Week 6: Security Concerns and Legal Aspects Flashcards
Drawbacks of cloud security
Significant investments are required
Regardless of the delivery and deployment model, some degree of control is transferred to the cloud provider
Overview of Security Concerns - Network Availability
The value of cloud computing can only be realized when network connectivity and bandwidth meet certain minimum needs
Overview of Security Concerns - Cloud Provider Viability
–Since cloud providers are relatively new to the business, there are questions about their viability and commitment
–This concern deepens when a provider requires tenants to use proprietary interfaces, thus leading to tenant lock-in
Overview of Security Concerns - Disaster Recovery and Business Continuity
Tenants and users require confidence that their operations will continue if the cloud provider’s production environment is subject to a disaster
Overview of Security Concerns - Security Incidents
Tenants and users need to be informed by the provider when an incident occurs and may require provider support to respond to audit findings
Overview of Security Concerns - Transparency
If providers do not expose details of their internal policy or technology implementation, tenants or users must trust the provider’s security claims
Overview of Security Concerns - New Risks, New Vulnerabilities
There is concern that cloud computing brings new risks and vulnerabilities
•The actual exploits will largely be a function of a provider’s implementation
•Although all software, hardware, and networking equipment are subject to vulnerabilities, by applying layered security and well-conceived operational processes, a cloud may be protected from common types of attacks
Overview of Security Concerns - Loss of Physical Control
Loss of physical control over data and applications results in a range of concerns
•With public or community clouds, data may not remain in the same system, raising multiple legal concerns
•Data may be comingled in various ways with data belonging to others
•A tenant administrator has limited control scope and accountability
•Tenants need confidence that the provider will offer appropriate controls, while recognizing that they need to lower their expectations for how much control is reasonable within these models
Overview of Security Concerns - Legal and Regulatory Compliance
–It may be difficult or unrealistic to utilize public clouds if the data is subject to legal restrictions or regulatory compliance
–Achieving certifications to address the needs of regulated markets may be challenging due to the current stage of general cloud knowledge
A virtual machine (VM) is
standard operating system (OS) instance captured in a fully configured and operationally ready system image
A hypervisorrepresents itself to the VM as
the underlying hardware, thus supporting the operation of the VM
Vendor implementations of virtualization vary, but in general they can be classified as follows
Type 1 or native virtualization is implemented by a hypervisor running directly on bare hardware
Type 2or hosted virtualization has a hypervisor running as an application within a host OS
OS implemented virtualizationis implemented by the OS itself taking the place of the hypervisor
Type 1 Virtualization
native virtualization
implemented by a hypervisor running directly on bare hardware
Guest OSs run on top of the hypervisor
Microsoft Hyper-V, Oracle VM, LynxSecure, VMware ESX, and IBM z/VM
Type 2 Virtualization
hosted virtualization
has a hypervisor running as an application within a host OS - VMs also run above the hypervisor
Oracle VirtualBox, Parallels, Virtual PC, VMware Fusion, VMware Server, Xen, and XenServer
OS implemented virtualization
implemented by the OS itself taking the place of the hypervisor
Solaris Containers, BSDjails, OpenVZ, Linux-VServer, and Parallels VirtuozzoContainers
Network-based IDSs do/do not work well with virtual servers
do not
The management tools used in a physical server-based deployment will /will not suffice in a highly dynamic virtualized one
will not
In a physical server deployment model, provisioning automation is generally
not heavily used
In a heavily virtualized environment, whether it be a cloud or not, OS provisioning will rapidly transition toward being
highly automated
compromise of hypervisor
it will become primary target if vulnerable, and have broad impact
hypervisor protection
network isolation and security monitoring
use of local storage in public cloud - Solution?
If during the operation of a VM, data is written to physical media, or to memory, and it is not cleared before those resources are reallocated to the next VM, then there is a potential for information exposure
Solution. Assume control over your use of storage and memory when using a public cloud by clearing data yourself
potential for undetected network attacks between VMs co-located on a server - Solution?
Unless the traffic from each VM can be monitored, you cannot detect attacks between VMs
•Solution.Invoke OS-based traffic filtering or firewalling
•Solution. Use segregationto isolate different classes of VMs
A hypervisor is ___and ____focused than a general purpose operating system, and ___exposed
smaller more less
A hypervisor____undergo frequent change and____run third-party applications
does not does not
The guest operating systems, which may be vulnerable, ___ have direct access to the hypervisor
do not
The hypervisor is ___ to network traffic with the exception of traffic to/from ____
completely transparent
a dedicated hypervisor management interface
Are there any documents attacks against hypervisor?
No
The prime advantage of automated provisioning in clouds is
the predictability, and speed of constituting a resource for a customer
Other advantages to provisioning in cloud
Enhancing availability by
•provisioning multiple instances of a service
•provisioning a service across multiple data centers
The security of provisioning depends on the
ability to protect master images and deploying them intact and in a secure manner
Provisioning challenges
Reliance on hypervisors
Need for process isolation at every stage of provisioning
There is greater concern for potential compromise of ____than for the security of a hypervisor
a provisioning service
There are several concerns about cloud data storage
Since clouds tend to implement storage in a centralized facility, some view storage as a potential target for criminals or hackers
Multitenancy relies on isolation mechanisms (which can fail)
Storage systems are complex hardware and software implementations
There are always questions as to the potential for catastrophic failure that might either destroy or expose the data
There is a possibility that a cloud provider may store data in multiple jurisdictions
•
The potential exists for data to become accessed by foreign governments
When data falls under regulatory or compliance restrictions, our choice of cloud deployment (be it private, hybrid, or public) depends on an understanding that the provider is fully compliant - whose obligation?
The tenant or user
Although the legal ownership of data will remain with the originating data owner, one potential area for concern with a public cloud is that the cloud provider may
Become responsible for owner and custodian
concerns with legally admissible evidence in cloud
- Having a tenant obtain access to a provider’s records may compromise the privacy of other tenants
- It may be difficult to prove that a tenant’s forensics data that is gathered and stored in a public cloud has not been tampered with
Some of the technologiesand many of the software components that define cloud computing are still quite new and have yet to gain a high degree of ___for experienced security professionals
trust
___and ___between components are two realms where vulnerabilities may arise
Complexity interaction
FedRAMP
The U.S. government has launched an effort called FedRAMP
–It is oriented toward enabling the entire process of assuring that cloud instances are appropriate for individual agency applications
Two organizations are actively working to enhance cloud security
Cloud Security Alliance
Cloud Computing Interoperability Group
Understanding how much risk you can tolerate depends on
assessing your security requirements
how you value your information assets (data, applications, and processes)
risk
The possibility that something could happen to damage, destroy, or disclose data or other resources is known as risk
Risk management is the process of
- identifying factors that could damage or disclose data
- evaluating those factors in light of data value and countermeasure cost
- implementing cost-effective solutions for mitigating or reducing risk to an acceptable level
Exposure Factor (EF) or loss potential
The percentage of loss that an organization would experience if a specific asset were compromised by arealized risk
Single Loss Expectancy (SLE)
–
The cost associated with a single realized risk against a specific asset
–
SLE = Asset Value * EF
–
Example: if AV = $200,000 and EF = 45%, then SLE = $90,000
Annualized Rate of Occurrence (ARO)
The expected frequency with which a specific threat or risk will occur
Annualized Loss Expectancy (ALE)
–
The possible yearly cost of all instances of a specific realized threat against a specific asset
–
ALE = SLE * ARO
Steps of Quantitative Risk Analysis
1.Inventory assets, and assign value (AV)
2.For each asset, list all possible threats
–For each asset and threat pair, calculate EF and SLE
3.Perform a threat analysis to calculate the likelihood of each threat being realized within a single year (ARO)
4.Derive the overall loss potential per threat by calculating the annualized loss expectancy (ALE)
5.Inventory countermeasures for each threat
–For each countermeasure, calculate the changes to ARO and ALE based on applying that countermeasure
6.Perform cost/benefit analysis, and select the most appropriate response to each threat for each asset
Annual Cost of Safeguard (ACS)
Numerous factors are involved in calculating the value of a safeguard
•Cost of purchase, cost of maintenance, etc.
Cost/benefit equation
(ALE before safeguard –ALE after safeguard) –ACS
–If the result is negative, the safeguard is not a financially viable choice
–If the result is positive, then that value is the annual savings the organization can gain by deploying the safeguard
Qualitative risk analysis is ___
scenario based
Qualitative Risk Analysis
A scenariois a written description of a single major threat, focusing on how the threat would affect the organization, the IT infrastructure, or specific assets
The process of performing qualitative risk analysis involves judgment, intuition, and experience
Qualitative techniquesfor risk analysis include
–Brainstorming
–Delphi technique
•An anonymous feedback-and response process
–Focus groups
management must address each specific risk in one of the these four possible ways
–Reduce/mitigate
•Implementing safeguards
–Assign or transfer
•Outsourcing, purchasing insurance
–Accept
•Written/signed decisionfrom senior management
–Reject
•Ignoring risk is unethicaland invalidates due care
Residual risk
The risk that remains once countermeasures are implemented
Controls gap
Controls gap = Total risk –Residual risk
If concerns are raised about unacceptable risk, we might approach the overall problem by
limiting risk-sensitive processing to a private cloud
•this avoids the introduction of new risk
–using a public cloud for non risk-sensitive data
Tenants and cloud customer operating in the U.S., Canada, or the E.U. are subject to numerous regulatory requirements, these include
These include Control Objectives for Information and related Technology (COBIT) and Safe Harbor
These may relate to where the data is stored or transferred to, as well as how well this data confidentiality is protected
Some of these laws apply to specific markets, such as the ___for the health care industry
Health Insurance Portability and Accountability Act (HIPAA)
The failure to adequately protect data can have serious consequences, including ___
fines by one or more government or industry regulatory bodies
For example, the Payment Card Industry (PCI) can impose fines up to ___per month for compliance violations
$100,000
The ___ requires a specific individual to be accountable for a company’s information security
Federal Trade Commission
Several issues need to be considered at all stages of the contractual process
–Initial due diligence –Contract negotiation –Implementation –Termination (end of term or abnormal) –Supplier transfer
Prior to entering into a contract with a cloud supplier, a company should evaluate its specific___
needs and requirements
For instance, if you are going to collect employee health records in the cloud, then you must ensure that any supplier will meet the guidelines defined by the HIPAA regulations
the bulk of cloud services are ___ to involve tailored contracts than traditional hosting or outsourcing contracts
less likely
The life cycle of the contractual process does not end when the contract is signed, but has to be continually evaluated throughout the term of the agreement
–The cloud provider needs to be assessed to ensure that____ and ___
The contracted services are in fact being delivered
All policies and procedures that have been contracted for are being followed
Contractual Issues: Contract Negotiation
Once you have narrowed your selection of cloud service providers, the actual contract needs to be agreed upon
Contractual Issues: Implementation
The life cycle of the contractual process does not end when the contract is signed, but has to be continually evaluated throughout the term of the agreement
Contractual Issues: Termination
The end of the contract, whether due to reaching full term or abnormal termination, is the time when data is at most risk
Abnormal termination can occur because of
–cloud provider ceasing activities
–breach of contract by one party
Contractual Issues: Supplier Transfer
If you transfer services from one supplier to another, either at the termination of the contract or during the contract, you will have to consider the same factors discussed for termination
–Additionally, you will need to define a plan on how to transfer the data securely between vendors
Cloud providers may try to ___the control over your data
limit
___ need to ensure that services they deploy to the cloud are used according to laws and regulations that are in place for the employees, foreign subsidiaries, or third parties
Global companies
The importance of business continuity and disaster recovery needs to be stressed
–Two primary possible scenarios should be considered
- A provider may go out of business
* A provider’s data center may become inoperable
A cloud provider may be contacted directly to provide data to a third party, via a ___
court order
The cloud provider needs to know what actions to take in this event
•You may well want to dispute the request
•You will therefore need to be assured that the cloud service provider informs you in a timely manner before it complies with the request
