O objetivo desta apresentação é discutir as principais ameaças à computação em nuvem com base no documento "As Nove Principais Ameaças na computação em Nuvem" disponibilizado pela Cloud Security Alliance no início de 2013. Baseado em uma pesquisa realizada entre seus associados, este documento fornece o contexto necessário para auxiliar as organizações na tomada de decisões de risco ao analisar suas estratégias de adoção da Computação em Nuvem.
2. 2
• O
que
é
Cloud
Compu)ng
• Cloud
Security
Alliance
• CSA
2013
Top
Threats
Agenda
3. 3
Picture
source:
sxc.hu
CLOUD
COMPUTING
O
que
é
a
computação
em
nuvem
4. 4
O
que
é
a
computação
em
nuvem
(1)
fonte:
sxc.hu
“Cloud
compuBng
is
a
model
for
enabling
ubiquitous,
convenient,
on-‐demand
network
access
to
a
shared
pool
of
configurable
compuBng
resources
(e.g.,
networks,
servers,
storage,
applicaBons,
and
services)
that
can
be
rapidly
provisioned
and
released
with
minimal
management
effort
or
service
provider
interacBon.
This
cloud
model
promotes
availability
and
is
composed
of
five
essenBal
characterisBcs,
three
service
models,
and
four
deployment
models.”
In
“NIST
Cloud
CompuBng
Standards
Roadmap
-‐
Special
PublicaBon
500-‐291”
5. 5
O
que
é
a
computação
em
nuvem
(2)
fonte:
sxc.hu
In
“Security
Guidance
for
CriBcal
Areas
of
Focus
in
Cloud
CompuBng
v3”
6. 6
Picture
source:
sxc.hu
CLOUD
SECURITY
ALLIANCE
Cloud
Security
Alliance
e
Capitulo
Brasileiro
7. 7
–
Associação
sem
fins
lucraBvos
–
Reúne
pessoas
]sicas
e
empresas
–
Oficializada
em
dezembro
de
2008
–
+35mil
membros,
+130
membros
corporaBvos
–
Presente
em
23
países
através
de
30
Chapters
locais
(setembro/2012)
Cloud
Security
Alliance
(CSA)
8. 8
“Promover
a
uBlização
das
melhores
práBcas
para
fornecer
garanBa
de
segurança
dentro
de
Cloud
CompuBng,
e
oferecer
educação
sobre
os
usos
de
Cloud
CompuBng
para
ajudar
a
proteger
todas
as
outras
formas
de
computação.”
Missão
Picture
source:
sxc.hu
9. 9
• Segundo
Chapter
oficial
da
CSA
– Oficializado
em
27
de
Maio
de
2010
• Segue
Missão
e
ObjeBvos
da
CSA
Global
– Promover
a
Segurança
em
Cloud
CompuBng
– Promover
pesquisas
e
iniciaBvas
locais
CSA
Brasil
10. 10
• CerBficação
“CerBficate
of
Cloud
Security
Knowledge
(CCSK)”
– Exame
online
– Custo
de
USD
$345.
• Treinamento
– CCSK
training
– PCI
Cloud
training
– GRC
Stack
training
Educação
hkps://cloudsecurityalliance.org/educaBon
hkps://ccsk.cloudsecurityalliance.org
11. 11
Algumas
das
inicia)vas
de
pesquisa
hkps://cloudsecurityalliance.org/research
12. 12
– Estabelece
um
guia
de
recomendações
para
adoptação
segura
e
estavél
das
operações
na
nuvem;
– Redifine
dominios
desde
a
ulBma
versão
de
forma
a
enfaBzar
segurança,
estabilidade
e
privacidade;
– Estabelece
recomendações
práBcas
e
requerimentos
que
podem
ser
mensurados
e
auditados.
Inicia)va
de
pesquisa:
Security
Guidance
for
Cri)cal
Areas
of
Focus
in
Cloud
Compu)ng
hkps://cloudsecurityalliance.org/research/security-‐guidance/
Security
Guidance
for
CriBcal
Areas
in
Cloud
CompuBng
V.3
13. 13
– Registro
gratuito
e
de
acesso
público
dos
controles
de
segurança
de
diversos
provedores
de
Cloud
CompuBng;
– Relatórios
de
auto-‐avaliação
sobre
compliance
com
as
melhores
práBcas
publicadas
pela
CSA;
– Ajuda
os
usuários
a
avaliarem
a
segurança
dos
provedores
de
Cloud.
Inicia)va
de
pesquisa:
CSA
Security,
Trust
&
Assurance
Registry
(STAR)
hkps://cloudsecurityalliance.org/star/
14. 14
“Este
documento
destaca
algumas
das
moBvações
mais
comumente
apontadas
como
jusBficaBvas
para
a
adoção
de
Computação
em
Nuvem,
bem
como
alguns
dos
aspectos
a
serem
considerados
quanto
a
cada
uma
destas
moBvações.
Com
este
documento
a
CSA
Brazil
Chapter
pretende
contribuir
com
gestores
e
tomadores
de
decisão
quanto
à
decisão
sobre
a
adoção
de
Computação
em
Nuvem
em
suas
organizações.”
– Uelinton
Santos,
Luiz
Augusto
Amelos,
Filipe
Villar,
Eduardo
Fedorowicz
Inicia)va
de
pesquisa:
White
Paper
-‐
Adoção
de
computação
em
Nuvem
e
suas
mo)vações
hkps://chapters.cloudsecurityalliance.org/brazil/2012/08/17/white-‐
paper-‐adocao-‐de-‐computacao-‐em-‐nuvem-‐e-‐suas-‐moBvacoes/
16. 16
• Migração
do
conceito
de
cliente-‐servidor
para
o
de
serviço,
com
rapidez
na
migração
e
a
redução
de
custos
operacionais
• Não
adequação
de
poliBcas,
processos
e
melhores
práBcas
CSA
Top
Threats
2013
-‐
Porquê?
17. 17
• Condução
de
quesBonários
direcionados
a
especialistas
da
indústria
para
mapear
quais
as
maiores
possíveis
vulnerabilidades
da
adoção
de
Cloud
Compu)ng
• Compilação
e
comparação
dos
resultados
com
o
relatório
anterior
(2010)
• Elaboração
do
report
que
deve
servir
de
suporte
para
uBlizadores
provedores,
na
tomada
de
decisão
em
relação
a
miBgação
de
riscos
dentro
da
cloud
strategy
• Este
report
deve
ser
uBlizado
com
os
guias
de
melhores
práBcas:
• “Security
Guidance
for
CriBcal
Areas
in
Cloud
CompuBng
V.3”
• “Security
as
a
Service
ImplementaBon
Guidance.”
CSA
Top
Threats
2013
-‐
Como
e
com
que
obje)vo?
18. 18
1. Data
Breaches
2. Data
Loss
3. Account
Hijacking
4. Insecure
APIs
5. Denial
of
Service
6. Malicious
Insiders
7. Abuse
of
Cloud
Services
8. Insufficient
Due
Diligence
9. Shared
Technology
Issues
CSA
Top
Threats
2013
–
Quais?
19. 19
Como
analisar
cada
ameaça?
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
CSA
REFERENCE
Domain
X
• Qual
o
modelo
de
serviço
impactado
pela
ameaça
em
parBcular
• Qual
a
relação
entre
o
Risco
atual
e
Percepção
de
Risco
• Quais
capítulos
do
guia*
tratam
sobre
a
ameaça
ou
como
a
miBgar
RISK
ANALYSIS
CIANA
STRIDE
• Quais
os
riscos
do
ponto
de
vista
de:
CIANA
(ConfidenBality,
Integrity,
Availability,
Non-‐
RepudiaBon,
AuthenBcaBon)
STRIDE
(Spoofing,
Tampering,
RepudiaBon,
InformaBon
disclosure,
Denial
of
service,
ElevaBon
of
privilege)
*
-‐
Security
Guidance
for
CriBcal
Areas
in
Cloud
CompuBng
V.3”
20. 20
(1)
Top
Threat:
Data
Breaches
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
CSA
REFERENCE
Domain
5:
InformaBon
Management
and
Data
Security
Domain
10:
ApplicaBon
Security
Domain
12:
IdenBty,
EnBtlement
and
Access
Management
Domain
13:
VirtualizaBon
RISK
ANALYSIS
CIANA:
ConfidenBality
STRIDE:
InformaBon
Disclosure
It’s
every
CIO’s
worst
nightmare:
the
organizaBon’s
sensiBve
internal
data
falls
into
the
hands
of
their
compeBtors.
While
this
scenario
has
kept
execuBves
awake
at
night
long
before
the
advent
of
compuBng,
cloud
compuBng
introduces
significant
new
avenues
of
akack.
In
November
2012,
researchers
from
the
University
of
North
Carolina,
the
University
of
Wisconsin
and
RSA
CorporaBon
released
a
paper
describing
how
a
virtual
machine
could
use
side
channel
Bming
informaBon
to
extract
private
cryptographic
keys
being
used
in
other
virtual
machines
on
the
same
physical
server.
However,
in
many
cases
an
akacker
wouldn’t
even
need
to
go
to
such
lengths.
If
a
mulBtenant
cloud
service
database
is
not
properly
designed,
a
flaw
in
one
client’s
applicaBon
could
allow
an
akacker
access
not
only
to
that
client’s
data,
but
every
other
client’s
data
as
well.
21. 21
(2)
Top
Threat:
Data
Loss
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
CSA
REFERENCE
Domain
5:
InformaBon
Management
and
Data
Security
Domain
10:
ApplicaBon
Security
Domain
12:
IdenBty,
EnBtlement
and
Access
Management
Domain
13:
VirtualizaBon
RISK
ANALYSIS
CIANA:
Availability,
Non-‐RepudiaBon
STRIDE:
RepudiaBon,
Denial
of
Service
For
both
consumers
and
businesses,
the
prospect
of
permanently
losing
one’s
data
is
terrifying.
Just
ask
Mat
Honan,
writer
for
Wired
magazine:
in
the
summer
of
2012,
akackers
broke
into
Mat’s
Apple,
Gmail
and
Twiker
accounts.
They
then
used
that
access
to
erase
all
of
his
personal
data
in
those
accounts,
including
all
of
the
baby
pictures
Mat
had
taken
of
his
18-‐month-‐old
daughter.
Of
course,
data
stored
in
the
cloud
can
be
lost
due
to
reasons
other
than
malicious
akackers.
Any
accidental
deleBon
by
the
cloud
service
provider,
or
worse,
a
physical
catastrophe
such
as
a
fire
or
earthquake,
could
lead
to
the
permanent
loss
of
customers’
data
unless
the
provider
takes
adequate
measures
to
backup
data.
Furthermore,
the
burden
of
avoiding
data
loss
does
not
fall
solely
on
the
provider’s
shoulders.
If
a
customer
encrypts
his
or
her
data
before
uploading
it
to
the
cloud,
but
loses
the
encrypBon
key,
the
data
will
be
lost
as
well.
22. 22
(3)
Top
Threat:
Account
Hijacking
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
CSA
REFERENCE
Domain
2:
Governance
and
Enterprise
Risk
Management
Domain
5:
InformaBon
Management
and
Data
Security
Domain
7:
TradiBonal
Security,
Business
ConBnuity,
and
Disaster
Recovery
Domain
9:
Incident
Response
Domain
11:
EncrypBon
and
Key
Management
Domain
12:
IdenBty,
EnBtlement,
and
Access
Management
RISK
ANALYSIS
CIANA:
AuthenBcity,
Integrity,
ConfidenBality,
Non-‐repudiaBon,
Availability
STRIDE:
Tampering
with
Data,
RepudiaBon,
InformaBon
Disclosure,
ElevaBon
of
Privilege,
Spoofing
IdenBty
Account
or
service
hijacking
is
not
new.
Akack
methods
such
as
phishing,
fraud,
and
exploitaBon
of
so•ware
vulnerabiliBes
sBll
achieve
results.
CredenBals
and
passwords
are
o•en
reused,
which
amplifies
the
impact
of
such
akacks.
Cloud
soluBons
add
a
new
threat
to
the
landscape.
If
an
akacker
gains
access
to
your
credenBals,
they
can
eavesdrop
on
your
acBviBes
and
transacBons,
manipulate
data,
return
falsified
informaBon,
and
redirect
your
clients
to
illegiBmate
sites.
Your
account
or
service
instances
may
become
a
new
base
for
the
akacker.
From
here,
they
may
leverage
the
power
of
your
reputaBon
to
launch
subsequent
akacks.
In
April
2010,
Amazon
experienced
a
Cross-‐Site
ScripBng
(XSS)
bug
that
allowed
akackers
to
hijack
credenBals
from
the
site.
In
2009,
numerous
Amazon
systems
were
hijacked
to
run
Zeus
botnet
nodes.
23. 23
CSA
REFERENCE
Domain
5:
InformaBon
Management
and
Data
Security
Domain
6:
Interoperability
and
Portability
Domain
9:
Incident
Response
Domain
10:
ApplicaBon
Security
Domain
11:
EncrypBon
and
Key
Management
Domain
12:
IdenBty,
EnBtlement,
and
Access
Management
Cloud
compuBng
providers
expose
a
set
of
so•ware
interfaces
or
APIs
that
customers
use
to
manage
and
interact
with
cloud
services.
Provisioning,
management,
orchestraBon,
and
monitoring
are
all
performed
using
these
interfaces.
The
security
and
availability
of
general
cloud
services
is
dependent
upon
the
security
of
these
basic
APIs.
From
authenBcaBon
and
access
control
to
encrypBon
and
acBvity
monitoring,
these
interfaces
must
be
designed
to
protect
against
both
accidental
and
malicious
akempts
to
circumvent
policy.
Furthermore,
organizaBons
and
third
parBes
o•en
build
upon
these
interfaces
to
offer
value-‐added
services
to
their
customers.
This
introduces
the
complexity
of
the
new
layered
API;
it
also
increases
risk,
as
organizaBons
may
be
required
to
relinquish
their
credenBals
to
third-‐parBes
in
order
to
enable
their
agency.
RISK
ANALYSIS
CIANA:
AuthenBcity,
Integrity,
ConfidenBality
STRIDE:
Tampering
with
Data,
RepudiaBon,
InformaBon
Disclosure,
ElevaBon
of
Privilege
(4)
Top
Threat:
Insecure
APIs
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
24. 24
(5)
Top
Threat:
Denial
of
Service
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
CSA
REFERENCE
Domain
8:
Data
Center
OperaBons
Domain
9:
Incident
Response
Domain
10:
ApplicaBon
Security
Domain
13:
VirtualizaBon
Domain
14:
Security
as
a
Service
RISK
ANALYSIS
CIANA:
Availability
STRIDE:
Denial
of
Service
Simply
put,
denial-‐of-‐service
akacks
are
akacks
meant
to
prevent
users
of
a
cloud
service
from
being
able
to
access
their
data
or
their
applicaBons.
By
forcing
the
vicBm
cloud
service
to
consume
inordinate
amounts
of
finite
system
resources
such
as
processor
power,
memory,
disk
space
or
network
bandwidth,
the
akacker
(or
akackers,
as
is
the
case
in
distributed
denial-‐of-‐service
(DDoS)
akacks)
causes
an
intolerable
system
slowdown
and
leaves
all
of
the
legiBmate
service
users
confused
and
angry
as
to
why
the
service
isn’t
responding.
While
DDoS
akacks
tend
to
generate
a
lot
of
fear
and
media
akenBon
(especially
when
the
perpetrators
are
acBng
out
of
a
sense
of
poliBcal
“hacBvism”),
they
are
by
no
means
the
only
form
of
DoS
akack.
Asymmetric
applicaBon-‐level
DoS
akacks
take
advantage
of
vulnerabiliBes
in
web
servers,
databases,
or
other
cloud
resources,
allowing
a
malicious
individual
to
take
out
an
applicaBon
using
a
single
extremely
small
akack
payload
–
in
some
cases
less
than
100
bytes
long.
25. 25
CSA
REFERENCE
Domain
2:
Governance
and
Enterprise
Risk
Management
Domain
5:
InformaBon
Management
and
Data
Security
Domain
11:
EncrypBon
and
Key
Management
Domain
12:
IdenBty,
EnBtlement
and
Access
Management
(6)
Top
Threat:
Malicious
Insiders
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
RISK
ANALYSIS
STRIDE:
Spoofing,
Tampering,
InformaBon
Disclosure
The
risk
of
malicious
insiders
has
been
debated
in
the
security
industry.
While
the
level
of
threat
is
le•
to
debate,
the
fact
that
the
insider
threat
is
a
real
adversary
is
not.
CERN
defines
an
insider
threat
as
such*:
“A
malicious
insider
threat
to
an
organizaBon
is
a
current
or
former
employee,
contractor,
or
other
business
partner
who
has
or
had
authorized
access
to
an
organizaBon's
network,
system,
or
data
and
intenBonally
exceeded
or
misused
that
access
in
a
manner
that
negaBvely
affected
the
confidenBality,
integrity,
or
availability
of
the
organizaBon's
informaBon
or
informaBon
systems.”
*
-‐
hkp://www.cloudtweaks.com/2012/10/insider-‐threats-‐to-‐
cloud-‐compuBng/
26. 26
(7)
Top
Threat:
Abuse
of
Cloud
Services
SERVICE
MODEL
IaaS
PaaS
RISK
MATRIX
N/A
RISK
ANALYSIS
CIANA:
N/A
STRIDE:
N/A
CSA
REFERENCE
Domain
2:
Governance
and
Enterprise
Risk
Management
Domain
9:
Incident
Response
One
of
cloud
compuBng’s
greatest
benefits
is
that
it
allows
even
small
organizaBons
access
to
vast
amounts
of
compuBng
power.
It
would
be
difficult
for
most
organizaBons
to
purchase
and
maintain
tens
of
thousands
of
servers,
but
renBng
Bme
on
tens
of
thousands
of
servers
from
a
cloud
compuBng
provider
is
much
more
affordable.
However,
not
everyone
wants
to
use
this
power
for
good.
It
might
take
an
akacker
years
to
crack
an
encrypBon
key
using
his
own
limited
hardware,
but
using
an
array
of
cloud
servers,
he
might
be
able
to
crack
it
in
minutes.
Alternately,
he
might
use
that
array
of
cloud
servers
to
stage
a
DDoS
akack,
serve
malware
or
distribute
pirated
so•ware.
27. 27
CSA
REFERENCE
Domain
2:
Governance
and
Enterprise
Risk
Management
Domain
3:
Legal
and
Electronic
Discovery
Domain
8:
Data
Center
OperaBons
Domain
9:
Incident
Response,
NoBficaBon
and
RemediaBon
(8)
Top
Threat:
Insufficient
Due
Diligence
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
RISK
ANALYSIS
STRIDE:
All
Cloud
compuBng
has
brought
with
it
a
gold
rush
of
sorts,
with
many
organizaBons
rushing
into
the
promise
of
cost
reducBons,
operaBonal
efficiencies
and
improved
security.
While
these
can
be
realisBc
goals
for
organizaBons
that
have
the
resources
to
adopt
cloud
technologies
properly,
too
many
enterprises
jump
into
the
cloud
without
understanding
the
full
scope
of
the
undertaking.
Without
a
complete
understanding
of
the
CSP
environment,
applicaBons
or
services
being
pushed
to
the
cloud,
and
operaBonal
responsibiliBes
such
as
incident
response,
encrypBon,
and
security
monitoring,
organizaBons
are
taking
on
unknown
levels
of
risk
in
ways
they
may
not
even
comprehend,
but
that
are
a
far
departure
from
their
current
risks.
28. 28
CSA
REFERENCE
Domain
1:
Cloud
compuBng
architectural
framework
Domain
5:
InformaBon
management
and
data
security
Domain
11:
EncrypBon
and
key
management
Domain
12:
IdenBty,
enBtlement,
and
access
management
Domain
13:
VirtualizaBon
(9)
Top
Threat:
Shared
Technology
Issues
SERVICE
MODEL
IaaS
PaaS
SaaS
RISK
MATRIX
Perceived
Risk
Actual
Risk
RISK
ANALYSIS
STRIDE:
InformaBon
Disclosure,
ElevaBon
of
Privilege
Cloud
service
providers
deliver
their
services
in
a
scalable
way
by
sharing
infrastructure,
plaƒorms,
and
applicaBons.
Whether
it’s
the
underlying
components
that
make
up
this
infrastructure
(e.g.
CPU
caches,
GPUs,
etc.)
that
were
not
designed
to
offer
strong
isolaBon
properBes
for
a
mulB-‐tenant
architecture
(IaaS),
re-‐
deployable
plaƒorms
(PaaS),
or
mulB-‐customer
applicaBons
(SaaS),
the
threat
of
shared
vulnerabiliBes
exists
in
all
delivery
models.
A
defensive
in-‐depth
strategy
is
recommended
and
should
include
compute,
storage,
network,
applicaBon
and
user
security
enforcement,
and
monitoring,
whether
the
service
model
is
IaaS,
PaaS,
or
SaaS.
The
key
is
that
a
single
vulnerability
or
misconfiguraBon
can
lead
to
a
compromise
across
an
enBre
provider’s
cloud.