Talk I gave at OWASP San Francisco 3/14/2012

1. REBUILDING FOR
THE CLOUD
HOW CLOUD ARCHITECTURE CAN IMPROVE
APPLICATION SECURITY

2. INTRO

3. AGENDA
Definitions (brief, I promise)
Cloud Benefits
Cloud Security Concepts
Moving applications to the cloud, wrong way
Moving applications to the cloud, right way
Please do ask questions!

4. CLOUD [kloud]
noun
NIST Definition (AKA SP800-145)
• On demand, self-service
• Broad network access
• Resource pooling
• Rapid elasticity
• Measured (read: billable) service

5. INFORMATION SECURITY
[in-fer-mey-shuhn si-kyoor-i-tee]
noun
Protecting information and information systems from
unauthorized access, use, disclosure, disruption,
modification, perusal, inspection, recording or destruction.
See Also: Job Security

6. Artist: Tyler, 11. Dortmund, Germany

7. CLOUD BENEFITS
Main benefit: Flexibility
Possible benefit: Cost savings

8. CLOUD SECURITY
CLIFF NOTES
• Trust nobody
• Encrypt everything
• Expect service issues

9. WHAT’S WRONG WITH FORKLIFTING?

10. FORKLIFTING…
“Datacenter” application to the cloud:
• Can’t trust what you used to
• Datacenter apps usually not flexible
• Confidentiality, Integrity, Availability all handled differently

11. ENTERPRISE vs CLOUD

12. HOW ABOUT PAAS?

13. LEVERAGING CLOUD
ARCHITECTURE
How can we (gently) re-architect to take advantage of the
cloud?
• Network
• Web server
• Application Server
• Database server
• Don’t forget audit/forensics!

14. NETWORK
Good: Limit by IP
Better: Allow administration via
VPN only
Best: Admin interface on separate
host, VPN only
Artist: Jonathan, Age 7 Heidelberg, Germany

15. WEB/APP SERVER
Good: Load balancing, “Basic” hardening (IP ACLs, only
accept GET/POST, server tuned for large loads). SSL’s cheap
nowadays
Better: Build Web Application Firewalls and reverse caches
into your IaaS (mod_security’s free)
Best: Use 3rd party services to handle load and minimize
security issues (CDNs like Akamai, Cloudflare)
Required: Input filtering, output encoding.

16. DATASTORE
Good: Place DBs on separate host from application.
Better: Place DBs in separate datacenters, and replicate
Best: Migrate to a “NOSQL” datastore (Cassandra, MongoDB,
ElasticSearch)
Required: Encrypt data-at-rest

17. NOSQL SECURITY?
• Many NOSQL systems turn off
even authentication
• Data labeling or granular access
needs to be handled in
application.
Artist: Luca, Italy

18. INTER-PROCESS
COMMUNICATION
Good: Whatever you’ve dreamt up,
(cloud bullhorn?) at least encrypt it.
Better: Use open protocols for
communication between nodes.
Make sure encryption is enabled!
Best: Consider using message
queues.
Required, in case you missed it: encryption.

19. LOGGING & FORENSICS
What happens to logs when our scalable architecture…
scales down?
Cloud really really requires centralized logging, monitoring,
and management.
Also, consider erase vs. overwrite

20. WHAT HAVE WE
BUILT?
• Scalable solution
• No single point of failure
• Healthy caution of all those around us (filtering/encoding)
• Data stored and transmitted safely
• And a nice set of audit logs for when Bad Things happen

21. LEARN MORE
Cloud Security Alliance
OWASP Cloud top 10

22. THANKS AND
CONTACT INFO
“Bad People” drawings from http://badpeopleproject.org
Follow me on twitter: @johnlkinsella