Enterprise Cloud Risk And Security

Mark Masterson | http://jroller.com/MasterMark

Risk and Security in the Enterprise Cloud


Do you know what a “zombie” is?


Really?


How do YOU know that you are not a zombie?


Did you know that there is a whole culture of ivory tower folk who

spend their days trying to answer that question?

http://consc.net/neh/papers/dretske2.htmhttp://en.wikipedia.org/wiki/Fred_Dretske

http://philsci-archive.pitt.edu/archive/00002546/01/caatkg.pdf

http://consc.net/neh/papers/dretske2.htm

http://en.wikipedia.org/wiki/Fred_Dretske

http://philsci-archive.pitt.edu/archive/00002546/01/caatkg.pdf


Hmm. Interesting. But, so what?


Do you know what the Principa Mathematica is?


“It is an attempt to derive all mathematical truths from a well-

defined set of axioms and inference rules in symbolic logic.”

http://en.wikipedia.org/wiki/Principia_Mathematica

http://en.wikipedia.org/wiki/Principia_Mathematica


http://en.wikipedia.org/wiki/Bertrand_Russell

http://en.wikipedia.org/wiki/Bertrand_Russell


Did Russell succeed?


No.


In fact, he not only failed, his failure provoked one of the most profound insights our species has

ever achieved…


Kurt Gödel’s Incompleteness Theorems

http://en.wikipedia.org/wiki/On_Formally_Undecidable_Propositions_of_Principia_Mathematica_and_Related_Systems




http://en.wikipedia.org/wiki/Kurt_Gödel

http://en.wikipedia.org/wiki/Kurt_G%C3%B6del


Right up there with evolution and relativity, on the “wow, this is a big

deal” scale.


So, what did Gödel figure out?


No formal system extending basic arithmetic can be used to prove its

own consistency.


Hmm. Interesting. But, so what?


No formal system extending basic arithmetic can be used to prove its

own consistency.


Formal system extending basic arithmetic.


Umm, dude. That would, eh, be a computer?


Because computing is a mathematical model…


Computer people tend to assume that such models are not only

necessary…


But also sufficient. In other words, they assume that knowing the

model means absolute control over the results.



LOL!



Consider the classic way of defining “risk”…


Risk exposure (RE) = probability(loss) * magnitude(loss)

http://books.google.com/books?id=0RfANAwOUdIC&pg=PA800&lpg=PA800&dq=risk+exposure+re+formula&source=web&ots=pENn1no-zn&sig=Xe72BRymob2ftXlp4CciUr-ly-Y&hl=en&ei=QquNSfLdMob00AXB4OGcCw&sa=X&oi=book_result&resnum=5&ct=result

(The Handbook Of Information Security)





That formula is not wrong, but…


Some people assume that they can leverage it, and others like it, to

“prove” that a complex system is “secure”.


They take comfort in arithmetic.



LOL!



And recall…


What’s “the Cloud” got to do with this?


It increases the complexity of the overall system.


Makes an existing problem more urgent.


Ludwig Wittgenstein, a fierce critic of Principa Mathematica,

conceded that it was useful, but only in the small.


To the extent that naïve use of the Cloud scales systems up beyond “small”, it forces us to confront a

problem we may have been able to ignore.


http://www.flickr.com/photos/rachels_secret/220269351/



So. What to do?


There are essentially two approaches: 1) try to build out the

existing, Russellian, “defense in depth” techniques.



LOL!



Or 2) find ways to design systems that cope gracefully with

uncertainty.


This also implies finding ways of decomposing systems, and

applying techniques to cope with risk and uncertainty, in the small.


Not this…


http://www.flickr.com/photos/peterpearson/347124844/

http://www.flickr.com/photos/peterpearson/347124844/


But this…


http://www.flickr.com/photos/euthman/2989437967/in/set-72057594114099781/

http://www.flickr.com/photos/euthman/2989437967/in/set-72057594114099781/


I know what I’d bet on.


Is anybody trying to do this?


Yes! Good examples abound.


The U.S. DOE published an excellent report in December: “A

Scientific Research & Development Approach to Cyber Security”.

http://chas.typepad.com/dli/2009/01/cyber-security-rd-needs-for-doe.html

http://chas.typepad.com/dli/2009/01/cyber-security-rd-needs-for-doe.html


The Jericho Forum, part of The Open Group, is doing important

work in defining models of security and risk that don’t ignore Gödel’s

LOL.

https://www.opengroup.org/jericho/about.htm

https://www.opengroup.org/jericho/about.htm


And, in a shameless plug, CSC’s report on “liquid security” contains lots of information, particularly in

the section on “Living on the Web”.

http://www.csc.com/aboutus/leadingedgeforum/knowledgelibrary/uploads/LEF_2007DigitalTrustVol5.pdf




So what are you telling me? That everything I thought I knew about

security is wrong?


No. Not exactly.


I’m asserting two things…


1) Many (many!) people in the ICT trade think that things like the

limits of mathematics or cognitive science is irrelevant to their work.


They are wrong.


Fundamentally, engineering is about knowing and respecting the

limitations of one’s materials.


ICT systems are built with software being one of the key materials.


And software is thoughtstuff.


For an engineer of thoughtstuff, the limitations of mathematics and

cognitive science are the limitations of the material.


Russellian assumptions underlying “defense in depth” approaches to coping with risk need to be made

explicit, because…


“Defense in depth” not only will not achieve its stated goals…


“Defense in depth” cannot achieve its stated goals.



LOL!



2) Because of that, we ought to study complex systems in Nature,

learn how those systems cope with risk, uncertainty and so on, and

apply those lessons to ICT.


We need to stop thinking in terms of “security” and start thinking in

terms of “health”.


This is already true in your enterprise, if your systems

landscape is not “small”


It will become true, at the latest, once you begin to expand your landscape to include the Cloud.


So is everything we’ve got useless?


Of course not.


But we can’t go near the Cloud until we’ve fixed this?


Fortunately, that’s also not true.


You can use the Cloud now.


And that will be just as safe – as healthy – as you already are.


Like this…


You use existing, familiar tools, like VLANs, VPN tunnels, encrypted

data (including storage), IPSec, and the faithful firewall.


You will likely run into the following problems:


1) Static, manual configuration and management of your network and

security infrastructure will probably not scale with demand.


There are tools on the market, available now and emerging, to

meet this demand.


CohesiveFT VPN-Cubed, Cloudswitch, the next version of

Cassatt, etc.


2) Static, manual processes to provision and manage VMs will probably not scale to demand.


You will find yourself wanting to archive (versioned) VMs, ensure VMs have specific attributes, and otherwise maintain governance.


But you will also need a way to maintain the “self-service” factor,

or risk torpedoing a significant part of the value proposition of the

Cloud.


Again, there are tools available and emerging that can address some of

these needs…


CohesiveFT ElsaticServer, rPath, Vmware, Enomalism, Elastra,

3Tera, many others


These tools have widely divergent solutions to these problems – choosing one involves many

tradeoffs


You are likely to find that you want a coherent, unified platform to

deal with both build- and run-time aspects.


And you are going to need to find a way to utilize multiple providers in parallel, if you want to be healthy.


RAIC – Redundant Array of Independent Cloud Providers


http://en.wikipedia.org/wiki/RAID


RAIC “solves” the problems of data portability and lock-in, whilst

simultaneously increasing reliability, flexibility, and

potentially, performance.


Diversity = health.


Hmm. What about the orchestrator? Single point of

failure?


Yes.


So you have to ensure that it is designed to be healthy.


Available and emerging things worth considering in the context of

the orchestrator include…


Eucalyptus: http://eucalyptus.cs.ucsb.edu/

UCI: http://code.google.com/p/unifiedcloud/

Ubuntu: https://wiki.edubuntu.org/UDSJaunty/Report/Server

GridGain API: http://www.gridgain.com/product.html

And also take a look at things like Puppet: http://reductivelabs.com/trac/puppetChef: http://wiki.opscode.com/display/chef/Chef+SoloAMQP: http://en.wikipedia.org/wiki/Advanced_Message_Queuing_ProtocolHadoop: http://en.wikipedia.org/wiki/Hadoop… and so on.


That’s a lot to digest, but a picture of how to bring the Cloud inside

the firewall emerges from it.


What about using the Cloud outside the firewall? What about,

for example, collaborating with external partners in the Cloud?


Well, that’s where we all want to go.


But we can’t get there – safely and in good health – until certain hard

problems are solved.


Problems like federated identity, for example.


Those kinds of problems cannot be solved via Russellian techniques.


And to the extent that current approaches embody Russellian

assumptions, they cannot succeed.


So, no collaborative Cloud?


Not necessarily, but you will have to be aware of the context.


Think differently.


For example, concepts like “firewall” embody Russellian

assumptions, and are only useful in the small.


Instead, consider concepts like quarantine, sterilization chambers

and disinfection, for example.


Safe = healthy.


Join the conversation:http://groups.google.com/group/cloud-computing/

http://groups.google.com/group/cloudforumhttp://tech.groups.yahoo.com/group/cloudcomputing-tech/

… and please come talk to us, as well …http://twitter.com/mastermarkhttp://twitter.com/gblnetwkr

http://www.jroller.com/MasterMark/

Thanks!

Enterprise Cloud Risk And Security

Technology

Transcript of Enterprise Cloud Risk And Security