Sometimes the best answer to a problem is to hit the reset button, but it should probably be the last answer, not the first.

My cohort Pete Silva attended the 2009 Cloud Computing and Virtualization Conference & Expo and offered up a summary of one of the sessions he enjoyed (‘Cloud Security - It's Nothing New; It Changes Everything!’ (pdf)) in a recent post, “Virtualization is Real

blockquote One of the sessions I enjoyed was ‘Cloud Security - It's Nothing New; It Changes Everything!’ (pdf) from Glenn Brunette, a Distinguished Engineer and Chief Security Architect at Sun Microsystems

Scale – Today Security administrators deal with 10’s, 100’s, even 1000’s of servers but what happens when potentially tens of thousands of VM’s get spun up and they are not the same as they were an hour ago. Security assessments like Tripwire, while work, inject load and what if those servers are only up for 30 minutes?  How can you be sure what was up and offering content was secure?  One idea he offered was to have servers only live for 30 minutes then drop it and replace.  If someone did compromise the unit, they’d only have a few moments to do anything and then it’s wiped. You can keep the logs but just replace the instance.  Or, use an Open Source equivalent every other time you load, so crooks can’t get a good feel for baseline system.

The “scale” we’re talking about is a combination of scaling processes and systems. We don’t often talk about the impact of large-scale environments on processes but security processes are almost always the hardest hit as an environment grows because of the sheer volume of data and systems involved. That said, Glenn’s idea to only allow servers to “live” for 30 minutes is an interesting one, and I am going back and forth between “that’s a good idea’ and “that’s a bad idea” and “there’s got to be a better way.”