Securing Cloud Services A pragmatic approach to security architecture in the Cloud Securing Cloud Services A pragmatic approach to security architecture in the Cloud LEE NEWCOMBE Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. All websites identified were correct and functioning at the time of writing; the publisher and author can take no responsibility for changes since this time. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address: IT Governance Publishing IT Governance Limited Unit 3, Clive Court Bartholomew’s Walk Cambridgeshire Business Park Ely Cambridgeshire CB7 4EA United Kingdom www.itgovernance.co.uk © Lee Newcombe 2012 The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work. First published in the United Kingdom in 2012 by IT Governance Publishing. ISBN 978-1-84928-397-7 PREFACE Cloud Computing represents a major change to the IT services landscape. For the first time enterprise-grade computing power is available to all, without the need to invest in the associated hosting environments, operations staff or complicated procurement activities. But this flexibility does not come without compromise or risk. Security is often cited as one of the major concerns of Chief Information Officers (CIOs) considering a move to Cloud- based services. The aim of this book is to provide pragmatic guidance on how organisations can achieve a consistent and cohesive security posture across their IT services – regardless of whether those services are hosted on-premise or hosted on a Cloud. This book provides an overview of security architecture processes and how these may be used to derive an appropriate set of security controls to manage the risks associated with working “in the Cloud”. This guidance is provided through the application of a security reference model to the different Cloud delivery models of Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Please note that this book is not a hands-on technical reference manual; those looking for code snippets or detailed designs should look elsewhere. 5 ABOUT THE AUTHOR Lee Newcombe, PhD, is an experienced and well-qualified security architect. During his career, he has been employed by a major retail bank, one of the Big 4 consultancies and a global systems integrator. His roles have included security assessment, security audit, security design, security implementation, business continuity, disaster recovery, forensics, identity and access management, security monitoring and many other aspects of information assurance. He has worked across various sectors, including the financial services, retail and government, latterly working as the security lead for a major law enforcement programme for the UK Government. Lee has worked within numerous “shared service” environments and Cloud programmes, which included acting as the IT industry security subject matter expert during the early days of the UK Government G-Cloud programme. He is a TOGAF9®-certified enterprise architect and an Open Group certified Master IT Specialist, and holds numerous security certifications – including CISSP and CCSK. He has full membership of the Institute of Information Security Professionals and is also a long- standing member of the CESG Listed Advisor Scheme. Lee is a named contributor to the Cloud Security Alliance guidance and has been writing about, presenting on, and working with Cloud technologies since 2007. 6 ACKNOWLEDGEMENTS I could not have produced this book without the help and support of my wonderful (and patient!) family. It’s been a fairly long and occasionally frustrating process, but I believe that the end result justifies the time and effort. So, the first on my list of people whose contribution I wish to acknowledge must be my wife, Lynne. Not only did she need to tolerate my hiding/working in the study whilst she prevented our dog from eating our children, but she was also then subjected to reading the first draft of each chapter of this book. If the content of this book is now understandable, and vaguely well formed, then that is down to the efforts of Lynne. Thanks Lynne – I could not have done it without your help. I must also express my thanks to my old friend and colleague, Jonathan Shelby, for taking the time to read through my drafts and providing a different perspective on the issues that I cover. Thanks Jon – it’s much appreciated. A number of my colleagues at Capgemini graciously volunteered to act as reviewers for this book. So, my thanks to Gill Hughes, Andrew Billington, Umesh Vidwans, Peter Groeneveld, Guy Stephens and Jens Liens for taking the time to read some, or all, of this work and providing me with expert comments, together with a degree of confidence that what I say has value. I would also like to thank the reviewers sourced by my publisher (ir. H.L. (Maarten) Souw RE, Enterprise Risk and QA Manager, UWV, Giuseppe G. Zorzino CISA CGEIT CRISC, Lead Auditor 27001, Security Architect and Antonio Velasco, CEO, Sinersys Technologies) for their valuable feedback. 7 Acknowledgements Finally, thank you to Angela Wilde, and all at IT Governance, for giving me the opportunity to publish this work. 8 CONTENTS Part One: Introduction....................................................11 Chapter 1: Introduction to Cloud Computing.........12 Chapter 2: Overview of existing Cloud Taxonomies and Models...................................................................17 Service models..........................................................19 Deployment models..................................................24 Jericho Forum® Cloud Cube model..........................28 Chapter 3: The Security Balance...............................32 Security benefits.......................................................32 Potential pitfalls........................................................40 Chapter 4: Security Threats associated with Cloud Computing....................................................................51 Cloud provider staff..................................................52 Image/application providers.....................................53 Competitors..............................................................55 Crackers/hackers.......................................................56 Insiders.....................................................................56 Governments.............................................................58 Transport agents.......................................................59 Identity providers......................................................59 Attribute providers....................................................60 Cloud management brokers......................................61 Chapter 5: Privacy and Data Security Concerns.....63 Data protection issues...............................................63 Payment card industry issues....................................69 Others.......................................................................71 Part Two: Pragmatic Cloud Security.............................73 Chapter 6: Introduction to Security Architecture...74 What is security architecture?..................................74 9 Contents What is a service?.....................................................78 Architectural layers..................................................79 Advantages of security architecture.........................83 Chapter 7: Application of Security Architecture to Cloud Computing........................................................87 Security reference model..........................................87 Security service descriptions....................................90 Service levels and contracts....................................101 Service models and the security reference model..106 Conclusions............................................................113 Chapter 8: Security and the Cloud..........................115 Existing guidance...................................................115 Common security services......................................119 Cloud deployment models......................................128 Chapter 9: Security and Infrastructure as a Service .....................................................................................143 IaaS and the SRM...................................................144 Conclusion..............................................................217 Chapter 10: Security and Platform as a Service....219 PaaS and the SRM..................................................221 Conclusion..............................................................269 Chapter 11: Security and Software as a Service....270 Conclusion..............................................................293 Part Three: Conclusion.................................................294 Chapter 12: Looking Ahead.....................................295 Overview................................................................295 Chapter 13: Conclusion and Summary...................303 Appendix A: SRM Security Service Assignments..307 ITG Resources...........................................................326 10