Resource Center
Building Secure Services in the Cloud
Many security professionals are skeptical about cloud-based services and infrastructure. But it’s a skepticism we’ve seen before, when a new computing paradigm encounters a suspicious—if not downright hostile—mindset (data-center-centric) and installed base. In this paper we will discuss some of the general philosophies and perspectives that will assist anyone who wants to securely leverage the benefits the cloud by using its strengths to overcome issues that have traditionally been labeled as weaknesses.
As with any paradigm shift, cloud computing requires different rules and different logic. Operationally, security organizations need to change their thinking and processes from traditional data-center-centric models to new, more statistical models. For example, we exchange hands-on control over physical hardware with odds over a population of hardware. From a systems administration perspective, we exchange scripts and manual capacity planning and scaling with API calls, triggers, feedback loops and the automatic provisioning and de-provisioning of spot-bid compute resources. And, of course, from a security perspective, we face the challenge of a world that is not under our complete physical control.
While many veteran security professionals react to the cloud with suspicion and outright hostility, there are two realities:
1) the cloud is here to stay; and
2) it gives us an extremely powerful new set of tools for securing this environment. When properly leveraged, cloud-based IaaS offers availability benefits beyond what many enterprises can easily achieve on their own. By employing a combination of automation, integration with IaaS provider’s APIs and thoughtful system design you can achieve a level of security that is actually higher than most legacy in-house services currently provide.
“There are two realities: 1) the cloud is here to stay; and 2) it gives us an extremely powerful new set of tools for securing this environment.”With a few well-placed API calls you can have a scalable army of hardened, patched, encrypted, scalable and disposable virtual machine resources at your disposal, ready to do your bidding, securely deliver your results and then self-destruct before returning from whence they came. Of course, doing this and leveraging it properly requires a different thought process than we may be accustomed to, but the reward can be well worth the shift in thinking.
Design Design Design
Defense in depth is traditionally a matter of strict design principles and security policies distributed across a number of departments and areas of expertise. In a system designed for the cloud you have the tools to design, implement and refine your policies, controls and enforcement in a streamlined and centralized fashion. The tools exist to add security at the network layer (with security groups, access management, host-level firewalls and VPNs), at the O/S layer, (with encrypted storage, strict privilege separation, and ruthlessly hardened systems), at the application layer (with the latest updates and thoroughly enforced policies) as part of your design and development cycle, rather than as part of ongoing operational maintenance.“Your paper becomes reality, with no need to move cables, rename hosts, or worry about maximizing the ROI on a piece of equipment that is no longer relevant.”One major advantage to deploying services in the cloud is the freedom to design your network and security measures from the ground up and implement your secure designs in code, which is not subject to the same concerns you have in a physical data center or hosting facility. Legacy compromises, rogue cross-over cables and obsolete equipment and software can all be things of the past. APIs such as those from Amazon Web Services allow you to design an entire network exactly the way you would like it to be implemented and to then recreate that network, complete with firewall rules, the latest security updates, and value-added IaaS tools such as identity and access management. The ability to re-size your storage, memory, bandwidth and compute dynamically or through your release-cycle to suit new designs and business needs removes the final layer of hardware management and multi-factor capacity planning inherent in large home-grown or hosted virtual machine deployments. When you need to re-deploy or re-scale your infrastructure, there is no need to worry about legacy issues that would prevent you from making the types of sweeping changes that look so good on paper. Your paper becomes reality, with no need to move cables, rename hosts, or worry about maximizing the ROI on a piece of equipment that is no longer relevant. Cloud tools allow you to take security management to a new level by enabling you to fully automate your controls and tests. By moving the systems administration away from distributed scripts and systems administrators and into the hands of production-ready code–which can be rigorously reviewed, tested and updated along with the rest of your service–you can achieve a scale and ease of management unthinkable in traditional paradigms. In this new paradigm, you are free to design your system with all of the security controls you could ever want but were probably never able to achieve in a brick-and-mortar data-center or hosting facility. Since your entire infrastructure is ephemeral, the best approach is to automate your deployments leveraging the cloud-based tools that allow you to make the installation, baselining and management of things like file-integrity-checkers trivial, so that all of your virtual machines can have file-integrity software and baselines built in from the ground up. By using APIs to programmatically assign virtual machines to role-based security groups that are well-designed in advance you can scale your network to massive sizes without ever having to worry about firewall rule ordering, optimization or audit as part of your operational cycle. Some IaaS providers allow you to build your own virtual private network of virtual machines according to your own network topology. This affords some advantages in terms of leveraging predictable host-names and allows you to employ an network-layer protections such as Intrusion Prevention Sensors (IPS) or Web-Application Firewalls (WAF) that are available as virtual machine appliances or that can run as software on your platform. These additional layers of protection and convenience allow you to leverage some of the successful technologies which were designed within the data-center paradigm and still incorporate these controls into your SDLC and minimize operational cost. With the kind of programmatic flexibility brought to bear by cloud APIs you have the ability to engineer a system with security built in at every level, and the scaling and management of those controls has never been easier. As a result of this transformational new paradigm we have to focus on the design of our security systems and leverage the reliability and automation that cloud providers afford us to operate securely in this new environment. This paper does not attempt to cover every best practice one should employ in order to build secure and scalable systems in the cloud, but we will discuss some of the foundational design principals which will help guide you in your thinking as you design such systems.