What is the future of Cloud Security?
February 1, 2012
Author: Jonathan J. Spindel, Ph.D.
Executive Vice President of Engineering
SafeMedia Corporation
1
What is the future of Cloud Security?
February 1, 2012
Summary
In order to control and remediate new emerging malicious actions, we must adopt
intuitive security procedures, within these principles must be the incorporation of
more intelligent forms of officiating these processes. This paper will delve into
those concerns, address pinpointed benchmarks, within the realm of external
networking, and Cloud security, capitalizing on the internal and external security
concerns as well as the management, and remediation of such issues.
Understanding the underlying problems, as they relate to information security, will
help the reader to expose their concerns regarding internal security related issues,
and propose solutions that will assist in the remediation. We will address anxieties
revolving around the adoption of outdated information-security concepts, and the
solution in regards to these concerns with a combination of innovative ideas
surrounding “intelligent” protocol behavioral analysis and pattern “DNA” matching
techniques, utilizing more advanced computational technologies.
In tandem with protocol behavioral analysis, these techniques will assist the reader
in understanding the value proposition in using more advanced intelligent
technology, and how that will add, and level out their concerns. By the end of this
paper, the reader should be able to understand emerging threats, as they are
changing in rapid succession to adopt new attack patterns, targeting application
based computing, and adopting more lucrative attack scenarios.
2
What is the future of Cloud Security?
February 1, 2012
Overview
Cloud Computing, as they say, is an old idea, officiated through new technology.
The inclusions added over the years, give Cloud Computing new functionality, and
have grown Cloud from an infantile rationality to what we view as a distributed
model today.
We have transgressed from the typical roaming profile to VDI (Virtual Desktop
Infrastructure), from smartphones, to mobile computing platforms, from
virtualization to full elastic computing. As we grow and feel the pains of adjusting to
such growth, our security infrastructure must follow closely to account for changes.
With this in mind, look at the jumps we have taken, through the mastery of
innovation, and then visualize how security has followed. The threats have become
more brazen, and have targeted objects, with which preparation was overlooked.
We have moved beyond the typical DOS (Denial of Service) attacks, to targeting
applications, their servers, at the application layer; these and other advanced
persistent threats are distributed with the sole realizations being monetary gain.
Gone are the days where hackers just wanted to say, “I did it”, ushering in a day of
monetary gain, whether that be from the axis of evil up to the proverbial
international identity theft rings. Information theft has become one of the number
one issues surrounding monetary loss from a corporate and end-user standpoint.
1
Cloud computing is altering the direction of, not only how we accomplish business
IT objectives, but in the way in which we enable our internal IT departments. There
has been, and we keep seeing a gradual, definitive shift towards Cloud Computing as
a whole. Within this direction we have been met with multiple conquerable issues,
such as scalability, application elasticity, orchestration, automation, etc., but nonhave been as elusive and painstaking as Cloud security itself. Unlike local Data
Center computing, which communicates primarily through layers 1-4, Cloud has
been termed as being much more application based and communicates primarily
over layers 4-7 of the OSI model. There are also concerns regarding user, and
1
http://www.riskandinsurancechalkboard.com/uploads/file/Ponemon Study(1).pdf
3
What is the future of Cloud Security?
February 1, 2012
usability, such as remote user authentication, to a much higher degree. This has
taken network security to a whole new paradigm, understanding application
communication, how those processes, and protocols effectively communicate, and
how to manage security for such fabrics. The underlying fact is that because of this
shift, attacks have transitioned from the transitional signatures, to the more
advanced attack scenarios, such as advanced persistent attacks (APT).2
Within the last few years, the security industry has been populated with news of
information theft or dissemination of internal data, penetrations resulting in
catastrophic loss, and attacks programmatically engineered targeting application
based computing. These issues are far outweighed by security vendors themselves
having issues with theft or loss of data, and the distribution of classified material,
from government agencies. These concerns are mostly internal, and do not translate
to Hybrid or Public Cloud Computing, not because it hasn’t happened, or could
happen, but the under utilization of public resources, caused by fear of losing
control over resources, and/or general mistrust of the Public Cloud, due to overall
lack or security or concerns regarding security as a whole. 3
2
http://www.cio.com.au/article/406586/assessing_apt_threat/?fp=4&fpid=18
3
"Hype Cycle for Cloud Application Infrastructure Services (PaaS), 2011") – Gartner Review
Cloud Application Infrastructure Services. Cloud application infrastructure services (also known as platform as a service, or PaaS) form the foundation of a cloud computing
platform by enabling development, execution, management and life cycle control for cloud-based application solutions (see"Hype Cycle for Cloud Application Infrastructure
Services (PaaS), 2011"). It is a less developed and less understood layer in the cloud computing architecture when compared with system infrastructure services (IaaS) and
application services (SaaS), but is the fastest growing with innovation and new vendor investments.
4
What is the future of Cloud Security?
February 1, 2012
Elastic computing itself could save organization millions in hardware costs, head
count, and increase revenue, not only with savings the “on-demand” ability to scale
up or down seamlessly. Hybrid Cloud usage combines Public and Private Cloud
realms, allowing the ability to gain from Public Cloud resources, but utilizes Private
Cloud resources internally. Although these models are best of breed, they again
resemble and have the same concerns, regarding security, and maybe even more
legitimate claims references security concerns overall.
These concerns are mostly held internally, and do not translate to Hybrid or Public
Cloud Computing, not because it hasn’t happened, or could happen, but the
underlying fear of security, or the lack of capable product stacks to compete. As it
stands today, Cloud overall, is an annual $37B enterprise, growing exponentially, to
an estimated $121B by 20154, and only a portion is related to Public Cloud. Yet
elastic computing itself could save organization millions in hardware costs, head
count, and increase revenue, not only with savings the “on-demand” ability to scale
up or down seamlessly. Hybrid Cloud usage combines Public and Private Cloud
realms, allowing the ability to gain from Public Cloud resources, but utilizes Private
Cloud resources internally. Although these models are best of breed, they again
resemble and have the same concerns, regarding security, and maybe even more
legitimate claims references security concerns overall.5
Proportionally the Public Cloud is utilized, under the auspices of an unsecured fabric,
although the security itself, if you want to route requests through a physical portal,
is rather robust. There are several organizations offering solutions stacks,
surrounding the usage of Public Cloud without the necessity of rerouting
information, mostly solutions based on agent architectures, or virtual appliances
utilizing agents within the virtual instance itself. These solutions, although robust in
nature, are somewhat diluted by the inability to manage multiple rule sets, and/or
the ability to communicate with other virtual appliances within the fabric. The idea
of managing a singular blade server, through one virtual appliance, has been
brought up in many different fashions, from usability to the assumption of managing
each blade server in a separate virtual container.6
Some issues surrounding these architecture genres’ stem from the idea of resource
pools, and the presence of multiple virtual appliances within pools. From this we
can discern that the possibilities of collisions between these appliances are a
definite possibility, not to mention the multitude of manageability concerns within
the management of the pools themselves, i.e. “what handles what and where?”
4
http://www.marketsandmarkets.com/Market-Reports/cloud-computing-234.html The global cloud computing market is expected to grow from $37.8 billion in 2010 to $121.1
billion in 2015 at a CAGR of 26.2% from 2010 to 2015. SaaS is the largest segment of the cloud computing services market, accounting for 73% of the market’s revenues 2010.
The major SaaS-providers include Adobe Web Connect, Google Mail, Cisco WebEx, and Yahoo Mail. Content, communications, and collaboration (CCC) accounts for about 30%
of the SaaS market revenues.
5
Cloud computing's fear factor: Acknowledge, reduce, move on http://radar.oreilly.com/2010/12/cloud-computing-the-fear-facto.html You also need to be aware and mitigate
your security concerns. It's possible the security risk is over-stated. Most of us do personal online banking don't we? And aren't huge components of our infrastructure such as
energy, financial markets, and the military already large consumers of the cloud? (Little consolation, I agree, when there is a breach -- but a fact on the ground you can't deny). I
argue that in the short-term these issues are about deliberate and diligent organizational planning and in the long-term it's simply about normal business continuity design. When
something innovative becomes widely adopted, it just becomes business as normal.
6
Hype Cycle for Privacy, 2011 http://www.gartner.com/DisplayDocument?doc_cd=214943&ref=g_fromdoc Privacy. The first "Hype Cycle for Privacy, 2011" is a tool for
privacy officers and other IT professionals who have a responsibility for privacy in the organization. As attention to privacy as a whole reaches a peak, it justifies a closer look at
which regulations are emerging and which have matured, and which technologies are deployed to deal with legal requirements and cultural expectations
5
What is the future of Cloud Security?
February 1, 2012
In any Cloud scenario, the presence of a “Single Pane of Glass” management
methodology should be commonplace to function as a “Manager of Managers”, offering
the capability of “Cross Platform Management”, and a central point of configuration.
Affording this structure allows the administrators to streamline operations across multiple
machines, resources pools, and the ability to manage heterogeneous environments, which
are so ever becoming more used in the Cloud industry, as our technology and the ability
to host multiple operating systems, Cloud Management Platforms, and Hypervisor
capabilities become more robust.
We must keep up with these methodologies as the technological capabilities increase as
time passes, as ever so often, we are faced with a new attack scenario that hampers our
protection protocols. Intelligent systems, with the capability of learning the patterns
within the protocols, “Protocol Behavior Analysis”, and “Packet Assembly and DeAssembly”, are becoming more prevalent, as these threats mature, some utilizing the
same signatures, but altering protocol behavior. As our tool-sets mature, utilizing new
technology to assess, interrogate, track, and assemble these transmissions are becoming
more difficult, as the threats are focusing on applications, rather than hardware based
communications.
As of late, these types of attacks have certainly surfaced, as we hear more about theft of
proprietary information, infiltration of financial institutions, up to cyber intrusion within
the defense industry. These threats take on a mantra, one of singularity, the focus is to
either obtain information through illegal means, funneling monetary value from an
institution, or disseminating information over the wire to discredit an organization or
cause harm to individuals.
7
All the scenarios focus on one subject, causing harm for monetary gain, unlike the
hackers of old, and ones whom focused on the possibility of being able to accomplish a
feat, not necessarily doing harm. Although there have always been those whom have
7
http://superconductor.voltage.com/2011/07/breaches-vs-european-countries.html
6
What is the future of Cloud Security?
February 1, 2012
wished to gain from these acts, the ever growing presence of ones whom wish hard, have
increased. With that increase, also have their technology, and attack methods become
more sophisticated.8
The ability to forensically approach these issues, and dig deep into the behavior of either
the protocol being assessed, the way in which the packets are being transmitting, or the
destination of the transmission itself. All the concerns must be met, in order to secure a
fabric such as Cloud. The way in which “we” attack these concerns will be key in
stopping the intrusion, and/or the unlawful dissemination of proprietary material. Delving
into the behavior of such transmissions, and the protocol itself is where technology is
headed. The ability to assess the transmission, and the way in which the protocol is
having is the essence in which we can discern its’ nature, or the proper use of the
transmission. Focusing on the behavior is key, whether that is protocol, or transmission
based, being able to interrogate that transmission assists in the ability of alerting or
stopping the intrusion or transmission of proprietary information. By way of cohesively
applying target based processors assigned to a varied number of protocols it is possible to
determine the malicious nature of a transmission, in which it again is possible to alert or
drop those packets, depending on the destination or the desire of dropping vs. alerting.
This is accomplished by encapsulating the virtual instance, or instances, in which affords
the capability of interrogating packets and transmission protocols through protocol
analysis and/or behavior.
In reality, the logical way of determining attack protocols are to measure what is normal
vs. what isn’t. In kind that measurement should incorporate the “normal” behavior of a
system, thereby being able to determine, or decode what isn’t. This realization elevates
8
Common Monitoring and Management Solutions
http://www.infosecurity-magazine.com/blog/2011/5/3/who-moved-my-cloud/334.aspx
A single pane of glass is often required to provide a unified look of the entire infrastructure. This will provide an auditor the ability to verify the provider is delivering the level of
service guaranteed by the solution. Auditors often look for event handling and common management across all systems. By automating the deployment of such monitoring
solutions, and relying on a common platform for the management (including patch management, software revision control, and system lockdown procedures) a level of assurance
can be provided to the auditor that all systems are uniform and follow the controls of the monitoring and management criteria.
7
What is the future of Cloud Security?
February 1, 2012
the need for determining the behavior of like application or system attacks. Attaching or
capturing a “DNA” or “foot print” of normal activity within the actions of or behavior of
such protocols or servers, one will be able to disseminate the actions of any malicious
activity, being able to remediate such activity in an in-line, or on-tap scenario.
The same concept holds true in reference to the Public Cloud. As currently usage is far
under par, mainly because of these worries, and the inability to remain compliant. The
same does not hold true in other locations, as use is increasing, especially in the European
as the market expands. Some of the reasoning for the anomaly is compliancy restrictions,
referred to above, as well as the loss of control, security concerns, and the ability to
operate autonomously throughout the fabric. These concerns arise from the inability to
control your own infrastructure, someone else having access to that technology, and/or
the ability to access information remotely.9
Encapsulating Cloud environments, whether that be physical, virtual, or Hybrid/Public
Cloud based, allows for dual vector protection from the ‘outside in’, and ‘inside out’,
affords the organization to gain back some of the control. Increasing the ability to see
what is transpiring, not only within the IaaS (Infrastructure-as-a-Service) layer, but also
in the SaaS (Software-as-a-Service) layer. This allows the use to gain control, by
protecting resources as if they were internal. This is accomplished via location
parameters, and use of proprietary models that encompass the resources in a secured
mesh, thereby allowing for protection of the resources from a holistic standpoint. This
enables the deployment of high-value, high-risk Cloud applications, while mitigating the
risks associated with such applications. Intrusion detection and Prevention must include
attack recognition beyond simple signature matching, and the ability to drop malicious
sessions as opposed to simple resetting of connections.10
We must become more intellectual in way we conduct security operations, and how we
design systems to manage and remediate breaches. Intelligent systems capable of
managing such traffic, analyzing traffic patterns and protocols, officiates processes, as
they do not rely on application changes or structure. These tool-sets care about traffic,
patterns, and protocol behavior, adopting a set of rules capable of matching like patterns
to suspicious activity. There must be an ability to incorporate intelligence, and machine
learning technology, to combat these changes, capitalizing on protocol behavior and
DNA patterns of the transmission protocols themselves. These actions must be met with
a robust, like minded, response to the malicious action, with the capability of forensic
level capture, affording the capability to stay compliant, in a time where compliancy is so
integral, and watchdogs are waiting to attack any offending organization.
9
http://wallstreetandtech.com/2012-outlook/the-cloud The move to the public cloud also will be dictated by the size of the institution. Small to mid-size firms that do not have their
own proprietary data centers will be among the first to move to the low-cost capacity the public cloud offers, while larger banks will initially continue to utilize their large, private
clouds.
10
Public sector cloud use on the rise
http://www.thecloudcircle.com/article/public-sector-cloud-use-rise The number of public sector organizations using the cloud is rising steadily, if not spectacularly, the Cloud
Industry Forum, with 11 per cent increased clouds usage over the last nine months. The independent study of the latest cloud adoption rates showed that of the 300 UK-based
organizations surveyed, 53 per cent are utilizing cloud services in some form. The private sector continues to lead the public sector with 56 per cent and 49 per cent respectively.
8
What is the future of Cloud Security?
February 1, 2012
SafeMedia helps organizations gain control of their resources, and creates a new
paradigm in security. Through our patented non-IP-Centric solution, in tandem with
protocol behavior analysis and behavioral recognition, we can stop penetrations, and/or
dissemination of proprietary information, costing organization millions of dollars
annually.
SafeMedia, through a combination of intelligent, self-healing, solution sets (Neural
Network Design, Artificial Intelligence, and Machine Learning Concepts) offers passive
IDS monitoring systems as well as active in-line/in-band IPS choke points with
unsurpassable power and granular controls to protect your network against the
traditional intrusion vulnerabilities while mitigating the new generation of threats and
threat vectors. SafeMedia's Network Security system safely enables high-value, high-risk
Cloud applications deployment, while mitigating the risks associated with such
applications. SafeMedia's Intrusion Detection and Prevention “Solution” offers features
including attack recognition beyond simple signature matching, dropping of malicious
sessions as opposed to simple resetting of connections, and the deployment of secure
distributed architecture, consisting of dedicated hardware, embedded applications and
non-IP centricity that operate at "wire speed".
9