Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2009-11 1 Roger Clarke Xamax Consultancy and PSARN Security, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy,

Similar presentations


Presentation on theme: "Copyright 2009-11 1 Roger Clarke Xamax Consultancy and PSARN Security, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy,"— Presentation transcript:

1 Copyright Roger Clarke Xamax Consultancy and PSARN Security, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy, UNSW Cloud Computing Forum Realm Hotel, Canberra – 24 February {.html,.ppt} Security and Cloudsourcing

2 Copyright Security and Cloudsourcing AGENDA CloudSourcing Why Cloudsourcing Challenges Security Downsides of CloudSourcing (Security in the Broadest) Operational Disbenefits and Risks Contingent Risks Security Risks (Security in the Less Broad) Commercial Disbenefits and Risks Compliance Disbenefits and Risks Risk Management Strategies Questions To Ask Cloudsourcing Tenderers

3 Copyright Cloudsourcing from the User Perspective A service that satisfies all of the following conditions: 1.It is delivered over a telecommunications network 2.The service depends on virtualised resources i.e. the user has no technical need to be aware which server(s) running on which host(s) is/are delivering the service, nor where the host(s) is/are located 3.The service is acquired under a relatively flexible contractual arrangement, at least re the quantum used

4 Copyright Cloudsourcing from the User Perspective A service that satisfies all of the following conditions: 1.It is delivered over a telecommunications network 2.The service depends on virtualised resources i.e. the user does not know which server(s) running on which host(s) is/are delivering the service, nor where the host(s) is/are located 3.The service is acquired under a relatively flexible contractual arrangement, at least re the quantum used 4.The user organisation places reliance on the service for data access and/or data processing 5.The user organisation has legal responsibilities

5 Copyright From Insourcing to Cloudsourcing Off-Site Hosting Outsourced Facility Multiple Outsourced Facilities

6 Copyright From Insourcing to Cloudsourcing Integrated Multi-Site Outsourced Facilities

7 Copyright From Insourcing to Cloudsourcing CloudSourced Facilities

8 Copyright From Insourcing to Cloudsourcing CloudSourced Facilities

9 Copyright From Insourcing to Cloudsourcing Changes in Risk-Exposure Sourcing Phases Insourcing Outsourced Site Outsourced Facility Outsourced Facilities in Multiple Locations Integrated Multi-Site Outsourced Facilities Cloudsourced Facilities

10 Copyright From Insourcing to Cloudsourcing Changes in Risk-Exposure Sourcing Phases Insourcing Outsourced Site Outsourced Facility Outsourced Facilities in Multiple Locations Integrated Multi-Site Outsourced Facilities Cloudsourced Facilities Increasing: Component-Count Location-Count Complexity Dependencies Fragility Decreasing: Internal Expertise Internal Knowability ('set and forget')

11 Copyright CC Architecture – The User Organisation Perspective

12 Copyright A Comprehensive CC Architecture

13 Copyright Downsides from the User Perspective (Security in the Broadest) 1.Operational Disbenefits and Risks Dependability on a day-to-day basis 2.Contingent Risks Low likelihood, but highly significant 3.Security Risks Security in the less broad 4.Commercial Disbenefits and Risks 5.Compliance Disbenefits and Risks

14 Copyright Operational Disbenefits and Risks Fit – to users' needs, and customisability Reliability – continuity of operation Availability hosts/server/db readiness/reachability Accessibility network readiness Usability response-time, and consistency Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline) Resilience speed of resumption after outages Recoverability service readiness after resumption Integrity – sustained correctness of the service, and the data Maintainability – fit, reliability, integrity after bug-fixes & mods

15 Copyright Operational Disbenefits and Risks Fit – to users' needs, and customisability Reliability – continuity of operation Availability hosts/server/db readiness/reachability Accessibility network readiness Usability response-time, and consistency Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline) Resilience speed of resumption after outages Recoverability service readiness after resumption Integrity – sustained correctness of the service, and the data Maintainability – fit, reliability, integrity after bug-fixes & mods

16 Copyright Operational Disbenefits and Risks Fit – to users' needs, and customisability Reliability – continuity of operation Availability hosts/server/db readiness/reachability Accessibility network readiness Usability response-time, and consistency Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline) Resilience speed of resumption after outages Recoverability service readiness after resumption Integrity – sustained correctness of the service, and the data Maintainability – fit, reliability, integrity after bug-fixes & mods

17 Copyright Contingent Risks Major Service Interruptions Service Survival – supplier collapse or withdrawal Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers Data Survival – data backup/mirroring/synch, accessibility Data Acessibility – blockage by opponents or a foreign power Compatibility – software, versions, protocols, data formats Flexibility Customisation Forward-Compatibilityto migrate to new levels Backward-Compatibilityto protect legacy systems Lateral Compatibilityto enable dual-sourcing and escape

18 Copyright Contingent Risks Major Service Interruptions Service Survival – supplier collapse or withdrawal Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers Data Survival – data backup/mirroring/synch, accessibility Data Acessibility – blockage by opponents or a foreign power Compatibility – software, versions, protocols, data formats Flexibility Customisation Forward-Compatibilityto migrate to new levels Backward-Compatibilityto protect legacy systems Lateral Compatibilityto enable dual-sourcing and escape

19 Copyright Security Risks Service Security Environmental, second-party and third-party threats to any aspect of reliability or integrity Data Security Environmental, second-party and third-party threats to content, both in remote storage and in transit Authentication and Authorisation How to provide clients with convenient access to data and processes in the cloud, while denying access to imposters? Susceptibility to DDOS Multiple, separate servers; but choke-points will exist

20 Copyright Security Risks Service Security Environmental, second-party and third-party threats to any aspect of reliability or integrity Data Security Environmental, second-party and third-party threats to content, both in remote storage and in transit Authentication and Authorisation How to provide clients with convenient access to data and processes in the cloud, while denying access to imposters? Susceptibility to DDOS Multiple, separate servers; but choke-points will exist

21 Copyright Commercial Disbenefits and Risks Acquisition Lack of information Non-Negotiability of Terms and SLA Ongoing Loss of Corporate Expertise re apps, IT services, costs to deliver Inherent Lock-In Effect from high switching costs, formats, protocols High-volume Data Transfers from large datasets, replication/synchronisation Service Levels to the Organisation's Customers

22 Copyright Commercial Disbenefits and Risks Acquisition Lack of information Non-Negotiability of Terms and SLA Ongoing Loss of Corporate Expertise re apps, IT services, costs to deliver Inherent Lock-In Effect from high switching costs, formats, protocols High-volume Data Transfers from large datasets, replication/synchronisation Service Levels to the Organisation's Customers

23 Copyright Compliance Disbenefits and Risks General Statutory & Common Law Obligations Evidence Discovery Law Financial Regulations Company Directors' obligations re asset protection, due diligence, business continuity, risk management Security Treaty Obligations Confidentiality – incl. against foreign governments Strategic Commercial Governmental Privacy – particularly Unauthorised Use and Disclosure Second-Party (service-provider abuse), Third-Party ('data breach', 'unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

24 Copyright Compliance Disbenefits and Risks General Statutory & Common Law Obligations Evidence Discovery Law Financial Regulations Company Directors' obligations re asset protection, due diligence, business continuity, risk management Security Treaty Obligations Confidentiality – incl. against foreign governments Strategic Commercial Governmental Privacy – particularly Unauthorised Use and Disclosure Second-Party (service-provider abuse), Third-Party ('data breach', 'unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

25 Copyright Compliance Disbenefits and Risks General Statutory & Common Law Obligations Evidence Discovery Law Financial Regulations Company Directors' obligations re asset protection, due diligence, business continuity, risk management Security Treaty Obligations Confidentiality – incl. against foreign governments Strategic Commercial Governmental Privacy – particularly Unauthorised Use and Disclosure Second-Party (service-provider abuse), Third-Party ('data breach', 'unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

26 Copyright Compliance Disbenefits and Risks General Statutory & Common Law Obligations Evidence Discovery Law Financial Services Regulations Company Directors' obligations re asset protection, due diligence, business continuity, risk management Security Treaty Obligations Confidentiality – incl. against foreign governments Strategic Commercial Governmental Privacy – particularly Unauthorised Use and Disclosure Second-Party (service-provider abuse), Third-Party ('data breach', 'unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

27 Copyright Risk Management Strategies Processes Risk Assessment => Risk Management

28 Copyright Risk Management Strategies Processes Risk Assessment => Risk Management Legal Aspects Service Level Agreement (SLA)

29 Copyright SLA Checklist (ITILv3 Edited Down) 1. Service name 2. Clearance information (with location and date) 1. Service Level Manager 2. Customer 3. Contract duration 1. Start and end dates 2. Rules regarding termination of the agreement 4. Description/ desired customer outcome 1. Business justification 2. Business processes/ activities oncust side supported by the service 3. Desired outcome in terms of utility 4. Desired outcome in terms of warranty 5. Service and asset criticality 1. Identification of business-critical assets connected with the service 1. Vital Business Functions (VBFs) supported by the service 2. Other critical assets used within the service 2. Estimation of the business impact caused by a loss of service or assets 6. Reference to further contracts which also apply (e.g. SLA) 7. Service times 1. Hours when the service is available 2. Exceptions (e.g. weekends, public holidays) 3. Maintenance slots 8. Required types and levels of support 1. On-site support 1. Area/ locations 2. Types of users 3. Types of infrastructure to be supported 4. Reaction and resolution times 2. Remote support 1. Area/ locations 2. Types of users (user groups granted access to the service) 3. Types of infrastructure to be supported 4. Reaction and resolution times 9. Service level requirements/ targets 1. Availability targets and commitments 1. Conditions under which the service is considered to be unavailable 2. Availability targets 3. Reliability targets (usually defined as MTBF or MTBSI ) 4. Maintainability targets (usually defined as MTRS) 5. Downtimes for maintenance 6. Restrictions on maintenance 7. Procedures for announcing interruptions to the service 8. Requirements regarding availability reporting 2. Capacity/ performance targets and commitments 1. Required capacity (lower/upper limit) for the service, e.g. 1. Numbers and types of transactions 2. Numbers and types of users 3. Business cycles (daily, weekly) and seasonal variations 2. Response times from applications 3. Requirements for scalability 4. Requirements regarding capacity and performance reporting 3. Service Continuity commitments 1. Time within which a defined level of service must be re-established 2. Time within which normal service levels must be restored 10. Mandated technical standards and spec of the technical service interface 11. Responsibilities 1. Duties of the service provider 2. Duties of the customer (contract partner for the service) 3. Responsibilities of service users (e.g. with respect to IT security) 4. IT Security aspects to be observed when using the service 12. Costs and pricing 1. Cost for the service provision 2. Rules for penalties/ charge backs 13. Change history 14. List of annexes

30 Copyright Risk Management Strategies Processes Risk Assessment => Risk Management LegalAspects Service Level Agreement (SLA) Contract Terms

31 Copyright Risk Management Strategies Processes Risk Assessment => Risk Management Legal Aspects Service Level Agreement (SLA) Contract Terms Ongoing Due Diligence Audit and Certification

32 Copyright Risk Management Strategies Processes Risk Assessment => Risk Management Legal Aspects Service Level Agreement (SLA) Contract Terms Ongoing Due Diligence Audit and Certification Multi-Sourcing Several Suppliers

33 Copyright Risk Management Strategies Processes Risk Assessment => Risk Management Legal Aspects Service Level Agreement (SLA) Contract Terms Ongoing Due Diligence Audit and Certification Multi-Sourcing Several Suppliers Of necessity compatible

34 Copyright Risk Management Strategies Processes Risk Assessment => Risk Management Legal Aspects Service Level Agreement (SLA) Contract Terms Ongoing Due Diligence Audit and Certification Multi-Sourcing Several Suppliers Of necessity compatible Parallel, In-House

35 Copyright Risk Management Strategies Processes Risk Assessment => Risk Management Legal Aspects Service Level Agreement (SLA) Contract Terms Ongoing Due Diligence Audit and Certification Multi-Sourcing Several Suppliers Of necessity compatible Parallel, In-House Redundancy – Multiple and Independent Processing Facilities Hot/Warm-Site Data Storage

36 Copyright A New Digital Security Model In a highly-interconnected world, Perimeter Security / The Walled Fortress doesn't work any more The new Core Principle: When unauthorised access happens, make sure that the data is valueless to anyone other than the user- organisation

37 Copyright A New Digital Security Model Some Implementation Techniques Obscure the content and identities (Only the user-organisation has the decryption-key) Use pseudo-identifiers not identifiers (Only the user-organisation has the cross-index) Split the content into 'small enough' morsels (Only the user-organisation has the whole picture) Authenticate attributes rather than identities NITTA (2011) 'New Digital Security Models' National IT and Telecom Agency, Copenhagen, February 2011,

38 Copyright Categories of Use-Profile CC is very well-suited for... Uses of computing that are highly price-sensitive Adjuncts to analysis and decision-making Trade off loss of control, uncertain reliability and contingent risks against cost-advantages, convenience, scalability, etc.

39 Copyright Categories of Use-Profile CC is very well-suited for... Uses of computing that are highly price-sensitive Adjuncts to analysis and decision-making Trade off loss of control, uncertain reliability and contingent risks against cost-advantages, convenience, scalability, etc. CC is completely inappropriate for... 'mission-critical systems' systems embodying the organisation's 'core competencies' applications whose failure or extended malperformance would threaten the organisation's health or survival

40 Copyright Categories of Use-Profile CC is very well-suited for... Uses of computing that are highly price-sensitive Adjuncts to analysis and decision-making Trade off loss of control, uncertain reliability and contingent risks against cost-advantages, convenience, scalability, etc. CC is completely inappropriate for... 'Mission-critical systems' Systems embodying the organisation's 'core competencies' Applications whose failure or extended malperformance would threaten the organisation's health or survival CC may be applicable, it all depends... Can the risks be adequately understood and managed? Trade-offs between potential benefits vs. uncontrollable risks

41 Copyright Questions to ask CloudSourcing Tenderers How do you ensure that natural disasters and DDOS won't interrupt or delay my services?

42 Copyright Questions to ask CloudSourcing Tenderers How do you ensure that natural disasters and DDOS won't interrupt or delay my services? What's your Vulnerability Testing regime?

43 Copyright Questions to ask CloudSourcing Tenderers How do you ensure that natural disasters and DDOS won't interrupt or delay my services? What's your Vulnerability Testing regime? Managed Vulnerability Assessment Service MVAS PSARN Management & Engineering

44 Copyright Questions to ask CloudSourcing Tenderers How do you ensure that natural disasters and DDOS won't interrupt or delay my services? What's your Vulnerability Testing regime? How do you know, & how do I know, at all times, the Jurisdictional Location(s) of my data? How do you assure me that my unencrypted data is never in, and never crosses, particular jurisdictions?

45 Copyright Questions to ask CloudSourcing Tenderers How do you ensure that natural disasters and DDOS won't interrupt or delay my services? What's your Vulnerability Testing regime? How do you know, & how do I know, at all times, the Jurisdictional Location(s) of my data? How do you assure me that my unencrypted data is never in, and never crosses, particular jurisdictions? After 3 hours' delay, what's your Contingency Plan?

46 Copyright Questions to ask CloudSourcing Tenderers How do you ensure that natural disasters and DDOS won't interrupt or delay my services? What's your Vulnerability Testing regime? How do you know, & how do I know, at all times, the Jurisdictional Location(s) of my data? How do you assure me that my unencrypted data is never in, and never crosses, particular jurisdictions? After 3 hours' delay, what's your Contingency Plan? checkin-system-delayed-for-18-hours u5f.html Remember Virgin Blue and Accenture/Navitaire "The Virgin Blue check-in system that crashed and left tens of thousands of passengers stranded was meant to be backed up by a parallel 'disaster recovery system' within 3 hours, but it did not work for 21 hours"

47 Copyright Questions to ask CloudSourcing Tenderers How do you ensure that natural disasters and DDOS won't interrupt or delay my services? What's your Vulnerability Testing regime? How do you know, & how do I know, at all times, the Jurisdictional Location(s) of my data? How do you assure me that my unencrypted data is never in, and never crosses, particular jurisdictions? After 3 hours' delay, what's your Contingency Plan? Where are the Backups of my data?

48 Copyright Questions to ask CloudSourcing Tenderers How do you ensure that natural disasters and DDOS won't interrupt or delay my services? What's your Vulnerability Testing regime? How do you know, & how do I know, at all times, the Jurisdictional Location(s) of my data? How do you assure me that my unencrypted data is never in, and never crosses, particular jurisdictions? After 3 hours' delay, what's your Contingency Plan? Where are the Backups of my data? If I choose someone else, what's involved in Switching Suppliers, to you, at a later date?

49 Copyright Conclusion "Past efforts at utility computing failed, and we note that in each case one or two... critical characteristics were missing" (Armbrust et al. 2008, p. 5 – UC Berkeley) CC may be just another marketing buzz-phrase that leaves corporate wreckage in its wake CC service-providers need to invest a great deal in many aspects of architecture, infrastructure, applications, and terms of contract and SLA User organisations need to trial CC with care

50 Copyright Security and Cloudsourcing AGENDA CloudSourcing Why Cloudsourcing Challenges Security Downsides of CloudSourcing (Security in the Broadest) Operational Disbenefits and Risks Contingent Risks Security Risks (Security in the Less Broad) Commercial Disbenefits and Risks Compliance Disbenefits and Risks Risk Management Strategies Questions To Ask Cloudsourcing Tenderers

51 Copyright Roger Clarke Xamax Consultancy and PSARN Security, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy, UNSW Cloud Computing Forum Realm Hotel, Canberra – 24 February {.html,.ppt} Security and Cloudsourcing


Download ppt "Copyright 2009-11 1 Roger Clarke Xamax Consultancy and PSARN Security, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy,"

Similar presentations


Ads by Google