What is the future of Cloud Security? February 1, 2012

piloturuguayanΤεχνίτη Νοημοσύνη και Ρομποτική

15 Οκτ 2013 (πριν από 3 χρόνια και 10 μήνες)

120 εμφανίσεις

What is the future of Cloud Security?

February 1, 2012



1













Author: Jonathan J. Spindel, Ph.D.

Executive Vice President of Engineering

SafeMedia Corporation














What is the future of Cloud Security?

February 1, 2012



2

Summary

In order to control and remediate
new emerging
malicious actions, we must adopt
intuitive

security procedures, within these
principles

must be the incorporation of
more intelligent forms of officiating these processes. This paper will delve into
those
concerns, address pinpointed benchmarks, within th
e realm of external
networking,

and Cloud security, capitalizing on
the internal and external security
concerns as well as the management, and remediation of such issues.

Understanding the underlying problems, as they relate to information security, will

help the reader to expose their
concerns regarding
internal security related issues,
and propose solution
s that will assist in the remediation
. We will address
anxieties

revolving around the a
doption of outdated information
-
security concepts, and the
sol
ution in regards to

these concerns

with a combination of innovative ideas
surrounding
“intelligent”
protocol
behavioral analysis and pattern
“DNA”
matching
techniques, utilizing more advanced computational technologies.

In tandem with
protocol
behavioral

analysis, these techniques will assist the reader
in understanding the value proposition in using more advanced
intelligent
technology, and how that will add, and level out their

concerns. By the end of this
paper, the reader should be able to understand

emerging threats, as they are
changing in rapid succession to adopt new attack patterns, targeting application
based computing, and adopting more lucrative attack scenarios.















What is the future of Cloud Security?

February 1, 2012



3

Overview

Cloud Computing, as they say, is an old idea, officiated through new technology.

The inclusions
added over the years, give

Cloud Computing new functionality, and
have grown Cloud from an infantile rationality to what we view as a distributed
model today.


We have transgressed f
rom the typical roaming profile

to VDI (Virtual Desktop
Infrastructure), from smartphones, to mobile computing platforms, from
virtualization to full elastic computing. As we grow and feel the pains of adjusting to
such growth, ou
r security infrastructure must follow closely to account for changes.
With this in mind, look at the jumps we have taken, through the mastery of
innovation, and then visualize how security has followed. The threats have become
more brazen, and have targe
ted objects, with which preparation was overlooked.
We have moved beyond the typical DOS (Denial of Service) attacks, to targeting
applications, their ser
vers, at the application layer; these and other advanced
persistent threats are distributed
with the
sole
realizations being

monetary gain.

Gone are the days where hackers just wanted to say, “I did it”, ushering in a day of
monetary gain, whether that be from the axis of evil up to the proverbial
international identity theft rings. Information theft ha
s become one of the number
one issues surrounding monetary loss from a corporate and end
-
user standpoint.

1

Cloud computing is altering the direction of, not only how we accomplish business
IT objectives, but in the way in which we enable our internal IT departments. There
has been, and we keep seeing a gradual, definitive shift towards Cloud Computing as
a whol
e. Within this direction we have been met with multiple conquerable issues,
such as scalability, application elasticity, orchestration, automation,
etc.
, but
non
-
have

been as elusive and painstaking as Cloud security itself. Unlike local Data
Center comput
ing, which communicates primarily through layers 1
-
4, Cloud has
been termed as being much more application based and communicates primarily
over layers 4
-
7 of the OSI model. There are also concerns regarding user, and



1

http://www.riskandinsurancechalkboard.com/uploads/file/Ponemon Study(1).pdf

What is the future of Cloud Security?

February 1, 2012



4

usability, such as remote user authent
ication, to a much higher degree.
This has
taken network s
ecurity to a whole new paradigm,

understanding application
communication, how those processes, and protocols effectively communicate, and
how to manage security for such fabrics.

The underlying fac
t is that because of this
shift, attacks have transitioned from the transitional
signatures
, to the more
advanced attack scenarios, such as ad
vanced persistent attacks (APT).
2



Within the last few years, the security industry has been populated with new
s of
information
theft or dissemination of internal data, penetrations resulting in
catastrophic loss, and attacks programmatically engineered targeting application
based computing. These issues are far outweighed by security vendors themselves
having issu
es with theft or loss of data, and the distribution of classified material,
from government agencies. These concerns are mostly internal, and do not translate
to Hybrid or Public Cloud Computing, not because it hasn’t happened, or could
happen, but the und
er utilization of public resources, caused by fear of losing
control over resources,
and/
or general mistrust of the Public Cloud, due to overall
lack or
security
or
concerns

regarding security as a whole
.
3




2

http://www.cio.com.au/article/406586/assessing_apt_threat/?fp=4&fpid=18

3

"Hype Cycle for Cloud Application Infrastructure Services (PaaS), 2011")


Gartner Review

Cloud Application Infrastructure Services.

Cloud application infrastructure services (also

known as platform as a service, or PaaS) form the foundation of a cloud computing
platform by enabling development, execution, management and life cycle control for cloud
-
based application solutions (see
"Hype Cycle fo
r Cloud Application Infrastructure
Services (PaaS), 2011").

It is a less developed and less understood layer in the cloud computing architecture when compared with system infrastructure

services (IaaS) and
application services (SaaS), but is the fastest gr
owing with innovation and new vendor investments.

What is the future of Cloud Security?

February 1, 2012



5

E
lastic computing itself could save organization
millions in hardware costs, head
count, and increase revenue, not only with savings the “on
-
demand” ability to scale
up or down seamlessly. Hybrid Cloud usage combines Public and Private Cloud
realms, allowing the ability to gain from Public Cloud resource
s, but utilizes Private
Cloud resources internally. Although these models are best of breed, they again
resemble and have the

same concerns, regarding security, and maybe even more
legitimate claims references security concerns overall.

These concerns are
mostly
held
internal
ly
, and do not translate to Hybrid or Public
Cloud Computing, not because it hasn’t happened, or could happen, but the
under
lying fear of security, or the lack of capable product stacks to compete
. As it
stands today,

Cloud overall, is
an annual $37
B enterprise, growing exponentially,
to
an estimated $121B by 2015
4
,
and only a portion is related to Public Cloud. Yet
elastic computing itself could save organization millions in hardware costs, head
count, and increase revenue, not only
with savings the “on
-
demand” ability to scale
up or down seamlessly. Hybrid Cloud usage combines Public and Private Cloud
realms, allowing the ability to gain from Public Cloud resources, but utilizes Private
Cloud resources internally. Although these mode
ls are best of breed, they again
resemble and have the same concerns, regarding security, and maybe even more
legitimate claims references security concerns overall.
5

Proportionally the Public Cloud is utilized, under the auspices of an unsecured fabric,
a
lthough the security itself, if you want to route requests through a physical portal,
is rather robust. There are several organizations offering solutions stacks,
surrounding the usage of Public Cloud without the necessity of rerouting
information, mostly
solutions based on agent
architectures
, or virtual appliances
utilizing agents within the virtual instance itself. These solutions, although robust in
nature, are somewhat diluted by the inability to manage multiple rule sets, and/or
the ability to communi
cate with other virtual appliances within the fabric. The idea
of managing a singular blade server, through one virtual appliance, has been
brought up in many different fashions, from usability to the assumption of managing
each blade server i
n a separate
virtual container.
6

Some issues surrounding
these
architecture genres’

stem from the idea of resource
pools, and the presence of m
ultiple virtual appliances within
pool
s
. From this we
can discern that the possibilities of collisions between these appliance
s are
a
definite
possibility, not to mention the multitude of manage
ability concerns within
the management of the pools themselves, i
.
e. “what handles what and where?





4

http://www.marketsandmarkets.com/Market
-
Reports/cloud
-
computing
-
234.html

The global cloud computing market is expec
ted to grow from $37.8 billion in 2010 to $121.1
billion in 2015 at a CAGR of 26.2% from 2010 to 2015. SaaS is the largest segment of the cloud computing services market, acc
ounting for 73% of the market’s revenues 2010.
The major SaaS
-
providers include Ad
obe Web Connect, Google Mail, Cisco WebEx, and Yahoo Mail. Content, communications, and collaboration (CCC) accounts for abou
t 30%
of the SaaS market revenues.


5

Cloud computing's fear factor: Acknowledge, reduce, move on
http://radar.oreilly.com/2010/12/cloud
-
computing
-
the
-
fear
-
facto.html

Y
ou also need to be aware and mitigate
your security concerns. It's possible the security risk is over
-
s
tated. Most of us do personal online banking don't we? And aren't huge components of our

infrastructure

such as
energy, financial markets, and the military already large
consumers of the cloud? (Little consolation, I agree, when there is a breach
--

but a fact on the ground you can't deny). I
argue that in the short
-
term these issues are about deliberate and diligent organizational planning and in the long
-
term it's simply

about normal business continuity design. When
something innovative becomes widely adopted, it just becomes business as normal.

6

Hype Cycle for Privacy, 2011
http://www.gar
tner.com/DisplayDocument?doc_cd=214943&ref=g_fromdoc

Privacy.

The first

"Hype Cycle for Privacy, 2011"

is a tool for
privacy officers and other IT professionals who have a responsibility for privacy in the
organization. As attention to privacy as a whole reaches a peak, it justifies a closer look at
which regulations are emerging and which have matured, and which technologies are deployed to deal with legal requirements an
d cultural expectations

What is the future of Cloud Security?

February 1, 2012



6

In any Cloud scenario, the presence of a “Single Pane of Glass” mana
gement
methodology s
hould be common
place to function as a “Manager of Managers”, offering
the capability of “Cross Platform Management”, and a central point of configuration.
Affording this structure allows the administrators to streamline operations across multiple
machines
, resources pools, and the ability to manage heterogeneous environments, which
are so ever becoming more used in the Cloud industry, as our technology and the ability
to host multiple operating systems, Cloud Management Platforms, and Hypervisor
capabiliti
es become more robust.

We must keep up with these methodologies as the technological capabilities increase as
time passes,
as

ever so often, we are faced with a new attack scenario that hampers our
protection protocols. Intelligent systems, with the cap
ability of learning the patterns
within the protocols, “Protocol Behavior Analysis”, and “Packet Assembly and De
-
Assembly”, are becoming more prevalent, as these threats mature, some utilizing the
same signatures, but altering protocol behavior. As our to
ol
-
sets mature, utilizing new
technology to assess, interrogate, track, and assemble these transmissions are becoming
more difficult, as the threats are focusing on applications, rather than hardware based
communications.

As of late, these types of attac
ks have certainly surfaced, as we hear more about theft of
proprietary information, infiltration of
financial institutions, up to
cyber intrusion within
the defense industry. These threats take on a mantra, one of singularity, the focus is to
either obtai
n information through illegal means, funneling monetary value from an
institution, or disseminating information over the wire to discredit an organization or
cause harm to individuals.

7

All the scenarios focus on one subject, causing harm for monetary
gain, unlike the
hackers of old,
and ones

whom focused on the possibility of being able to accomplish a
feat, not necessarily doing harm. Although there have always been those whom have



7

http://superconductor.voltage.com/2011/07/breaches
-
vs
-
european
-
countries.html

What is the future of Cloud Security?

February 1, 2012



7

wished to gain from these acts, the ever growing presence of ones who
m wish hard, have
increased. With that increase, also have their technology, and attack methods become
more sophisticated.
8

The ability to forensically approach these issues, and dig deep into the behavior of either
the protocol being assessed, the way in

which the packets are being transmitting, or the
destination of the transmission itself. All the concerns must be met, in order to secure a
fabric such as Cloud. The way in which “we” attack these concerns will be key in
stopping the intrusion, and/or t
he unlawful dissemination of proprietary material. Delving
into the behavior of such transmissions, and the protocol itself is where technology is
headed. The ability to assess the transmission, and the way in which the protocol is
having is the essence i
n which we can discern its’ nature, or the proper use of the
transmission. Focusing on the behavior is key, whether that is protocol, or transmission
based, being able to interrogate that transmission assists in the ability of alerting or
stopping the int
rusion or transmission of proprietary information. By way of cohesively
applying target based processors assigned to a varied number of protocols it is possible to
determine the malicious nature of a transmission, in which it again is possible to alert or

drop those packets, depending on the destination or the desire of dropping vs. alerting.
This is accomplished by encapsulating the virtual instance, or instances, in which affords
the capability of interrogating packets and transmission protocols through

protocol
analysis and/or behavior.


In reality, the logical way of determining attack protocols are to measure what is normal
vs. what isn’t. In kind that measurement should incorporate the “
normal”

behavior of a
system, thereby being able to determine, or decode what isn’t. This realization elevates



8

Common Monitoring and Management Solutions




http://www.infosecurity
-
magazine.com/blog/2011/5/3/who
-
moved
-
my
-
cloud/334.aspx

A single pane of glass is often required to provide a unified loo
k of the entire infrastructure. This will provide an auditor the ability to verify the provider is delivering the level of
service guaranteed by the solution. Auditors often look for event handling and common management across all systems. By autom
ating th
e deployment of such monitoring
solutions, and relying on a common platform for the management (including patch management, software revision control, and sy
stem lockdown procedures) a level of assurance
can be provided to the auditor that all systems are
uniform and follow the controls of the monitoring and management criteria.


What is the future of Cloud Security?

February 1, 2012



8

the need for determining the behavior of like application or system attacks. Attaching or
capturing a “DNA” or “foot print” of normal activity within
the actions of or behavior of
such protocols or servers, one will be able to disseminate the actions of any malicious
activity, being able to remediate such activity in an in
-
line, or on
-
tap scenario.

The
same
concept
holds true
in reference to the Public
Cloud. As currently
usage is far
under par
, mainly because of these worries, and the inability to remain compliant. The
same does not hold true in other locations,
as use is increasing, especially in the European
as the market expands. Some of the reason
ing for the anomaly is compliancy restrictions
,
referred to above
, as well as the loss of control, security concerns, and the ability to
operate autonomously throughout the fabric. These concerns arise from the inability to
control your own infrastructure
, someone else having access to that technology, and/or
the ability to access information remotely.
9


Encapsulating

Cloud environments, whether that
be physical, virtual, or

Hybrid/Public
Cloud based, allows

for dual vector protection from the ‘outside in’
, and ‘inside out’,
affords the organization to gain back some of the control. Increasing the ability to see
what is transpiring, not only within the IaaS (Infrastructure
-
as
-
a
-
Service) layer, but also
in the SaaS (Software
-
as
-
a
-
Service) layer. This allo
ws the use to gain control, by
protecting resources as if they were internal. This is accomplished via location
parameters, and use of proprietary models that encompass the resources in a secured
mesh, thereby allowing for protection of the resources from

a holistic standpoint.
This
enables the deployment of high
-
value, high
-
risk Cloud applications, while mitigating the
risks associated with such applications. Intrusion detection and Prevention must include
attack recognition beyond simple signature match
ing, and the ability to drop malicious
sessions as opposed to simple resetting of connections.
10

We must become more intellectual in way we conduct security operations, and how we
design systems to manage and remediate breaches. Intelligent systems capable

of
managing such traffic, analyzing traffic patterns and protocols, officiates processes, as
they do not rely on application changes or structure. These tool
-
sets care about traffic,
patterns, and protocol behavior, adopting a set of rules capable of mat
ching like patterns
to suspicious activity. There must be an ability to incorporate intelligence, and machine
learning technology
,
to combat these changes,
capitalizing on

protocol behavior and
DNA patterns of the transmission protocols themselves
.
These

actions must be met with
a robust, like minded, response to the malicious action, with the capability of forensic
level capture, affording the capability to stay compliant, in a time where compliancy is so
integral, and watchdogs are waiting to attack any

offending organization.




9

http://wallstreetandtech.com/2012
-
outlook/the
-
cloud

The move to the public cloud also will be dictated by the
size of the institution. Small to mid
-
size firms that do not have their
own proprietary data centers will be among the first to move to the low
-
cost capacity the public cloud offers, while larger banks will initially continue to utilize their large, privat
e
clouds.

10

Public sector cloud use on the rise

http://www.thecloudcircle.com/article/public
-
sector
-
cloud
-
use
-
rise

The

number of public sector organizations using the cloud is rising steadily, if not spectacularly, the Cloud
Industry Forum, with 11 per cent increased clouds usage over the last nine months. The independent study of the latest cloud
adoption rates showed th
at of the 300 UK
-
based
organizations surveyed, 53 per cent are utilizing cloud services in some form. The private sector continues to lead the publi
c sector with 56 per cent and 49 per cent respectively.

What is the future of Cloud Security?

February 1, 2012



9


SafeMedia helps organizations gain control of their resources, and creates a new
paradigm in secu
rity. Through our patented non
-
IP
-
Centric solution, in tandem with
protocol behavior analysis and behavioral recognition, we can st
op penetrations, and/or
dissemination of proprietary information, costing organization millions of dollars
annually.


SafeMedia, throu
gh a combination of intelligent, self
-
healing,
solution sets (
Neural
Network Design, Artificial Intelligence, and Machi
ne Learning Concepts)
offers passive
IDS monitoring systems as well as active in
-
line/in
-
band IPS choke points with
unsurpassable power and granular controls to protect your network against the
traditional intrusion vulnerabilities
while mitigating

the new generation of threats and
threat vectors. SafeMedia's Network Security system safely enables high
-
value, high
-
risk
Cloud applications deployment, while mitigating the risks associated with such
appli
cations. SafeMedia's Intrusion D
etection
and Pre
vention “Solution”

offers features
including attack recognition beyond simple signature matching, dropping of malicious
sessions as opposed to simple resetting of connections, and the deployment of
secure
distributed architecture, consisting of dedicated h
ardware, embedded applications and
non
-
IP centricity

that
operate at "wire speed
".