Security Concerns with Cloud Computing

IBM Power Systems

Security Considerations for Cloud Deployment

Jeff Uehling, IBM i Network & Security Development uehling@us.ibm.com IBM - Rochester, MN

Is Cloud Computing really a new concept?

Cloud computing is a consumption and delivery model inspired by consumer Internet service and is optimized for IT / Business Services

Cloud enables : – User self-service – Outsourcing options – Dynamic scalability

Multiple types of clouds will coexist: – Private – Deployed Inside a customer’s firewall – Public – Provided and managed by a 3 rd party via subscription An effective cloud deployment is built on a – Hybrid – a mix of Public and Private dynamic Infrastructure and should be part of models based on Workload an overall Data Center transformation plan

Time to Deploy a Server Weeks or Months Seconds to Minutes

Commitment to use Service Negotiate & Commit Year-long Contract Select from Catalog & Pay As You Go

Necessary Upfront Investment $ $K-$M in Infrastructure → $$ per IT hour No or Low Upfront → ¢ per IT hour

Results from IBM cloud computing engagements

Increasing Test provisioning Weeks Minutes speed and flexibility Change management Months Days/hours

Release management Weeks Minutes

Service access Administered Self-service

Standardization Complex Reuse/share

Metering/billing Fixed cost Variable cost

Reducing Server/storage utilization 10–20% 70–90% costs Payback period Years Months

Source: Based on IBM and client experience.

Cloud technologies can offer operational expense reductions and improved service at all layers

Agents End Users Support Community People Crowdsourcing Services

Retail Banking Trade & SC Finance Payments Mobile Banking Front Office Optimization

Business Services

Customer Care Payments Int. Risk Mgmt. Industry Frameworks & Information Foundation Application

Services End User Interaces Service/Software B2BPartnerships Mashup Server Catalogs Open Foundation (WS Framework, Service Bus)

Platform Fulfillment Assurance Billing Services

Experience Service Cloud Business & Operations Support Management. Dynamic Provisioning Process & Policy Mgmt. Problem & Change Mgmt. Distributed Cloud Computing Services Infrastructure Services Data Mgmt. Virtualization Workload Mgmt SLA & Capacity Provisioning Security Monitoring

MBPS (eHR, LBPS, etc.) Live Mesh ‘People’ Services

Business Services Live BCRS Application Services ISS

Platform Services

Service Cloud Layers Cloud Service ISSC/SO

Infrastructure Services

2000 2006 2009 Static, dedicated, outsourced Network-delivered, off-premises Shared, automated, dynamic

What Cloud Services are available today?

Hundreds… Thousands… growing by the day!

Collaboration CRM/ERP/HR

Business Industry Processes Applications Software-as-a-Service

Web 2.0 Application Java Middleware Runtime Runtime

Development Database Tooling Developer Platform-as-a-Service Cloud

Data Center Servers Networking Storage Fabric

Shared virtualized, dynamic provisioning Computing on Infrastructure-as-a-Service Demand

Top public workloads Top private workloads Audio/video/Web conferencing Data mining, text mining, or other analytics Service help desk Data warehouses or data marts Infrastructure for training and demonstration Business continuity and disaster recovery WAN capacity and VoIP infrastructure Test environment infrastructure Desktop Long-term data archiving/preservation Test environment infrastructure Transactional databases Storage Industry-specific applications Data center network capacity ERP applications Server

Infrastructure and Database, application and collaboration workloads infrastructure workloads emerge as most appropriate emerge as most appropriate for a for a Public offering Private offering

1. End User to Cloud - Application running on the cloud with access for end-users

2. Enterprise to Cloud to End-user (Interoperability) - Applications running in the public cloud – access from employees and customers

3. Enterprise to Cloud (Integration) - Cloud application integrated with internal IT capabilities

4. Enterprise to Cloud to Enterprise (Interoperability) - Cloud application running in the public cloud and interoperates with partner applications (supply chain)

5. Enterprise to Cloud (Portability) - Cloud application running in the cloud – flexibility to move to a different cloud provider in the future or in-house

6. Private (intra) Clouds - Interoperability / integration within elements of a private cloud and between a private cloud and a traditional environment

Model 1: End User to Cloud

What is it ? – Application running in the cloud with access for end-users Public Cloud Scenarios : Application – Get new Web app provisioned worldwide quickly (e.g., the next facebook, linkedin, gmail, etc …) – Don’t need IT infrastructure, flexible acquisition

Model 2: Enterprise to Cloud to End-user

What is it: – Deploy cloud based application specifically for the cloud – access for employees and for customers Public Cloud Scenarios: – Online sales through catalog, needs to link back into enterprise systems for fulfillment Application • web app and shopping cart in cloud, fulfillment inside existing enterprise systems External – Two sub-models • End User is employee in the Enterprise (e.g., Travel Expense Account Internal application)

• End User is Web customer outside the Enterprise (e.g., online sales)

What is it? Public Cloud B – Cloud application – integrated with internal IT capabilities Application / Data Scenarios : – Typical approach of integrate with existing on premises and off- External premises capabilities or other cloud application (customer list, access Internal Integrate with control, data) existing on premise capabilities

Enterprise IT (Traditional, Private Cloud or Hybrid)

What is it? – Cloud application running in the public cloud – interoperate with partner applications (supply chain) Public Cloud

Scenarios : Application – Brokers, common function providers Application (e.g., supply chain, broadcast recall to multiple customers, broadcast RFP to suppliers, “classic” B2B) Large manufacturer A External

Internal

Large manufacturer B

What is it? – Cloud application and/or data running in the cloud – flexibility to move to a different cloud Public Cloud A Public Cloud B provider in the future or in-house Application / Application / Scenarios: Data Data – Flexibility and choice to change application Move to platform suppliers another cloud – “Write once, run anywhere” External

Move in- Internal house

Application / Data

What is it? – A “private” cloud-based service, offers many of the benefits of a public cloud computing environment. The difference is External that data and processes are managed within the organization. Internal Scenarios : – The enterprise would leverage a private cloud to provide Self-service capabilities, On-Premise or Off Premise real-time infrastructure. – Interoperability / integration within elements of a private cloud and between a Private Cloud private cloud and a traditional environment OS Images (Virtual / Physical)

Database Schema /Instances

Storage (SAN/NAS)

If this is so logical…

Why isn’t everyone doing it?

So what type of business and security challenges does cloud computing introduce? Today’s Data Center Tomorrow’s Public Cloud

We Have Control Who Has Control? It’s located at X. Where is it located? It’s stored in server’s Y, Z. Where is it stored? We have backups in place. Who backs it up? Our admins control access. Who has access? Our uptime is sufficient. How resilient is it? The auditors are happy. How do auditors observe? Our security team is engaged. How does our security team engage? © 2010 IBM Corporation IBM Power Systems Security is a top concern with cloud computing…

The Tale of two studies shows that Security is the number one inhibitor to customers adopting cloud technologies.

What, if anything, do you perceive as actual or potential barriers to acquiring public cloud services?

Security/privacy of company data 69%

Service quality 54%

Doubts about true cost savings 53%

Performance / Insufficient 52% responsiveness over network

Difficulty integrating with in-house IT 47%

Source: IBM Market Insights, Cloud Computing Research

Source: Oliver Wyman Interviews

Gartner’s security risks of cloud computing

Privileged User Access

Data Segregation

Data Recovery

Investigative Support

Regulatory Compliance

Data Location

Disaster Recovery

Gartner: Assessing the Security Risks of Cloud Computing, June 2008

Over where the information is located and stored, who has access and backups, how is it Challenges with an monitored & managed Control needed to manage increase in potential including resiliency firewall and security unauthorized exposure settings for applications when migrating workloads and runtime environments to a shared network and in the cloud compute infrastructure Less Restrictions imposed Control Concerns with high by industry regulations availability and loss of over the use of clouds Security Data service should outages for some application Security Management occur

Compliance Reliability

Top 10 factors for a secure Cloud Infrastructure

Data Protection Access and Identity Application Provisioning & Deprovisioning Application & Environment Testing Service Level Agreement Vulnerability Management Business Resiliency Audit & Governance Cross Border Protection Intellectual Property & Export Laws

What are the Risks

Policy and Organizational Risk - Things that may directly degrade the ability of the consumer organization to conduct business in efficient manner

Legal Risk - Things that may put the consumer organization in breach of the law or that may prevent compliance with specific legal mandates

Technical Risk - Things that may disrupt normal operations of the consumer organization or cause loss of value over intangible assets (data, reputation, etc.)

Transitional Risk - Things that may temporarily put the consumer organization’s “traditional” infrastructure and operations under increased risk

Policy and Organizational Risk

5 INTRINSIC RISKs

1. Resource sharing and pooling - Data (intangible assets) can not be tied to physical assets (tangible HW resources), assets must be referenced by their content not their supporting media or storage location

2. Network accesses - Porous perimeter, authorization & authentication become more important issues

3. Service elasticity and scalability - Grow-on-demand and pay-as-you-go can backfire. Seemingly infinite capacity may not be so under attack.

4. On-demand self-service - Hijacking of the consumer’s control plane (user interface.

5. Measured service - Economic denial of service, depletion of service quota

Legal Risks

E-discovery and Subpoena - Where is the evidence that I need to hand out? Intangible assets cannot be mapped to physical assets or geographical locations. Service provider may not be cooperative. Resources are pooled and shared so they can’t be “taken” without affecting co-tenants and/or service provider operations.

Change of jurisdiction - Which privacy (Data protection ) and security laws are applicable when intangible assets and processes are outsourced to service providers with distributed data centers across several continents? Do national laws local to the service provider’s data center supersede those local to consumer’s organization?

Data protection - It can be difficult for the cloud customer (in its role of data controller) to effectively check the data processing that the cloud provider carries out, and thus be sure that the data is handled in a lawful way. Conflicting data encryption standard requirements, lack of notification of data breaches by the service provider, storage of data collected unlawfully by co-tenants .

Technical Risks

Isolation failure - Break out of the VM, storage compartment, virtual network, VPN, etc.

Compromise of the management interface - Hijack of the consumer organization’s cloud computing infrastructure, loss of control plane (user interface).

Data leakage – Data Leakage to co-tenants (Intra-cloud ) or from the cloud

Insecure data lifecycle management - Insecure or ineffective deletion of data, loss of consistency, data duplication

Economic denial of service - Depletion of quota vs. runaway service costs vs loss of efficiency

Coarse access control - Insufficient granularity to implement authentication, authorization or auditing controls

Conflicting Provider- Consumer security standards - Provider can’t meet the consumer organization’s security requirements

Transitional Risks

Disruption of endpoint security - Cloud applications that require installation of client-side components or use of specific desktop applications may weaken the consumer’s security posture

Credential Leakage - Improper lifecycle management of credentials needed to access cloud applications. Shared access for “testing purposes”, open access to cloud user interface

Punctured perimeter - Punching “temporary holes” in network filtering rules. Network IDS with lost visibility, tunneling.

Transitive trust - Internal/ legacy applications suddenly made to transitively trust the cloud. Reuse of credentials, hard-coded passwords, certificates, etc.

New complexities:

Dynamic relocation of VMs

Increased infrastructure layers to manage and protect

Multiple operating systems and applications per server

Elimination of physical boundaries between systems

Manually tracking software and configurations of VMs

Risk depends on cloud type

Public cloud riskiest (mixed tenants) Private cloud least risky (BAU) – but places higher demands on the company •1:1 ratio of OSs •1:Many ratio of OSs and Hybrid (private + public) provides a and applications per server balanced solution applications – sensitive data stays private per server •Additional layer to manage – public cloud used for non-sensitive data. Can be always or just for and secure demand spikes

High

Mission-critical workloads, personal information Tomorrow’s high value / high risk workloads need:

• Quality of protection adapted to risk

Need for ● Direct visibility and control Analysis & Security simulation with ● Significant level of assurance Assurance public data

Today’s clouds are primarily here:

Training, testing ● Lower risk workloads with non-sensitive data ● One-size-fits-all approach to data protection Low ● No significant assurance

● Price is key Low-risk Mid-risk High-risk Business Risk

IBM Cloud Offerings

Consulting Services in support of Cloud Computing

● Infrastructure Strategy & Planning ● Testing Services for Cloud ● Strategy & Change Services for Cloud Adoption ● Networking Strategy & Optimization ● Strategy & Change Services for Cloud Providers

Smart Business Offerings: comprehensive cloud solutions for infrastructure workloads

Development Desktop Infrastructure Storage Analytics Collaboration and Test Workloads available on multiple delivery models ... with embedded service management

Infrastructure services & technologies enabling cloud computing Services ● Security Technologies

● Resiliency optimization (BCRS) ● Tivoli Service Automation Manager ● Data Center ● WebSphere Hypervisor Edition ● Tivoli Live Monitoring Maintenance

Analytics Collaboration Development Desktop and Infrastructure Infrastructure Business and test devices compute storage services

Smart business IBM Lotus Smart IBM Smart IBM IBM BPM on the IBM cloud Live Business Business Computing Information BlueWorks Standardized services IBM Lotus ® Development Desktop Cloud on Demand Protection (design tools) on the IBM cloud ® iNotes and Test on Smart Business Services Smart business the IBM End User expense reporting Cloud (beta) Support on the IBM cloud

IBM Smart Business IBM Smart IBM Smart IBM Smart IBM Services Analytics Business Business Smart Private c loud services , Cloud Test Cloud Desktop Business behind your firewall, built and/or managed by IBM Cloud Storage Cloud

IBM Smart Business IBM Smart IBM IBM Smart Business Systems Analytics CloudBurst Information for Small or Preintegrated, workload- System ™ family Archive Midsize optimized systems Business (backed by the IBM Cloud)

Global Technology Services

Tivoli Service Automation Manager (TSAM) IBM Systems Director and VMControl Tivoli Provisioning Manager (TPM)

Cloud services definition and provisioning Power System Pools simplicity Software full lifecycle management Policy-based workload resilience Policy creation and enforcement Best-practices image management Automated SAN provisioning

Tivoli Storage Productivity Center (TPC) SAN Volume Controller (SVC)

Simplified SAN management Integration with VMControl for automated disk provisioning

IBM DS5000, DS8000, XIV; EMC; HDS Best-of-breed Power Systems Virtualization Heterogeneous storage management Sharing and dynamic allocation of Decoupling of physical and virtual storage resources across environments Pooling for increased virtualization Multi-OS support: AIX, i, Linux

IBM i as a Cloud Server

Strengths - stands out in multi-tenant

Good Isolation Object-based architecture IBM i enforced Security and encryption Database schema and IASP isolation System Director WebSphere – separate enterprise applications – role-based security Memory Pools Subsystems Processor Pools Group Profiles Active Memory Sharing …

In short, a multi-user, multi-app OS from day 1

Single app. One server One OS One AP One application servicing stack for stack for Stack for each Stack per tenant multi each tenant each tenant tenant tenants

Tenant Tenant Tenant Tenant Tenant Tenant Tenant Tenant Tenant Tenant

App App App App Enabling Technology App App App App Application

• Apache web servers • WebSphere Application Servers AP AP AP AP AP AP AP AP • IBM i subsystems • DB2 for i • Independent Storage Pools DP DP DP DP Data Platform Data Platform Data Platform • Schema isolation • Subsystems, Memory Pools • Threads, Users/Groups OS OS OS OS Operating System Operating System Operating System • Validation lists

• PowerVM • PowerHA Infrastr. Infrastr. Infrastructure Infrastructure Infrastructure Infrastructure • Systems Director Data center floor Data center floor Data center floor Data center floor Data center floor

I III IV V Legend: II Physical-level or Shared Hardware Operating Platform-level Application-level isolated multi- System-level multi-tenancy multi-tenancy Dedicated multi-tenancy tenancy multi-tenancy Shared

IBM i performs well here IBM i performs very well here

Partition mobility Partition hibernation Virtual resources Image (partition) External storage w/ provisioning/cloning Physical systems VIOS and SAN Virtualized everything Internal storage Dynamic resources Workflow automation Static resource for partitions More granular licensing partitions Network install and Flash copy checkpoints Manual setup backups and snapshots Physical media Scripted partition HA install creation Licensing per core Licensing per core Backups HA Potential Future Present enhancements

Past

IBM CloudBurst

– A complete, pre-packaged cloud environment. Includes both hardware and software

– CloudBurst on Power is slated for 4Q 2010 delivery (v2.1)

Market splash: – The IBM CloudBurst solution on Power is planned to provide everything you need for a private cloud environment including Tivoli service management software, storage, network and the most efficient platform for cloud computing with Power Systems, enabling customers to rapidly realize the benefits of cloud computing

Monitoring Monitor both physical and virtual server environments Usage and Accounting IBM Cloudburst Provide metering and accounting for cloud services “Built for Purpose” Cloud Enable integration to billing systems if Solution High Availability needed Make management system DB highly available

Virtualized HW Management Enhanced Tivoli Service Automation management of the Manager (TSAM) virtual environment Server, Storage, Network HW Orchestration of Cloud operations Preinstalled and Integration point for configured on IBM service mgmt hardware capabilities Energy Management Service catalog and templates Energy management Automated of the hardware provisioning of virtual infrastructure systems

10 20

Key Enhancements Expand HW Platform to IBM CloudBurst Power Systems, Future iDataplex, and System Z Cloud Analytics and Optimized for Dashboard capabilities Production Cloud capacity Planning Workloads Enhanced security & New! resiliency options Compliance reporting options New Enhancements Integration with public Energy metrics integrated with IT cloud offerings service management system Accounting, usage and metering Optimized for IBM CloudBurst 1.2 Development & High availability configuration Enhanced security options Test Workloads Integrated with WebSphere 9 CloudBurst 00 2 Delivered! IBM CloudBurst 1.1 Capabilities System X BladeCenter HW; scalable and modular GTS CloudBurst QuickStart Services Request, Deploy and Manage VMWare virtual environments IBM WebSphere Energy Utilization metrics CloudBurst Appliance Backup and Recovery

Thank you!

For more information, please visit: ibm.com/cloud

Or, contact me: Jeff Uehling [email protected]