at gateway  

SLAs include infosec, idm across the enterprise and in

cloud  Monitoring and

auditability integrated  Auto enforcement, multi-level secure

clients       

quick-win  business sold on benefits close alignment between enterprise and suppliers

leader in cloud exploitation

Initially aligning enterprise processes with cloud

focused process will be beyond best practiceDynamic SLAs could

become a focus for automated DoS

Vulnerable external facing applications potentially cause cascade failures

across integrated processes

Meta-data offers potential for aggregation and

enhanced intelligence gathering

Future Risk – Scenarios

13

High Cost/Low Payback for an attacker.Most successful threat agents, likely to be insider’s within the silo

High Cost/High Payback for an attacker.Most successful threat agent, likely to be insider managing resource distribution or a malicious service provider.

Low Cost/Low Payback for an attacker.Threat agents will include external attackers utilising mixture of technology and social engineering.

Low Cost/High Payback for an attacker.External attackers using the distributed scale to attack multiple systems and users simultaneously. E.G Bot and application framework based attacks.

Future Risk - think like an attacker?

14

• Denial of service• resource consumption, traffic redirection, inter-cloud and user to cloud

communications vulnerabilities• Trojan Clouds

• Imitate providers, infiltrate supply chains, sympathetic cloud• Inference attacks due to privileged access

• Application Framework attacks• Repeatable, pervasive

• Sticky Clouds• Lack of responsiveness, complex portability

• Onion storage• Moving global location, fragmenting, encrypting

• Covert channels within the cloud network across services• Can’t be monitored externally

Global Security Challenges• Risk Management Practice • Interoperable tools, controls, language, dependence on

service providers, standardisation for mobility in market, temporal relationships

• Attack Surface Reduction • Dynamic service composition could propagate vulns,

systemic application based failures• Attack Detection• Distributed, collaborative for large scale events, inter and

intra cloud, dynamism resulting in fluctuating traffic • Response and Recovery• Legal, Regulatory, Compliance and Audit• Portable identity – federated / user centric / interoperability• Privacy Controls

15

Global Security Challenges - 2

Pace, agile response, interoperability across clouds, mobility, secure portability, cross

jurisdiction collaboration

16

Questions for debate• Should we be taking an intrusion tolerance approach?• Should we be considering self-healing bio-inspired cloud

ecosystems?• How could we construct collaborative defence mechanisms

which integrated at a technology and process level? Which span multiple organisations and jurisdictions?

• What would happen if we did not construct a global response to cloud security challenges?

• Can it all be done by industry alone? What role should government and regulation have?

• Cloud is global – standards must be global – should / can regulation be global? If not can it work?

17