private cloud day session 5 a solution for private cloud security
DESCRIPTION
More info on http://www.techdays.beTRANSCRIPT
Private CloudA Solution for Private Cloud Security
TomShinderPrincipal WriterSCD iX Solutions Group
Why Architecture?
What’s in it for me?
CorporateExecutiveBoard
Gartner
Is this your network today?
Anatomy
Physiology
Pharmacology
Biochemistry
Neuroscience
Pathology
MicrobiologyDefinitionsConstraints
RequirementsDecision Points
Agenda
A Solution for Private Cloud Security
Key Security Differences in Private CloudPrivate Cloud Security PrinciplesPrivate Cloud Security ChallengesPrivate Cloud Reference ModelPrivate Cloud Security Model
Agenda
Key Security Differences in Private Cloud
A Solution for Private Cloud Security
Secu
rity
Resp
onsi
bili
ty
Secu
rity
Att
ack
Ty
pes
Cloud Security Threats and Countermeasures at a Glance
Shared Tenant Model
• Multiple orgs and divisions
Multitenancy in private
cloud
• Authentication• Authorization• Access controls
Requires logical
separation
Host B
Host C Host D
Host A
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Virtualization PlatformMobile
Workloads
Automated Mobility
Unlinked from Px
Security Tools
Playing catch-up
Virtualization of Security Controls
• Integrate with the private cloud fabric• Provide separate configuration
interfaces• Provide programmable elastic, on-
demand services• Support policies governing logical
attributes• Enable trust zones separating multiple
tenants in a dynamic environment
Private Cloud Security Principles
A Solution for Private Cloud Security
Principles provide general rules and guidelines to support the evolution of a secure cloud infrastructure. They are enduring,
seldom amended, and inform and support the way you secure the private cloud. These principles form the basis on which a secure
cloud infrastructure is planned, designed and created
The Eleven Private Cloud Security Principles
Limit “routing”
Use strong cryptography
Minimize attack service
Audit extensively
Strong GRC
Automate security
operations
Security is a wrapper
All data locations
accessible
Attackers are AuthN and
AuthZ
Enforce Isolation
Apply generic security best
practices
Cloud Security ChallengesSecondary to Essential Characteristics
A Solution for Private Cloud Security
Resource PoolingAs a consumer (tenant) of the services offered by a
private cloud in my enterprise, I require that
application data is secure, no one else can access it, and that the data is safe if
something untoward occurs
Prevent leakage between tenants
AAA
Also applies to administrators
Role Based Access Control
On-Demand Self-ServiceAs the architect, designer,
or operator of a private cloud solution, how do I
control who has access to my private cloud services and how do I monitor and
audit the use of my services?
Who has authority to:
Demand Provision Use Release
Errors in security
provisioning
Clean up processes
SLA needsto be explicit
Rapid ElasticityI am concerned that a rogue
application, client, or denial of service (DoS) attack might
destabilize the data center by requesting a large amount of resources. How do I reconcile
the perception of infinite resources with reality?
Automation -> Resource DoSMalicious and InadvertentMonitor/Manage ResourcesPolicy Based Quotas
Broad Network AccessAs an architect of a private
cloud solution, I want to be sure that an appropriate level of
security applies regardless of client location and regardless of
form factor. This requirement applies to both cloud
management and application security.
Bring Your Own Device
Assess device state
Application access control
Data on device
Dissociation of IT from Device Control
Broad Network Access - Reperimeterization
Driven By:
• IPv6• Porous
borders• “Tail
Chasing”• Cost/benefit
Authenticated Attackers
Client TypesDefense in
Depth
Private Cloud Reference ModelPrivate Cloud Technology Model
A Solution for Private Cloud Security
What is a Reference Model?
• Abstract• Describes entities and there
relationships• Defines and clarifies a problem
space• Technology agnostic
A Reference Model is:
• Create standards for objects in the model
• Break down a large problem space• Define concepts and relationships• Define and create roles and
responsibilities• Compare different things (software
solutions)
A Reference Model can be used to:
Refe
rence
M
odel
Tech
nolo
gy
Model
Private Cloud Security Model
A Solution for Private Cloud Security
Private Cloud Security ModelSecurity Domains
Security Functionality
Infrastructure Security
Platform Security
Software Security
Service Delivery Security
Management Security
Client Security
Legal/Compliance
Secu
rity
M
odel
A Closer Look: Virtualization Security
WindowsKernel
Server Core
Virtualization Stack
DeviceDrivers
Windows hypervisor
VM WorkerProcesses
Guest Partitions
Ring 0
Ring 3
OSKernel
VMBus
GuestApplications
Root Partition
CPUStorage NIC
Ring 0
Ring 3
“Ring “-1”
Microkernel HypervisorIsolation boundary between partitionsMinimal TCB with no third-party drivers
Root partitionMediates all access to hypervisorServer core minimizes attack surface
~50% less patching requiredGuests cannot interfere with each other
Dedicated workers processesDedicated VMBus channel
Secure Virtualization Platform
Monolithic Hypervisor hosts:Virtualization stack3rd party device drivers
Larger code baseHarder to security testMore exposure
HardwareHypervisor
VM 1 VM 2Virtual-ization Stack
RootPartition
Drivers
GuestPartition
GuestPartition
Hypervisor
VM 1(Admi
n)VM 2 VM 3
Hardware
Drivers
Virtualization Stack
“The fact is, the absolute last place you want to see drivers is in the hypervisor, not only because the added abstraction layer is inevitably a big performance problem, but because hardware and drivers are by definition buggier than "generic" code that can be tested.”Linus Torvalds, https://lists.linux-foundation.org/pipermail/desktop_architects/2007-August/002446.html
A Closer Look: Physical Network IsolationHosts and VMs support 802.1Q (VLAN tagging)
Each assigned VLAN IDEnforced across network fabricFirewalls permit inter-VLAN traffic as per policy
Isolates:Host from guestsMgmt. traffic from guest traffic
Data Center’sPhysical Servers
Guest OS
Data-Center Network
A Closer Look: Logical Network IsolationHost-based firewall enabledBlock all inbound connections to non-essential services
Deny guest to host / management systemsCentrally managed firewall policy
Server and Domain Isolation using IPsecNon-domain hosts cannot connectTrusted hosts within domain mustauthenticate to connect
Network Level AuthenticationAuthIP
Next Steps
http://social.technet.microsoft.com/wiki/contents/articles/6642.a-solution-for-private-cloud-security.aspx
For More Information
www.technet.com/cloud/private-cloud
http://social.technet.microsoft.com/wiki/contents/articles/6642.a-solution-for-private-cloud-security.aspx
Free Stuff!
This presentation is yours!• Re-present it• Lots of speakers notes• Improve it!
QuestionsCommentsIdeas
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.