July 13, 2011 • 17:12 0
Filed under: Cloud Computing, CSA, Discussions, Elastic Security, IaaS, Presentations, Cloud Computing, Elastic Security, IaaS, Security, top threats, trust
July 7, 2011 • 08:16 1
The latest edition of the Symposia Journal is out, a magazine with community driven high quality articles around Cloud Computing (partly in German). We contributed to the latest edition with an article about the top threats of cloud computing in the IaaS space and how to tackle them. Have fun reading!
Filed under: Cloud Computing, Discussions, Symposia Journal
June 14, 2011 • 17:32 0
The End-to-End Argument
The end-to-end principle in systems design has become famous for its successful implementation in the Internet architecture. It suggests “that functions placed at low levels of a system may be redundant or of little value when compared with the cost of providing them at that low level.” The complexity and cost of implementing those functions in lower layers, the fact that those functions cannot be implemented in a fully reliable way on lower layers and thus need to be implemented on higher layers anyway, and the risk that they may be inefficient or even useless for certain services on top – all those facts are arguments in favor of the end-to-end principle. In the context of the Internet, it means that the network remains rather dumb (simple packet forwarding), while more sophisticated protocol functions like error detection, retransmissions of lost packets, flow- and congestion control, and connection management are implemented at the end-points, i.e. the servers themselves.
The End-To-End Argument in Information Security
The end-to-end principle however does not play the same role in the information security domain. Encryption of file-transfers (encrypt files instead network packets) follow the end-to-end argument. However, many security functions like firewalls, network intrusion detection systems, authentication and authorization servers or reverse proxies violate the end-to-end principle – and for good reason because they are more effectively done by separate components in the enterprise network instead on the end-points. Even vulnerability, anti-virus software and patch management systems are no longer managed by the end-points, but by centralized servers with big databases behind.
The End-To-End Argument in Cloud Security
OK – the end-to-end argument does rarely hold for Information security systems. But is this still true in a cloud computing setup, where servers may be distributed across different heterogeneous networks and infrastructures provided by different providers? Most cloud providers provide a simple provisioning API that allows to start and stop instances from virtual images and possibly create snapshots of the running servers. They don’t provide a firewall component in their infrastructure (Amazon EC2 is one of the exceptions with their concept of security groups), they provide no or only rudimentary Identity and Access Management, no IDS/IPS systems, no vulnerability and patch management, no encryption, no data leakage systems, no VPN layer. Most providers put the burden of assuring security explicitly on the shoulders of their clients and say: that is your responsibility, not ours – do it yourself or find someone who does it for you. This way, they implicitly promote the end-to-end principle: why encrypting all data in memory and on storage, when only few customers need this level of protection? Why providing a firewall, when every end-point can install and configure their own? Why providing sophisticated identity and access management, when the users know much better what exactly they need with regard to IAM?
The danger of this attitude is that when the cloud providers don’t build security services into their infrastructure, no one may do it. Many users simply won’t do the effort of searching and deploying an appropriate third party security solution. They will use the cloud service as it is, enjoy their immediate benefits (no capex, immediate access, scaling), and postpone the security problem for later. This is somehow understandable, since it corresponds to the division of work and responsibilities in most enterprises today: users/developers are not the administrators are not the security experts. My belief is that cloud providers will be obliged to integrate more and more security services in their infrastructure (similar to Amazon EC2 security groups) and provide APIs for them – and thus adapt a system design that move security functions away from end-points into the cloud providers own network and infrastructure.
Filed under: Discussions, IaaS, Cloud Security, End-To-End, System Architecture
May 9, 2011 • 14:18 0
A recent survey among cloud providers (via) raises the question about the responsibility for security between cloud-providers and cloud-users. A large majority of 69% out of the 127 cloud providers asked in this survey rather consider the cloud user responsible for ensuring the security of the cloud services (while 35% of the cloud users see this the same way). 32% of the cloud providers and 32% of the cloud users see security as the cloud providers responsibility, 16% of the cloud providers and 33% of the cloud users see it as a shared responsibility (note: apparently, several choices were possible, the numbers not adding up to 100%).
Those number are alarming, especially together with other findings of the survey:
While those results indicate a general lack of maturity in this early phase of cloud computing adoption (seems to be a recurring pattern that security is added later in the life-cycle of technologies), there’s another aspect that is completely hidden in this survey and even misleading: it doesn’t discriminate results by delivery model (55% of the participants are SaaS providers, 34% IaaS providers, 11% PaaS providers) although the level of control given to cloud users is a very different for the 3 delivery models – and the level of control is essential with regard to sharing responsibilies between providers and users.
IaaS providers (like Amazon EC2) provide a high-level of control to their users back down to the operating system, while SaaS providers (like Google Apps) don’t even give control of how and where data is stored (PaaS models are somewhere in-between). That is, SaaS users are simply not enabled to carry their supposed responsibility, while IaaS users are and actually do to a large part (e.g. Netflix). The following graphic provided by the Cloud Security Alliance (CSA) well illustrates the relationship between security and control.
For example, Amazon EC2 encourages a “Design for Failure” model, where cloud users are supposed to replicate components to deal with potential outages. IaaS users have also full control over their databases and can encrypt sensitive data.
Bottom-line: a discussion about the responsibilities of cloud security does not make sense without taking into account the delivery model of the cloud provider – since responsibility is linked to control.
Filed under: Discussions, Survey
March 30, 2011 • 14:57 0
There are two terms that are referred to significantly often in discussions about cloud computing, its drivers, and its impact. The first term is “DevOps“ – a combination of the terms development and operations. It refers to the fact that the tasks of developers and system administrators get increasingly closer in a cloud-based IT world where infrastructure resources become programmable fostering application centric deployment and agile development processes. System administrators are supposed to write sophisticated scripts to automate large parts of operations and think as a developer. (Interesting Links: [here][here] and [here])
The other term is “IT Consumerization” – it refers to the observation that applications, tools, and technologies from the consumer world find their way into the enterprise. This movement has several drivers: employees that are getting more and more mobile are necessarily forced to access their data from different locations and devices (laptops, mobile phones, PCs). As a consequence, enterprise IT infrastructures become ubiquitous and heterogenous: the former one-size-fits approach of IT departments to centralize administration, management, and security of every PC, is no longer feasible today with the number of increasing devices and accelerated technological progress. Thus, employees are given more and more control about what devices and tools they can pick (BYOT – “Bring You Own Technology”). This movement opened the door into the enterprise for SaaS tools like GMail or Salesforce – but also for cloud infrastructure services such as Amazon EC2: quickly need a demo-machine? need some machines for load-testing? need to share some really big files? Amazon EC2 offers the immediate solution to it – without following the lengthy processes of the IT department that may result in rejection of the demand or a purchase with a delivery that takes several weeks. Speed and simplicity play an important role here. (Interesting Links: [here][here] and [here])
While people assume that both are just two sides of the same medal, I find they are somehow conflicting movements. The DevOps movement requires highly skilled IT workers that combine the competences of developers and system administrators and that are able to write sophisticated automation scripts. IT Consumerization means a shift from classical heavy-weight tools (such as HP OpenView, for example) to a broad variety of simpler tools (mostly SaaS tools) that focus on specific use-cases, have a much smaller feature set than classical tools, and are far easier to use. Those tools (let’s cite Pingdom for monitoring as an example, but also the EC2 Management Console) take away a lot of the burden of administrators, extremely simplify their work, and thus even allow less-skilled people to manage a big part of the IT needs of a company.
Is there an error in my reasoning? Where’s the breakup? Feedback welcome!
Filed under: Cloud Computing, Discussions, Devops, IT Consumerization
March 23, 2011 • 16:30 0
Last week I attended the CloudOps Summit in Frankfurt. The motto of this conference was “Run the Cloud” and the central idea to show how cloud computing is already used today, how hands-on solutions and architectures look like, how cloud systems are operated, and what tools are already available.
While web-startups almost immediately understand the advantages of public cloud infrastructures such as Amazon EC2, Rackspace or GoGrid and already use those intensively to avoid up-front investments into hardware, scale their infrastructure dynamically to their needs, and benefit from a pay-per-usage model, established enterprises are much more hesitant in adoption – mostly due to security concerns, fear of vendor lock-in, the costs for migrating their legacy data, or the constraints of remaining compatible with existing software. This leads to the funny situation that the big ones listen carefully to learn from the new and small ones.
The conference started with a couple of short 6-minute “lightning talks” and was followed by parallel tracks about architecture, management, operations, and presentations of startups.
Some highlights from the Lightening talks
Jean-Paul Schmetz explained in his keynote that cloud computing means that everything becomes software in the cloud – storage, memory, CPU – they all have become resources that can be created and destroyed programatically on demand. Hardware are fixed assets that requires planning, budgeting, and thus accurate predictions of the future, something very hard to achieve in a world of constantly-changing requirements and needs.
Chris Boos sees in cloud computing the big opportunity for system administrators to ged rid of the boring part of operations and maintenance and to concentrate on the interesting and challenging tasks of creating new things. Cloud computing and its inherent need for automation actually liberate the rare IT experts and revalue their skills.
Nicolas Plögert from Sharewise showed how his company outsourced almost all non-critical business processes to more than a dozen of web-services – communication, billing, customer relations management to name a few.
Florian von Kurnatkowski told us that even the automative industrie wants to make their internal network (ENX) more flexible by transforming it into a cloud infrastructure.
Startups
In the startup tracks (in which I presented Elastic Detector, our cloud security monitoring service) there were a couple of interesting products around cloud infrastructures:
ScaleUp builds software that helps providers to build their own public clouds. There focus is on account management, provisioning, and managing the “point of purchase”, i.e. the spot where providers and consumers meet.
Scalarium provides a SaaS product that allows to deploy and scale web-application for Amazon EC2.
CloudSafe allows to store and share critical documents in the cloud. All data is encrypted and different access models are supported.
CentralStationCRM is a CRM SaaS product targeting small companies that are over-whelmed by the complexity of products like Salesforce.
SemYou aims to combine the simplicity of an app-store with the flexibility of SaaS applications. There goal is that users can activate any kind of web-application with a single click on their computer that will run transparently in the cloud.
Impossible Software allows to create “dynamic videos” where logos and brands can be integrated in video templates.
Thanks to the organizers for their great work and looking forward to another CloudOps Summit in Frankfurt next year! All presentations are available behind this link.
Filed under: Cloud Computing, Discussions, Solutions, CloudOps Summit
February 17, 2011 • 21:15 3
During the beta test of Elastic Detector, we had a lot of queries concerning an important feature of Elastic Detector, that is :
For example, if you have defined a security group web with the HTTP port open, Elastic Detector deploys an auto-check HTTP and if Elastic Detector does not get an answer, he raises a critical alert on it.
First of all, why Elastic Detector does this?
From the security point of view, it is a potential threat that can be exploited by an internal or external attacker. It means that the attacker can install a rogue application that has immediate access from everywhere. Imagine that the attacker (internal or external) deploys an e-commerce application to sell viagra on your infrastructure.
So, why sometimes this can be annoying to Elastic Detector Users?
I try to enumerate the reasons they gave us:
What are the solutions?
In order to cope with the first and second use case, we plan to allow for an acknowledgment of a temporary exception and for the third we have disabled auto-checks whenever Elastic Detector has no permission to access the service. Of course, once our users add Elastic Detector to the authorized IPs then an auto-check is deployed.
Finally, why is it loved by some Elastic Detector Users?
The administrators that are trying to control cloud usage love this feature. It gives an alert whenever one user changes the security groups, so administrators can at least follow the changes and drill-down if needed.
Conclusion
We strongly believe that the ports should be closed until the service is up and running for the sake of security.
Please let me know your thoughts about this feature, annoying or loved?
Filed under: AWS, Discussions, Elastic Security, IaaS, Amazon, architecture, EC2, Elastic Detector, Monitoring, security groups
February 9, 2011 • 16:41 1
Previous [Part 3]
Cloud Computing – Centralized or Decentralized?
After this long excurse into history, let’s come back to our initial question: is cloud-computing centralized or decentralized? Well, the answer is: both! Consider a simple web-application: parts of it is running decentralized in your browser (Ajax). The data may be stored in a single data-center – centralized, but the database is replicated on different virtual machines – decentralized. The web-application may make use of other services – decentralized, but provides its features via the same URL to thousands of users – centralized.
Does the question even matter?
The terms centralization and decentralization have always been misused in the history of computers to simplify any form of change triggered by technological progress in a fad kind of way (something similar happened in organisation theory). But for me the history of computers does not show alternance between centralized and decentralized architectures, it shows that architectures have gotten more complex and differentiated fostering more specialization and abstractions, more dedicated software and hardware components, sophisticated layers, and specific solutions. Some are centralized, others are decentralized – the term does not make sense anymore. Discussing on the pros and cons of centralization can at best be done for individual components (like databases).
Cloud Computing is the answer to the increasing demand – of entreprises as well as of consumers – for ubiquitous information in a mobile world. It reflects new forms of communication and collaboration and is far beyond the discussion on pros and cons of decentralized architectures.
This post is part of a series. Click on the links below to read the other parts.
[Part 1] The first computers
[Part 2] Closer to the users
[Part 3] Home computers and the Internet
[Part 4] Centralized or Decentralized?
Filed under: Cloud Computing, Discussions, architecture, Centralized, Decentralized
February 4, 2011 • 12:07 2
Previous [Part 2]
Home Computers and The Internet
Another technological breakthrough , the micro-processor in the early 70ties (the first commercially available micr0-process was the 4004 from Intel) changed the computer industrie in a way it never happened before. The Altair 8800 was a micro-computer construction set for around 500$ that laid the ground for computer pioneers in the USA and a democratization of access to computers. The first operating system CP/M and programming languages like BASIC created a thriving eco-system around micro-computers with applications outside the classical enterprise domain like gaming, music and graphics, learning vocabulary or maths. The computer found its way into the home – and becomes smaller, more powerful, better graphics: Apple 2, PET 2001, ZX81/Commodore 64, MacIntosh, and of course the triumph of the PC and Microsoft that somehow inherited the PC monopoly from IBM. In the entreprise, we see the raise of Mini-Computers and DEC – also for researches and smaller enterprises – that died with the raise of the PC.
Already In the 70s, computer started to be connected (remember the ARPANET project) and laid the basis for the Internet and the World Wide Web that began to conquer the world in the 90 of the last century. The first web-applications (E-Commerce, what else?) started to pop-up in the mid 90ies. Given the today definitions of cloud computing and its different flavors IaaS, PaaS, and SaaS, web-applications were the first form of cloud computing. Amazon’s web-shop, Yahoo’s directory service, Google’s search engine, Flickr’s photo sharing site, WordPress’ blogging-tool, Google’s Gmail and Docs are milestones in the history of web-applications – and what we call SaaS today. In 2006, Amazon launched S3 and EC2, services that allow to allocate computing ressources – storage and virtual servers – via the web. That means, not only applications, but complete data-centers can run somewhere else in the world. The term cloud computing was born – motivated by the little clouds used in network diagrams to describe a network like the Internet transparently.
Continue [Part 4]
Filed under: AWS, Discussions, architecture, Centralized, Decentralized
February 3, 2011 • 15:35 3
Previous [Part 1].
Closer To The Users
In the 50s, the innovation of mechanical relays (instead of vacuum tubes) made computers (e.g. the UNIVACs) already much smaller and affordable for other governmental organizations like the US Census Bureau. The first computer language FLOW-MATIC appeared. IBM entered the market with their IBM 701. In 1956, around 100 machines are installed all over the United States. IBM invented the first hard drive system (RAMAC) that laid the foundation of modern hard disk systems and that replaced the awkward punchcard system.
IBMs System/360 started the era of mainframe computers with a modular architecture that allowed to support different configurations and to replace the processor unit for upgrades. In the mid-sixties, IBM sells around 1000 machines per month. Computers became interesting for the first business applications. Still they are only feasible for large enterprises and military applications. Software and hardware were bundled, the machines not even programmable by others.
The miniaturisation of circuits, the usage of transistors and integrated allowed to enter the era of mini-computers in the 60ties and the rising of DEC. The PDP-8 is considered the first commercial micro-computer. It still had the size of two large refrigerators, yet it could be started up by a single person, didn’t develop much heat and didn’t require a cooled location so that it could be situated closed to the people that used it. Most users were researchers and larger enterprises. The computer got closer to its users. And it got smaller and smaller: the PDP-8e in the early 70ties could be put on a table already. The prices went down to under 2000$.
Continue [Part 3]
Filed under: Cloud Computing, Discussions, architecture, Centralized, Decentralized
Cloudy_Scripts:
Tools for programming Infrastructure Clouds
Elastic Detector
Elastic Security for Amazon EC2
Matthias Jung
Sergio Loureiro
Frederic Donnat
Recent Comments