Why is data governance
needed in the cloud?
4 Reasons:
• Security
• Compliance
• Data Loss
• Loss of
Control
James and K Goodier 2
First some cloud security definitions
• These definitions are extracted from the Cloud Security Alliance guidelines released in April 2009 and supported by NIST.
• Cloud computing security guidance fits into a standard development lifecycle
Design-Develop
Deliver
Deploy
Security
3
Cloud Basics: Architecture
• 5 Principal Characteristics
– Abstraction of Infrastructure
– Resource Democratization
– Services Oriented Architecture
– Elasticity/Dynamism of Resources
– Utility model of Consumption & Allocation
Design-Develop
Security
4
Cloud Basics: Architecture
– Abstraction of Infrastructure• The computer, network and storage infrastructure resources are abstracted
from the application and information resources as a function of service delivery.
• Physical resources on which data is processed, transmitted and stored becomes opaque from the perspective of the application or services’ ability to deliver it
• Abstraction is generally provided by means of high levels of virtualization
Design-Develop
Security
5
Cloud Basics: Architecture
– Resource Democratization• The abstraction of infrastructure provides resource
democratization
– The infrastructure, applications, or information are a pool of resources that can be made available and accessible to anyone or anything authorized to use them via standardized methods
Design-DevelopSecurity
6
Cloud Basics: Architecture
– Services Oriented Architecture • The abstraction of infrastructure from application and information yields
well-defined and loosely-coupled resource democratization,
• The notion of using these components in whole or part, alone or with integration, provides a services oriented architecture where resources may be accessed and utilized in a standard way.
• The delivery of service is the focus rather than the management of
infrastructure.
Design-DevelopSecurity
7
Cloud Basics: Architecture
– Elasticity/Dynamism of Resources • The on-demand model of Cloud provisioning coupled with high levels of
automation, virtualization, and ubiquitous, reliable and high-speed connectivity provides for
• The capability to rapidly expand or contract resource allocation to service definition
• Requirements using a self-service model that scales to as-needed capacity.
• Pooled resources ensure that better utilization and service levels can be achieved.
Design-DevelopSecurity
8
Cloud Basics: Architecture
– Utility model of Consumption & Allocation • The abstracted, democratized, service-oriented and elastic nature of
Cloud combined with tight automation, orchestration, provisioning and self-service allows for dynamic allocation of resources based on any number of governing input parameters.
• At an atomic level, the consumption of resources can then be used to provide an “all-you-can-eat” but “pay-by-the-bite” metered utility-cost and usage model.
• This approach provides cost efficiencies and scale as well as manageable and predictive costs.
Design-DevelopSecurity
9
3 Cloud Service Delivery Models:
• Software as a Service
• Platform as a Service
• Infrastructure as a Service
• Note: Lamia Youseff, et. al., adds Hardware as a Service and Communications as a Service to this list in their paper Toward a Unified Ontology of Cloud Computing
DeliverSecurity
10
– Lets the consumer use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email).
– The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
DeliverSecurity
Software as a Service
11
Platform as a Service
– Lets the consumer deploy on the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net).
– The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.
DeliverSecurity
12
Infrastructure as a Service
– Lets the consumer rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.
– The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).
DeliverSecurity
13
4 Cloud Service Deployment Models
–Public
–Private
–Managed
–Hybrid
DeploySecurity
14
Public Cloud Services
• Designated service provider and may offer either
– a single-tenant (dedicated) or
– multi-tenant (shared) operating environment
• Physical infrastructure is owned by and managed by the designated service provider and located within the provider’s datacenters (off-premise.)
• Consumers of Public Cloud services are “untrusted”
– Untrusted consumers are those that may be authorized to consume some/all services but are not logical extensions of the organization
DeploySecurity
15
Private Cloud Services
• Private Clouds are provided by an organization or their designated service provider.
– single-tenant (dedicated) operating environment
• The physical infrastructure may be either on-premise/owned by the organization or off-premise.
• The consumers of the service are considered “trusted.”
• Trusted consumers of service are those who are considered part of an organization’s legal/contractual umbrella including employees, contractors, & business partners.
DeploySecurity
16
Managed Cloud Services
• A type of Public model - Managed Clouds are provided by a designated service provider
• The key difference from Public Clouds is in the level of trust offered to users.
• Consumers of Managed Clouds may be trusted or untrusted.
DeploySecurity
17
Hybrid Cloud Services
– Combination of public and private cloud offerings that allow for transitive information exchange and possibly application compatibility and portability across disparate Cloud service offerings and providers.
– May use either standard or proprietary methodologies regardless of ownership or location
– Consumers of Hybrid Clouds may be trusted or untrusted
DeploySecurity
18
Governance and Risk Considerations for the Public Cloud
• A portion of the cost savings obtained by cloud computing services must be invested into the increased scrutiny of the security capabilities of the provider and ongoing detailed audits to ensure requirements are continuously met.
• The principals of Cloud Computing that make it very flexible and affordable create a relationship dynamism, which must be mitigated by ongoing risk management.
• Providers should have regular third party risk assessments and these should be made available to customers.
• Require listings of all third party relationships of the cloud provider.
• Understand financial viability of cloud provider.
Security
19
Governance and Risk Considerations for the Public Cloud
• Understand the cloud provider’s key risk and performance indicators and
– Ask yourself: How can these indicators be monitored and measured from a customer perspective?
• Request complete disclosure on all policies, procedures and processes comprising the cloud provider’s Information Security Management System (ISMS)
• Understand that it is the responsibility of the customer to perform extensive due diligence of any cloud provider for use in business functions or for hosting of regulated data , especially personally identifiable information.
• Establish contracts that contain a comprehensive listing of the required due diligence that you require of the cloud provider
– The contract should be considered as one of many strong governance tools.
Security
20
Data Security summary• Two big dimensions of security that are different in the cloud:
– Control to user access/privilege to your application has been extended to your cloud provider.
• You need to know who has access to your application.
• If they can't tell you, assume everyone in the company does!
– Protection against network and host based attacks.
• Does your cloud vendor really understand security?
• Have you asked about their corporate security policies?
Security
21
Data Compliance - Negatives
• Certain types of data
– Privacy data (FISA compliance)
– Financial data (SOX compliance)
– Healthcare data (HIPPA compliance)
• Cause compliance/regulatory issues
– Can you allow this data to go into a public cloud?
– How do you prevent compliance failure?
Compliance
22
Data Compliance - Positives
• Private Clouds can assist with data compliance
– Consider running a prototype and
– Ride the wave of cloud popularity to gain more control within your organization
Compliance
23
Data Loss
• Can In-the-Cloud applications and services overlook these risk?
• When something happens, does your cloud service have to go offline until recovery?
• If you are a cloud vendor, do you have backup/recoverypolicies in place?
– Have these been audited by an external 3rd party?
Data Loss
24
Loss of Data Control
• Richard Stallman, founder of GNU, claims that the use of cloud computing services and applications is "worse than stupid" because it locks users into proprietary systems.
• He particularly cautions against big players like Google, Microsoft and Amazon. – In my opinion, his comments have a conspiracy theory
flavor but the issue of control and privacy is something to consider.
What’s the worse that could happen in the cloud without data governance?
Loss of Control
25
The Worst that could happen
26
Cloud Losers: Unlucky Sealsof 2009 and 2008
Loss of Control
27
Cloud Computing Incidents Database (CCID)
• “The CCID records and monitors verifiable, noteworthy events that impact cloud computing providers, such as outages, security issues and breaches, both as they are happening and on an ongoing historical basis.”
– http://wiki.cloudcommunity.org/wiki/CloudComputing:Incidents_Database
• The CCID is offered to all under a Creative Commons (CC-BY-SA 3.0) license.
Loss of Control
28
2009 incidents
"From about 6:30 AM PST until 7:25 AM PST, most searches for any site in Google's database returned the message "This site may harm your computer." If a user attempted to click through to the result, a subsequent page referred users to StopBadware.org, causing that site to crash from the millions of visitors trying to access the site."
Loss of Control
29
A lesson from ma.gnolia
• ma.gnolia was a cloud computing based bookmark service provider. Corrupted data caused a catastrophic site crash on January 30, 2009. ma.gnolia’s backup methods did not include a known good backup. Three key lessons can be learned from this crash:
– Disaster recovery planning, implementation and testing is more important in the cloud than ever before.
– Implement competing backup solutions so that you have backup to your backup.
– Implement the daily/hourly workhorse backup. Make sure the backup and the restore process is fully defined, and run tests to prove it. Do these tests routinely .
Loss of Control
30
2008 incidents
Loss of Control
31
2008 incidents
9/15/2008 App Engine Google Low Outage
Performance
Degradation No
All
Datastore writes
experienced
elevated
latencies and
error-rates.
Yes
[11]
8/26/2008 FlexiScale FlexiScale Critical Outage Disaster Recovery NoAll
Full extended
outage
8/12/2008 Gmail Google High Outage
Change
Management No
Many
Users unable to
use webmail
due to issues
with loading
contacts
between 14:00
and 16:00 PT
User Impersonation
All SSO users
Malicious
service provider
could
impersonate a
user at other
service
providers.9/2/2008 Google Apps Google High Security
Loss of Control
32
2008 incidents
8/8/2008 The Linkup
Nirvanix
MediaMax Critical Data Loss Closure No
20,000
Data claimed to
be safe but
inaccessible
7/20/2008 Amazon S3 AWS Critical Outage Design Fault No
All
Full outage for 8
(weekend)
hours
7/10/2008 MobileMe Apple Moderate Outage Migration No
All
Scheduled
outage window
exceeded during
upgrade to
MobileMe
7/9/2008 .Mac Apple Info Outage Scheduled Outage No
All
Full outage
(except mail)
during upgrade
to MobileMe
18:00-00:00
Loss of Control
33
2008 incidents
4/28/2008 EC2 Amazon Low Outage
Degraded
Performance No
Small subset
of instances
Result of a
customer
creating a large
number of
firewall rules
and instances.
2/15/2008 Amazon S3 AWS Low Outage
Authentication
Failures No
All
Early morning
outage (04:31-
06:48 PST)
caused by
authentication
service overload
Loss of Control
34
Demo - Governed data in the cloud
It’s beautiful !
35
Some Private AND Public Clouds
• MAX - http://www.omb.gov (Private SaaS)
• OOR – (Public IaaS)– http://ontolog.cim3.net/cgibin/wiki.pl?OpenOntologyRepository
– http://oor-01.cim3.net
• Teragrid - http://www.teragrid.org/ (Hybrid PasS)
36
Summary
• 4 Reasons Data Governance is important to cloud computing (Security, Compliance, Data Loss, Loss of Control)
• 5 Principal Characteristics of the Cloud Architecture (Abstraction of Infrastructure, Resource Democratization, Services Oriented Architecture, Elasticity/Dynamism of Resources, Utility model of Consumption & Allocation )
• 3 Cloud Service Delivery Models (Software as a Service-SaaS, Platform as a Service-PaaS, Infrastructure as a Service-IaaS)
• 4 Cloud Service Deployment Models (Public, Private, Managed, Hybrid)
37
References
• The authors of this presentation wish to thank the following authors and organizations for their work in the field of Cloud Computing:– National Institute of Standards and Technology (NIST)– Lamia Youseff, Univ. of California, Santa Barbara– United States Department of Defense– The Cloud Security Alliance– The Cloud computing org (CCID)– Unisys Corporation– L-3 Communications– Morgan Franklin Corporation
38