You did it: You managed to carefully shepherd your organization through the minefields of cloud computing. You selected a security-friendly provider, carefully planned your architecture and migration, and even implemented a nice set of cloud-specific security controls, with a mix of public and private clouds. Excellent job.
Then you were smashed by the freight train of reality as developers, administrators and even business units shattered your well-laid plans by, you know, actually using the darn cloud. Instances began spinning up left and right, quickly falling out of security and compliance because of old patch levels, improperly configured security groups, and all the little, tiny changes introduced by maintaining state through day-to-day usage.
We struggle to manage these issues with our traditional infrastructure, but at least in those circumstances we have a modicum of physical control. It isn't like business units are sneaking into the data center to add new 1U servers to the racks. But in the cloud? Assuming you set it up properly to actually leverage the advantages of cloud computing you will have new servers and applications spinning up on a constant basis. Some of these will be internal, some external, and some will migrate to other areas in your environment.
Cloud infrastructure management
Managing basic operations under these conditions is extremely challenging -- outside of security -- especially when you dig into the technical issues of managing your entire infrastructure through network connections and APIs. For example, one friend once had to launch disaster recovery plans because an administrator accidentally used the wrong command line. Instead of shutting down three key servers on Amazon Web Services, he "terminated" them. If you don't know, terminate on AWS means immediately stop this server and erase all associated storage irrecoverably.
Companies like RightScale Inc. and enStratus Networks Inc. insert a proxy in front of the management plane to provide greater compatibility, control and policy-based management across heterogeneous cloud deployments.
However, a new breed of tools and services is emerging to help with the complexities of managing cloud infrastructures. Companies like RightScale Inc. and enStratus Networks Inc. insert a proxy in front of the management plane to provide greater compatibility, control and policy-based management across heterogeneous cloud deployments.
Although the primary goal of these cloud management platforms is operations, when you get down to it, a large percentage of security is really just operations. Keeping systems patched, positioning instances in the right parts of the network, controlling which administrators can manage which resources are all critical security functions that don't necessarily need to be part of security.
Let's look a little deeper into how these tools work (although keep in mind different vendors have different implementations and this is a broad generality). Normally we manage cloud through a mix of direct API calls, command line tools or Web interfaces. Administrators (and users) have access to all or some of these resources across different cloud platforms, which requires some complex entitlement and user management. Also, even when you can restrict their activities, it's either so granular as to be incredibly complex or so broad that it's worthless.
Plus, there are other, extensive operational functions like patching that must be managed with a patchwork of tools.
Cloud workflows and policies
Cloud management platforms are usually a proxy between the users and the cloud management plane. The proxy has access to the entire cloud infrastructure, and users run through the proxy instead of making direct API calls. They don't even have access rights to the cloud's management plane.
You can create all sorts of new workflows and policies in a cloud management platform, such as requiring dual administrator approval before terminating any instance in a particular group. With the platform, you can also patch massive numbers of instances using scripts or automatically check any new instance to make sure it meets certain configuration guidelines.
On the security side, we can manage what is deployed where, what admins and users are able to do, track what they actually did (through granular logs), and we can even insert security controls. For example, we can configure local security agents in new or existing instances automatically or even encrypt storage volumes and manage the keys through the tool (or service).
The power of cloud is automation. Thus, the key to cloud security is also automation. These cloud management platforms may be focused on operations, but they also allow us to implement a wide range of security automation that is actually harder to do in a traditional infrastructure.
About the author:
Rich Mogull has nearly 20 years of experience in information security, physical security and risk management. Prior to founding independent information security consulting firm Securosis, he spent seven years at Gartner Inc., most recently as a vice president, where he advised thousands of clients, authored dozens of reports and was consistently rated as one of Gartner's top international speakers. He is one of the world's premier authorities on data security technologies, including DLP, and has covered issues ranging from vulnerabilities and threats to risk management frameworks and major application security.