160 likes | 323 Views
Cloud Security Practices and Principles Joan Pepin Director of Security. Who are you?. Director of Security Sumo Logic Director of Research Dell/ SecureWorks 9 years MSSP Technical Staff MIT LL. The Public Cloud is. An opportunity to simplify and increase security Through Automation
E N D
Cloud Security Practices and PrinciplesJoan PepinDirector of Security Sumo Logic
Who are you? • Director of Security • Sumo Logic • Director of Research • Dell/SecureWorks • 9 years MSSP • Technical Staff • MIT LL Sumo Logic
The Public Cloud is • An opportunity to simplify and increase security • Through Automation • And solid design principles • Misunderstood • Risk model vs. hosting • Risk model vs. other public utility models • A victim of FUD • Take time to examine it? • Or DOOM? Sumo Logic
Why the Bad Rap? • Fearing what you do not understand is reasonable from an IT perspective. But this is worth the time to understand • I see Anti-Cloud Policies • With no solid Risk Assessment • Is this technological conservatism? • Which is common and natural in security • But can lead to out of sync security postures • Or an emotional reaction? • Don’t move my cheese • Get off of my cloud! Sumo Logic
Old World / New World • You have people on your staff who know way too much about wattage, and BTUs and rack density and how raised, exactly, the floor needs to be • Limits your thinking • Causes gaps • The new world is very different • Scripts and capacity planning spreadsheets -> feedback loops/auto-scaling • 36-month refresh-cycles -> bids for spot instances • Physical control -> process, automation, and design Sumo Logic
Design Design Design • In the cloud you have the tools to design, implement and refine your policies, controls and enforcement in a centralized fashion • Your code is your infrastructure • Your SDLC can now be brought to bear on areas traditionally out-of-sync with your security posture • Scale to massive sizes without having to worry about things like firewall rule ordering, optimization or audit as part of your operational cycle • Your security will become fractal, and embedded in every layer of your system. Sumo Logic
Fundamentals • You are operating in a complete information environment • Like the internet • Or the PSTN • It’s all about the fundamentals of system thinking and design • I/O • Storage • RAM • Compute • Code Sumo Logic
Minimalism • Each of those must be thought of on its own and in combination with the other components it interacts with • And you have the tools to do that • With infrastructure as code • It is both that simple and that complicated. • So design your security in at every layer • Test it, instrument it, and iterate it Sumo Logic
The Primitives • Data • Encrypted At Rest, in Motion, and in Use • Access control • Monitoring tools, third-party apps, troubleshooting tools • Interfaces/APIs • Clean, Minimal, Authenticated, Validated • I/O, Memory, Storage, and Compute • Encrypted, limited, controlled Sumo Logic
With Automation, All Things are Possible • Thinking of your entire infrastructure as part of your code-base changes the game completely • Always in pace • Always relevant • There is no longer a gap or disconnect between the operational physical layer and the software that runs on top of it • Firewalls everywhere? • HIPS Everywhere? • Adaptive security infrastructure Sumo Logic
Like What? • Register all of your VMs services, IPs, and ports • Automatically build firewall policies based on that • Re-build and distribute SSL/TLS keys • Whenever you want • HIDS, HFW and File Integrity Checkers configured with instance tags • Tags for lots of things • Everything unit tested • Allowing security to keep up with your product Sumo Logic
DTRT • Your system has I/O, storage, memory and network underneath it, as well as your software components • And you can control and iterate that continuously • Leveraging IaaS providers’ APIs • Think about every place that information is exchanged, transferred or transformed and do the right thing there. • Engage the developers • Check in code Sumo Logic
Understand Everything • Simplicity gives you the power to understand everything • Every protocol • Every interface • If you want to achieve true and full Default Deny on everything, everywhere, this is where it starts • Understand your protocols • Understand your stack • And you can attain Emergent Security • Develop and follow standards Sumo Logic
How? • If this is input, sanitize it. • If it is storage, network or memory encrypt it. • If it is output you are feeding back to your customer or another component, sanitize that too • Don't trust client-side verification, enforce everything at every layer… Sumo Logic
Default Deny Nirvana • Allow only expected connections • Front-end web-applications need to accept connections from anyone in the world • (but it's more likely only your load balancer does) • As part of your infrastructure as software design • Know what needs to talk to what • on what port and under what circumstances • And only allow that • everything else is bit-bucketed and alerted on. • In software-driven cloud-based deployments, there is no longer any excuse for any other way of doing it Sumo Logic
Encrypt it all… • You know… like we do… on the Internet ;) • At rest, in motion, and in use • Any data that is ephemeral can be kept on encrypted ephemeral storage with keys can simply be kept in memory • When the instance dies, the key dies with it. • Longer-lived data should be stored away from the keys that secure it • If the data is particularly sensitive, securely wipe the data before spinning down the disk and giving it back to the pool Sumo Logic