Cloudinomicon :: Idempotent Infrastructure, Survivable Systems & Bringing Back Information Centricity

v1.7 2 Key Takeaways

+ Not All Public Cloud IaaS Offerings Are Created Equal or for the same reasons.

+ Differentiation Based Upon Networking, Security, Transparency/Visibility & Forensics. TRUST.

+ Apps In Public IaaS Clouds Can Most Definitely Be Deployed As Securely Or Even More Securely Than Those In An Enterprise...

+ ...However, They Require Profound Architectural, Operational, Technology, Security and Compliance Model Changes

+ Time To Get The Bell Bottoms Out Of The Closet: What’s Old Is New Again... Blame The French:: Siege Warfare & the Trebuchet... Technically Blame the 4 Greeks & Romans...

+ Introduced in ~12th century by the French who bettered the design elements of the catapult & ballista

+ The trebuchet utilized a sling to double the power of the engine and throw its projectile twice as far

+ Catapults were efficient mechanisms for lobbing loads of 50-60 pounds

+ Trebuchets could throw stones of up to 300 pounds and at great distance A Better Mousetrap But A More Complex Operational Model

+ The sling trebuchet was a marriage of previous catapult design, application of better physics & advanced physical science.

+ It works on a simple principle, but there was nothing simple about making sure a sling trebuchet was built or operated with precision...* *http://www.medieval-castle-siege-weapons.com/sling-trebuchet.html 6 WTF Does That Have To Do With Cloud?

+ Evolutionary application of revolutionary ideas*

+ Caused quite a stir and a wholesale shift in strategy

+ Laid the foundation for even more ass-kicking innovation

+ Automation, FTW!

* Gravity. Who Knew? Shifts In Thinking: IT Infrastructure Evolves + Consolidating From Servers To Pooled Resources Of Compute + Network & Storage Moving From Dedicated Switches & Local Disk To Clusters And Fabrics, Implemented In Both Hardware And Software + Escaping From Tightly-Coupled Hardware/Software Affinity To Distributed Computing Enabled By Virtualization + Transitioning From Infrastructure To Composeable Service Layers Our Focus In 8 Contrast

J%7"*$'F1/,$'G<'>;4K'L1(?%3B'I,M3%E13'G<'0$1"/'012C"E3B'' + Private cloud. The cloud 57#899:::;6-06;(.-);<%/9<0%=#-9>?>96$%=,@6%'#=2(<9.(,"A;5)'$**

=(1*/'' G3HI,2*3/'' A*C%/'D$*7E&%+.' F,*7"(,/'4,()%&,' infrastructure is operated solely >,+61(?'@&&,77' 4,$

managed by the organization or 4156*(,'*7'*' !$*:1(2'*7'*' ;3<(*7+("&+"(,'*7'*' !"$./"0&* +%,"$-* a third party and may exist on 4,()%&,'84**49' 4,()%&,'8!**49' 4,()%&,'8;**49'

premise or off premise. !"#$%&'"()* !"#$%&' !(%)*+,' -.#(%/' 0122"3%+.' +%,"$-* + Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Private OR “Enterprise” IaaS To Boldly Go... 9

Private: Leverage Virtualization To Yield Higher Efficiency In Service Delivery, Agility And Meet Existing Security And Compliance. Infrastructure Exposed.

General Preservation Of Existing Architectural Blueprints But With Virtualized/Converged Infrastructure. Primarily Hardware Infrastructure Enabled & Enterprise-Class Virtualization Layers

Public: Fundamental Re-Architecture Of Application, Operations & Service Delivery Leveraging Virtualization & Automation. Massive Abstraction.

Focuses On Scale, Lower Costs And Homogeneity At Infrastructure Layers. Primarily Software Enabled 10 Public Cloud...

+ Not All Public Clouds Are Created Equal Or For The Same Purpose

+ Scale Enabled By Abstracted & Idempotent Infrastructure

+ Massive Data Centers With Hundreds Of Thousands Of Cores, Huge Storage And Bandwidth

+ Extremely Agile, Heavily Virtualized, Mostly Automated & Hugely Software Driven

+ Management Via API Across 11 The Great Divide... Therein lies the problem...

+ Huge monocultures of custom hardware and software layers abstracted for your pleasure

+ It’s the functional equivalent of Siebel: don’t fit the software to the business, change the business to fit the software.

+ ...not necessarily a bad thing, but cultural, operational, security, and compliance issues are daunting. Public Cloud:

All About Gracefully Giving Up Direct Operational Control Over Infrastructure 13 We Need Risk Ritalin There Be Monsters Here...

+ Suffering From Security Attention Deficit Disorder & Lack Of Holistic Approach

+ Threat Model Velocity And Innovation Of Attacker > Defender

+ Security Doesn’t Scale (By Design)

+ Economic Model Does Not Incentivize Solutions That Solve Long Term Problems 14

Manage Disruptive Innovation before it manages you... id*#,b^aa^dc^c'%&(#

&Ig^aa^dc Happy 8dccZXiZY9Zk^XZh &Ig^aa^dc Happy, &)%XdccZXiZY *%%b^aa^dc YZk^XZheZgeZghdc &$&%i]d[VXdccZXiZY JoyJoy YZk^XZeZgeZghdc

(*W^aa^dc HdjgXZ/;dggZhiZg GZhZVgX]!8^hXdVcVanh^h *XdccZXiZY ¸[dgZXVhid['%&( YZk^XZh Vhhjb^c\Xdch^hiZci \gdli]igZcYh eZgeZghdc

6eea^XVi^dch &!*%%!%%% idiVabdW^aZ Veea^XVi^dch (%%% ldgaYl^YZ idiVabdW^aZ '+*!%%% HdjgXZ/L^cYdlh idiVabdW^aZ BdW^aZ!Bdg\VcHiVcaZn! Veea^XVi^dch 8^hXdVcVanh^h¸[dgZXVhi d['%&(Vhhjb^c\ ldgaYl^YZ Veea^XVi^dch ldgaYl^YZ Xdch^hiZci\gdli]igZcYh

HZXjg^inI]gZVih *!,%%!%%% hZXjg^ini]gZVih +')!%%% hZXjg^ini]gZVih

HdjgXZ/HnbVciZX! '!+%%!%%% 8^hXdVcVanh^h¸[dgZXVhi hZXjg^ini]gZVih d['%&(Vhhjb^c\ Xdch^hiZci\gdli]igZcYh

Cisco 2010 Mid-Year Security Report '%%, '%&% '%&( ‘Round & ‘Round We Go...

Display Mainframes Compute Achtung! Divergent Models Data

Bandwidth The Cloud

Centralized Web2.0 Unreliable/Slow Client/Server Reliable/Fast More Reliable/Faster

Mostly Reliable/Fast y Distributed Mostl y Centralized Mostl

Distributed

Web1.0 * Credit: Gunnar Peterson Revenge Of The Hamsters...

The Security Hamster Sine Wave of Pain

Network Centricity

User Centricity

Information Centricity

Application Centricity Control Deployment/Investment Focus Host Centricity

Time

* With Apologies to Andy Jaquith & His Hamster... Revenge Of The Hamsters...

The Security Hamster Sine Wave of Pain

We Are Here Network Centricity

User Centricity

Information Centricity

Application Centricity Control Deployment/Investment Focus Host Cloud Centricity Deployment Is Here

Time

* With Apologies to Andy Jaquith & His Hamster... Deconstruction

Infostructure Content & Context - Apps, Data, Metadata, Services

Glue & Guts - Metastructure IPAM, IAM, BGP, DNS, SSL, PKI

Sprockets & Moving Parts - Infrastructure Compute, Network, Storage 20

Idempotent Infrastructure Idempotency & 21 Public IaaS Cloud

+ Homogeneity Provides Foundation For Scale [out]

+ Does Not Always Imply Commodity Hardware

+ Maximize Density & Modularity Of Resources

+ Constant Deployment Model (Agile) Of Software Driven “Infrastructure”

+ Code As Infrastructure Infrastructure (and vice versa) Attack Of the stack 22 + Some Examples Of The Growing Number Of Available Cloud “Operating Systems”:

+ OpenStack.org

+ Cloud.com CloudStack

+ Citrix XenCloud

+ VMware vCloud

+ Enomaly ECP

+ RedHat Cloud Foundations

+ Nimbula Director

+ Eucalyptus Enterprise Edition

+ Open Source vs. Open Core vs. Proprietary...The business models matter! Compute Architecture - Cores & Memory

+ Compute Fabrics:

+ Commodity, “Engineered” or Proprietary/Specialized

+ Lots of CPUs vs Fewer CPUs With Lots Of Cores

+ CPU vs GPU (or otherwise)

+ Low Power, Low BTU, Highly Dense

+ Dedicated vs Huge Shared Memory

+ Management via RESTful HTTP API Infrastructure 23 “Datacenter Networks 24 Are In My Way*”

!"#$%&

! '(#)#*+,#-*.(#*/,$#0*1,2 " 3-*$#.*"#&)*)#&440*.(#*5),64#72 ! ',)84,&%*94&:#7#$.*;#-.)<:.<,$- ! =<#)&):(<:&4*>*?@#)ABC6-:)<6#% ! D#.*1#&)E*BFG*,H*.(#*+&.&*I#$.#) ! /&<$H)&7#*JC-<$#--*/,%#4 ! /&$C&440*I,$H<"C)#%*>*K)&"<4#*&.*B:&4# ! 9),64#7-*,$*.(#*J,)%#) ! BC77&)0

LMMNOPMOLQ (..5EOO5#)-5#:.<@#-R7@%<),$&R:,7 InfrastructureL

* James Hamilton, AWS Network Architecture + Where’s the Network? Software vs Hardware: VMM-Integrated, Nexus 1000v, Open vSwitch, OpenFlow, Nicira, Or Hybrid Models...

+ Hugely Abstracted Networks Create Challenges With:

+ Topology - L2/L3 Design, Multicast/Broadcast, STP, etc. New protocols: FabricPath, OTV, TRILL, HIP, LISP...

+ Security - Presentation Of Hooks To Interconnect/Segment, Visibility, Management

+ Mobility - Dynamism Stresses Resource: Naming, Location, Addressing, etc.

+ Performance - I/O, Packet Ping Pong, QoS

+ Revenge Of The Meshed Overlay VPN & PKI

+ Need for PKI, Link (Physical & Logical) Infrastructure Encryption, Authentication, Tagging Network Architecture (Cont.)

+ Big, “Dumb,” Flat, Fast L2 Networks Vs. Next Generation Of Classical Core|Distribution| Access

+ Heavily Virtualized High Density, Low Latency, Non-Blocking, Line Rate, 10+Gb/s

+ Full Bisection Bandwidth vs. Statistical Multiplexed & Over-subscribed

+ Segmentation, Multi-tenancy & Scale: Abstracted Into VMM or (p)VLANs/VRF or by separating data/control/flow planes

+ Programmable & Open vs. Fixed & Proprietary

+ Data-Only Versus Converged Data & Storage

+ RESTful HTTP APIs and Exposed Interfaces for Automation/Provisioning/Orchestration/ Infrastructure Instrumentation VMs : The New DMZ? 27

+ Practically, The VM Boundary Is The Emerging Atomic Unit And Therefore Is The Logical Perimeter. For Now. + Ultimately We’ll See A New Measure As VM’s & The Servers They Replaced Give Way To PaaS/Language Abstractions & “Workload” Gets More Defined* + The Cloud OS Platform Networking Can Clearly Be A Fantastic Differentiator Or A Huge Limiter For Delineating Policy Boundaries

Infrastructure

*E.g. Heroku uses “Slugs” & “Dynos” Storage 28 + Local disk vs NAS/SAN/Object- Based

+ Storage Can Be Exposed via RESTful/SOAP APIs Or Volumes

+ Persistent vs Non-Persistent

+ Volume/Bucket/File Size Limits

+ Converged (FCoE) Storage & Networking

+ I/O and Performance

+ Impacts On Application Architecture

+ Storage “Mobility”

+ BCP/DR/Resilience/Recovery

+ Isolation/Security/Forensics in Infrastructure Multi-Tenant Environments Protocols: That Pesky TCP/IP

+ Van Jacobson Summed It Up Well (and I Paraphrase)*:

+ The Cloud Today Is Like The ARPAnet Of Yesterday: “...At The Outset The New Network Looked Like An Inefficient Way To Use The Old Network.”

+ Ubiquitous “Any-To-Any” Communication Is Not What TCP/IP Was Created For; When Created, Computers Were Huge Things That Lived In Glass-Walled Machine Rooms & Had 1000 People Using The Same Machines...

+ Communications Today Are Disseminatory Versus Conversational; Mobility, Naming/Location and Trust Are Big Issues

+ Things that people are doing with cloud and what the cloud does inside are different; use cases are the side effect.

+ Today’s Networking [Protocol] Problems Don’t Reflect An Architectural Failing, But Rather TCP/IP’s Success In Creating A World Rich In Information & Communication; TCP/IP Is A “Success Disaster” Metastructure * Van Jacobson: A New Way To Look At Networking | 2006 | http://bit.ly/5jGte29 30

The Solutions Are Not Flawed, The Problems Have Changed “Developers Are the 31

New Kingmakers” Infostructure

“The high level of usage (and its somewhat clandestine nature) was illustrated at a conference earlier this year when one CIO noted that he had gone through the expense reports turned into him for reimbursement and found 50 different cloud computing accounts being used by developers in his organisation. The reason? It's a lot easier for a developer to obtain computing resources from a public cloud provider than to undergo the extended waits typical of the existing compute environments.”*

* B. Golden “Cloud computing: The truth about what runs on Amazon” Application Infostructure Architecture + Architecturally, The Classical n-Tier/DMZ Segment & Asset Grouping Methodology May No Longer Apply

+ Applications Are Likely Not Composable In This Manner As They Are More Topologically & Infrastructure-Insensitive Than Ever (See Flat L2 designs)

+ In Many Cases, Applications Must Be Completely Rewritten To Leverage Public Cloud & The Security Models Must Be Adjusted

+ Dumb Networks Equal Dumber Security Or At Least Less Options/Capabilities; Workload Sensitivity vs. Network Capability Is Critical

+ People Still Write Crappy Code, No Matter How Good, Abstracted Or Elastic The Infrastructure Is

+ Continuous Deployment Models (Agile & DevOps) Are Taking Root

+ Application Security Is Even More Important Than Ever Simone Brunozzi - http://bit.ly/aws_architect-cloud Public IaaS Cloud Security Model Provider

Presentation Presentation Modality Platform Data Consumer Data APIs Consumer OS & ApplicationsAll You... Applications Applications

VMs/Containers Data Metadata Content Integration & Middleware

Integration & Middleware

APIs APIs

APIs

Core Connectivity & Delivery Core Connectivity & Delivery Provider Core Connectivity & Delivery Provider Abstraction Abstraction Abstraction

Hardware Hardware Hardware Platform as a Service (PaaS) Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS)

Facilities Facilities Facilities

IaaS PaaS SaaS 34

So Is The Problem That We Don’t Have Enough Security...... Or That We Have Too MUCH Security? 35 36

It’s The Integrator’s Dilemma... Abstraction Has 37 Become a Distraction

Data

OS & Applications Not Much You Can Do Here... VMs/Containers

APIs

Core Connectivity & Delivery

Abstraction

Hardware Your Focus Is Here: Infrastructure as a Service (IaaS) Facilities ‣Building Survivable Systems ‣Building Secure Apps ‣Securing Data Survivable Systems

http://ingesidee.de/resourceviewer.php?pgid=63&lang=en&subpage=1&module=content Simone Brunozzi - http://bit.ly/aws_architect-cloud In This Case You Are Leveraging Provider-Specific Attributes To Enable Resilience. What If One Needs Portability Or Interoperability And Another Provider Doesn’t Offer These Functions?

Simone Brunozzi - http://bit.ly/aws_architect-cloud Or In Alex Stamos’ 41 Words... Or In Alex Stamos’ 42 Words... Or In Alex Stamos’ 43 Words... Sounds Easy Enough, 44 But...

+ There’s A Big Difference Between Greenfield and Existing Applications + The Software Architecture Changes Dramatically, But The Security Models & Solutions Are Limiting + As We Move Greenfield Applications To Public Cloud, We’re Forced To Build More Survivable Systems Because We Can’t Depend On The Provider IaaS & VM’s 45 Represent the Problem...

+ The reason we have virtualization in the first place is because the OS failed at things like process isolation & user/kernel mode separation + Now we’ve squeezed the balloon and moved that duty to a third party and with another layer of indirection (the VMM) 46 That Means...

+ Assume All Environments Are Hostile And Isolation in Multi-Tenancy Will Fail

+ Prepare for the move to JEOS (Just Enough O.S.) or NoOS (No O.S., i.e. PaaS)

+ Invest Heavily In {Id}Entity Management + Crypto

+ Choose Open Protocols and Stack & Leverage Introspection and ensure Robust Instrumentation & Telemetry At All Layers

+ Enable Robust Monitoring And Forensics

+ Utilize the Three R’s and a SYSTEM- FOCUSED Design Philosophy The 3 R’s: Resistance, 47 Recognition & Recovery

+ Survivability: Delivery Of Essential Services and Preservation Of Essential Assets Capable Of Fulfilling Mission Objectives:

+ Resistance: Capability Of System To Repel Attack

+ Recognition: Capability Of System To Detect Attack and Evaluate Extent Of Damage/Compromise

+ Recovery: Capability To Maintain Essential Services and Assets During Attack, Limit Extent Of Damage and Restore Services 3 R’s In All This? 48 Information Centricity 50

Copernican Cloud Security 51

! ! The need for trust 6. All people, processes, technology must have declared and transparent levels of trust for any transaction to take place ! "#$%&! '(! &)'%! *+(&,-&! '%! ,%&./0'%)'(1! $(2,#%&.(2'(1! /,&3,,(! *+(&#.*&'(1! 4.#&',%! &+! Jericho Forum Commandments *+(2$*&!.!&#.(%.*&'+(!.(2!&),!+/0'1.&'+(%!&)'%!.%%'1(%!+(!,.*)!4.#&5!'(6+06,2! "#$! %$&'(#)! *)&+,! (),,-./,$.01! /$2'.$! 3)0#! 0#$! -&$-1! -./! 0#$! 4&'.('45$1! 0#-0! ,+10! 3$! ! "#$%&!7+2,0%!7$%&!,(*+74.%%!4,+40,8+#1.('%.&'+(%!.(2!2,6'*,%8'(9#.%&#$*&$#,! )31$&6$/!7#$.!45-..'.8!2)&!-!/$94$&',$0$&':$/!2+0+&$;! ! "#$%&!0,6,0!7.5!6.#5!/5!0+*.&'+(:!&#.(%.*&'+(!&54,:!$%,#!#+0,!.(2!&#.(%.*&'+(.0!#'%;! Commandments Commandments <#'510! 3+'5/'.8! ).! =8))/! 1$(+&'0>?@! 0#$! (),,-./,$.01! 14$('2'(-55>! -//&$11! 0#)1$! -&$-1! )2! 7. Mutual trust assurance levels must be determinable 1$(+&'0>!0#-0!-&$!.$($11-&>!0)!/$5'6$&!-!/$94$&',$0$&':$/!6'1').;!! ! !<,6'*,%!.(2!$%,#%!7$%&!/,!*.4./0,!+9!.44#+4#'.&,!0,6,0%!+9!=7$&$.0>!.$&),(&'*.&'+(! "#$!(),,-./,$.01!1$&6$!-1!-!3$.(#,-&A!3>!7#'(#!().($401@!1)5+0').1@!10-./-&/1!-./!1>10$,1! 9+#!.**,%%'(1!%5%&,7%!.(2!2.&.! (-.!3$!-11$11$/!-./!,$-1+&$/;! ! ?$&),(&'*.&'+(!.(2!.$&)+#'%.&'+(!9#.7,3+#;%!7$%&!%$44+#&!&),!&#$%&!7+2,0! Fundamentals Identity, Management and Federation 1. The scope and level of protection should be specific & appropriate 8. Authentication, authorisation and accountability must interoperate / to the asset at risk exchange outside of your locus / area of control ! B+1'.$11!/$,-./1!0#-0!1$(+&'0>!$.-35$1!3+1'.$11!-8'5'0>!-./!'1!()10!$22$(0'6$! ! !@,+40,8%5%&,7%!7$%&!/,!./0,!&+!7.(.1,!4,#7'%%'+(%!+9!#,%+$#*,%!.(2!#'1)&%!+9!$%,#%! ! <#$&$-1! 3)+./-&>! 2'&$7-551! ,->! ().0'.+$! 0)! 4&)6'/$! 3-1'(! .$07)&A! 4&)0$(0').@! &),5!2+(A&!*+(&#+0! './'6'/+-5!1>10$,1!-./!/-0-!7'55!.$$/!0)!3$!(-4-35$!)2!4&)0$(0'.8!0#$,1$56$1! ! "),#,! 7$%&! /,! *.4./'0'&5! +9! &#$%&'(1! .(! +#1.('%.&'+(:! 3)'*)! *.(! .$&),(&'*.&,! ! C.!8$.$&-5@!'0D1!$-1'$&!0)!4&)0$(0!-.!-11$0!0#$!(5)1$&!4&)0$(0').!'1!4&)6'/$/! '(2'6'2$.0%!+#!1#+$4%:!&)$%!,0'7'(.&'(1!&),!(,,2!&+!*#,.&,!%,4.#.&,!'2,(&'&',%! 2. Security mechanisms must be pervasive, simple, scalable & easy to ! !B(!4#'(*'40,:!+(05!+(,!'(%&.(*,!+9!4,#%+(!8!%5%&,7!8!'2,(&'&5!7.5!,-'%&:!/$&!4#'6.*5! manage (,*,%%'&.&,%!&),!%$44+#&!9+#!7$0&'40,!'(%&.(*,%:!+#!+(*,!'(%&.(*,!3'&)!7$0&'40,!9.*,&%! ! C5%&,7%!7$%&!/,!./0,!&+!4.%%!+(!%,*$#'&5!*#,2,(&'.0%!8.%%,#&'+(%! ! E..$($11-&>!(),45$F'0>!'1!-!0#&$-0!0)!8))/!1$(+&'0>! ! D$0&'40,!0+*'!=.#,.%>!+9!*+(&#+0!7$%&!/,!%$44+#&,2! ! G)#$&$.0!1$(+&'0>!4&'.('45$1!-&$!&$H+'&$/!7#'(#!14-.!-55!0'$&1!)2!0#$!-&(#'0$(0+&$! ! I$(+&'0>!,$(#-.'1,1!,+10!1(-5$J!2&),!1,-55!)3K$(01!0)!5-&8$!)3K$(01! Access to data ! ")!3$!3)0#!1',45$!-./!1(-5-35$@!'.0$&)4$&-35$!1$(+&'0>!=3+'5/'.8!35)(A1?!.$$/!0)!3$! 9. Access to data should be controlled by security attributes of the (-4-35$!)2!3$'.8!(),3'.$/!0)!4&)6'/$!0#$!&$H+'&$/!1$(+&'0>!,$(#-.'1,1! data itself 3. Assume context at your peril ! !?&&#'/$&,%! *.(! /,! ),02! 3'&)'(! &),! 2.&.! =! +#! *+$02! /,! .! %,4.#.&,! ! !I$(+&'0>!1)5+0').1!/$1'8.$/!2)&!).$!$.6'&).,$.0!,->!.)0!3$!0&-.12$&-35$!0)!7)&A!'.! %5%&,7! -.)0#$&;!"#+1!'0!'1!',4)&0-.0!0)!+./$&10-./!0#$!5','0-0').1!)2!-.>!1$(+&'0>!1)5+0').! ! ?**,%%!8!%,*$#'&5!*+$02!/,!'740,7,(&,2!/5!,(*#54&'+(! ! L&)35$,1@! 5','0-0').1! -./! '11+$1! (-.! (),$! 2&),! -! 6-&'$0>! )2! 1)+&($1@! '.(5+/'.8! ! C+7,!2.&.!7.5!).6,!F4$/0'*:!(+(G*+(9'2,(&'.0H!.&&#'/$&,%! 8$)8&-4#'(@!5$8-5@!0$(#.'(-5@!-(($40-3'5'0>!)2!&'1A@!$0(;! ! ?**,%%!.(2!.**,%%!#'1)&%!).6,!.!&,74+#.0!*+74+(,(&! ! I+&6'6'.8!'.!-!#)10'5$!7)&5/! 10. Data privacy (and security of any asset of sufficiently high value) Surviving in a Hostile World requires a segregation of duties/privileges 4. Devices and applications must communicate using open, secure ! !@,#7'%%'+(%:!;,5%:!4#'6'0,1,%!,&*I!7$%&!$0&'7.&,05!9.00!$(2,#!'(2,4,(2,(&!*+(&#+0:!+#! protocols &),#,!3'00!.03.5%!/,!.!3,.;,%&!0'(;!.&!&),!&+4!+9!&),!*).'(!+9!&#$%&! ! I$(+&'0>!0#&)+8#!)31(+&'0>!'1!-!25-7$/!-11+,40').!9!1$(+&$!4&)0)()51!/$,-./!)4$.! ! ?27'('%&#.&+#!.**,%%!7$%&!.0%+!/,!%$/J,*&!&+!&),%,!*+(&#+0%! 4$$&!&$6'$7!0)!4&)6'/$!&)3+10!-11$11,$.0!-./!0#+1!7'/$!-(($40-.($!-./!+1$! 11. By default, data must be appropriately secured when stored, in ! "#$!1$(+&'0>!&$H+'&$,$.01!)2!().2'/$.0'-5'0>@!'.0$8&'0>!-./!-6-'5-3'5'0>!M&$5'-3'5'0>N! transit and in use 1#)+5/!3$!-11$11$/!-./!3+'50!'.!0)!4&)0)()51!-1!-44&)4&'-0$@!.)0!-//$/9).! ! E,7+6'(1!&),!2,9.$0&!7$%&!/,!.!*+(%*'+$%!.*&! ! O.(&>40$/!$.(-41+5-0').!1#)+5/!).5>!3$!+1$/!7#$.!-44&)4&'-0$!-./!/)$1!.)0!1)56$!

! !K'1)!%,*$#'&5!%)+$02!(+&!/,!,(9+#*,2!9+#!,6,#5&)'(1L!F.44#+4#'.&,H!'740',%!6.#5'(1! $6$&>0#'.8! tm

tm 0,6,0%!3'&)!4+&,(&'.005!%+7,!2.&.!(+&!%,*$#,2!.&!.00! 5. All devices must be capable of maintaining their security policy on Conclusion an untrusted network De-perimeterization has happened, is happening and is inevitable; central ! P!=1$(+&'0>!4)5'(>?!/$2'.$1!0#$!&+5$1!7'0#!&$8-&/!0)!0#$!4&)0$(0').!)2!0#$!-11$0! protection is decreasing in effectiveness ! Q+5$1!,+10!3$!(),45$0$!7'0#!&$14$(0!0)!-.!-&3'0&-&>!().0$F0! ! B&!3'00!).44,(!'(!5+$#!*+#4+#.&,!0'9,&'7,! ! P.>!',45$,$.0-0').!,+10!3$!(-4-35$!)2!1+&6'6'.8!).!0#$!&-7!C.0$&.$0@!$;8;@!7'55!.)0! ! "),#,9+#,!5+$!(,,2!&+!40.(!9+#!'&!.(2!%)+$02!).6,!.!#+.27.4!+9!)+3!&+!1,&!&),#,! 3&$-A!).!-.>!'.4+0! ! !"),!M,#'*)+!N+#$7!).%!1,(,#'*!#+.27.4!&+!.%%'%&!'(!&),!40.(('(1! Jericho Forum Jericho Forum

Always refer to www.jerichoforum.org to ensure you have the latest version! Version 1.1 December 2006 Always refer to www.jerichoforum.org to ensure you have the latest version! Version 1.1 December 2006 The 10 Commandments Distilled Principles of 52 Information-Centric Security + Information (audio/video/ data) must be self describing and defending

+ ...Structured Or Unstructured

+ Policies and controls must account for business context.

+ Information must be protected as it moves between silos, between locations, and changing business contexts.

+ Policies must work consistently through the different defensive layers and technologies we implement. Risk Assessment & 53 Threat Modeling + Risk Assessment and Threat Modeling are NOT Information Alchemy, But Do Require Lots Of Work

+ Some Frameworks To Choose From:

+ Microsoft STRIDE/DREAD

+ Carnegie-Mellon OCTAVE

+ RMI FAIR

+ “How Can You Have Your Pudding If You Don’t Eat Your Meat?” ManaginG Information 54 Across Its Lifecycle*

Create Store Use

{Discover} Access Controls Activity Monitoring Classify Encryption and Enforcement Assign Rights Rights Management Rights Management Content Discovery Logical Controls Application Security

Share Archive Destroy

CMP (DLP) Encryption Crypto-Shredding Encryption Asset Management Secure Deletion Logical Controls Content Discovery Application Security *Rich Mogull - Securosis 55 Information Centric Solutions For Cloud

Labels

*Rich Mogull - Securosis 56 Where This Take Us

+ Content Analysis Fully Integrated Into Both Productivity And Transaction Applications As Well As Datastores

+ Rights (And Thus Enforcement) Applied At The Point Of Creation (Or Discovery,) At The Data-Element Level

+ Choke Points Between On-premise, Off-premise, And Between Cloud Services Enforce Policies At The Data Level, Enforced By Encryption/DRM

+ Rights Transfer And Enforcement Are Maintained Between State Changes

+ Don’t Expect Your IaaS Provider To Do Any Of This For You; They Are Blind (By Design) To Most Of Your Data Delivery Model Mapping Revisited Provider

Presentation Presentation Modality Platform Data Consumer Data APIs Consumer OS & Applications Applications Applications

VMs/Containers Data Metadata Content Integration & Middleware

Integration & Middleware

APIs APIs

APIs

Core Connectivity & Delivery Core Connectivity & Delivery Provider Core Connectivity & Delivery Provider Abstraction Abstraction Abstraction

Hardware Hardware Hardware Platform as a Service (PaaS) Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS)

Facilities Facilities Facilities

IaaS PaaS SaaS 58

Are We There Yet? 59

No, But It’s What You Do About It That Counts 60

So, What’s The Future Of Cloud? 61

There Are ~4,100,000,000 Of These.... 62

...and 6,797,100,000 Of These

*http://en.wikipedia.org/wiki/List_of_countries_by_number_of_mobile_phones_in_use 63

So While Mega Data Centers Re-Centralize Our Apps & Data In Fewer & Locations Thanks to Cloud 64 These Little Devices -- Distributed Everywhere -- Have Amazingly Powerful Processors, Lots Of Memory, Near-Ubiquitous Connectivity and Native Copies Of the Same Apps & Data... 65

The Consumption Modality Will Ultimately Become More Important Than The Back-End Delivery Securing the “Centers Of Data” of the Future

+ Change Is Hard; Requires Fundamental Changes In Infrastructure, Programmatic, Management, Network, Application & Security Architectures

+ Consumers & Data/Application Owners Must Make Centers Of Data “Survivable” & Focus On Information-Centric Security

+ The Security Policies That Govern Information And Assets Need To Travel With Them; We Need Consistency In Metadata

+ Infrastructure Must Gain Intelligence & Context of Infostructure & Vice- Versa Through Consistent, Standards- Based Telemetry, Correlation & Disposition 67 The Punchline

+ In the simplest of terms, using public cloud computing means applications across all tiers have the potential to be connected directly to the Internet... + We can’t trust the provider, so we must build our security in + Cloud computing is a fantastic security forcing function and represents a huge opportunity, IF we get in front of it Where To Begin Get Involved:

http://www.CloudSecurityAlliance.org 70 Contact...

+ Christofer Hoff

+ www.rationalsurvivability.com/blog

+ choff@packetfilter.com [not work]

+ [email protected] [work]

+ +1.978.631.0302

+ @beaker [The Twitters] Image Attribution 71

+ Skull Cloud: http://www.clippingimages.com/blog/tutorial-making-a-skull- + Hall Of Mirrors: http://historyofeconomics.files.wordpress.com/2008/08/ shaped-cloud/ hall-of-mirrors.jpg

+ Prince: http://www.virginmedia.com/images/prince-lovesexy-gal.jpg + Ritalin: http://commons.wikimedia.org/wiki/File:Ritalin- SR-20mg-1000x1000.png + Star Trek Tribbles: http://i84.photobucket.com/albums/k3/NonStopPop/ TheTroubleWithTribbles.jpg + Obama Vulcan:http://www.flickr.com/photos/alexisalex/3519670022/ - Shan Carter + Jersey Shore: http://images.huffingtonpost.com/2010-03-01-shore.jpg + Apple 1984: http://upload.wikimedia.org/wikipedia/en/2/22/ Ad_apple_1984_2.png + Trebuchet:

+ Gangsta Chimp: http://www.mattcioffi.com/samples/gangstaChimp24.jpg + Trebuchet, Catapult, ballista: http://bit.ly/bCQTL2 - Matt Cioffi

+ Trebuchet: + Nostradamus: http://omarab.files.wordpress.com/2009/12/ nostradamus-1503-15663.jpg + Chinese Army: http://www.life.com/image/75878629 + Castle: http://www.jokerjitsu.com/images/medieval-castle.jpg + Potemkin Village: http://www.flickr.com/photos/wili/274828493/ + Apathy: http://www.flickr.com/photos/comiccharacters/3792479746/ + Copernican: http://justanapprentice.files.wordpress.com/2009/11/ sizes/l/ copernicus-universe.jpg + W.O.P.R. http://www.hexkey.co.uk/lee/log/media/2009/08/wargames- + Floppy Disk: http://www.flickr.com/photos/yaal/162100723/ wopr-med.jpeg

+ + Switchboard Operator: http://afeatheradrift.files.wordpress.com/2009/06/ Train: http://cache.gawker.com/assets/images/jalopnik/2009/02/Balla- lily-tomlin-telephone-operator.jpg?w=300 train.jpg

+ + USB Hub: http://technabob.com/blog/wp-content/uploads/2009/05/ Cloud Umbrella: http://www.likecool.com/Gear/Design/Cloud usb_lego_hub.jpg %20Umbrella/Cloud-Umbrella.jpg