virt grid I remember back-in-the-day when Virtual meant ‘almost,’ ‘simulated’ or ‘in essence’ as in, ‘I’m virtually there.’  Today, as it has made it’s way into computer terminology, it can mean actual or real things that are done over computers.  Virtualization has been the main enabler of Cloud Computing and has become an important tool for IT.  I recently attended the 2009 Cloud Computing and Virtualization Conference & Expo in Silicon Valley and wanted to share some of my observations.  The show has certainly grown from last year but still a nice small(er) conference with a lot of opportunity for good conversations.  Cloud ‘solutions’ seemed to dominate the talks even though there is still a lot of confusion about the Cloud with a good portion of participants appearing to be in the investigative/learning stage.  Many of the attendees were still just trying to understand the whole ‘cloud’ terminology and I felt like one of the most informed – which means there is still plenty of opportunity to educate folks.  Security was a big topic as you can imagine but this year it seemed like the presentations were focused on solving those fears instead of just listing them as inhibitors.   

One of the sessions I enjoyed was ‘Cloud Security - It's Nothing New; It Changes Everything!’ (pdf) from Glenn Brunette, a Distinguished Engineer and Chief Security Architect at Sun Microsystems.  He first reviewed the hallmarks of information security: CIA, the Guiding Principals, Managing Risk and so forth and indicated that the Cloud doesn’t change any of that – there’s no difference in what drives security or the concepts, it’s the Implementation that is different.  So if the overall Security Services are the same, and if the traits are the same – what’s missing?  According to Glenn, the thing that Cloud Computing Security demands is: CONTEXT

He reviewed some of the challenges facing Cloud Security:

Speed – the agility to quickly configure services.  Security is usually the last part of the architecture but how do you secure services and enforce them when units are getting spun up/down at a rapid pace. It’s an opportunity to re-think.  One thing Sun (and others) are starting to do is bake security best practices right into the image before sending it to the cloud. Why make the customer deal with securing the underlying system when the provider can build the needed security right into the image.  Pre-integration and assembly allows the customer to still deploy quickly but securely.

Scale – Today Security administrators deal with 10’s, 100’s, even 1000’s of servers but what happens when potentially tens of thousands of VM’s get spun up and they are not the same as they were an hour ago. Security assessments like Tripwire, while work, inject load and what if those servers are only up for 30 minutes?  How can you be sure what was up and offering content was secure?  One idea he offered was to have servers only live for 30 minutes then drop it and replace.  If someone did compromise the unit, they’d only have a few moments to do anything and then it’s wiped.  You can keep the logs but just replace the instance.  Or, use an Open Source equivalent every other time you load, so crooks can’t get a good feel for baseline system.

Assessability – anyone with a credit card can now deploy cloud services.  Maybe someone feels IT is too slow in deploying a particular service and decides to do it themselves.  They now have substantial resources available and not a lot of knowledge of current policies.  How can you be sure that the policies are enforced across the board on all deployments.

Transparency – Customer’s need a comfort level to know how the data is kept safe, how keys are managed, how do they constrain a problem in the cloud - essentially understanding the provider’s standards and processes.  There are more IT elements, more change events, more data and less control – that’s the fear.  The cloud makes these challenges more visible.

Consistency & Integrity – knowing the exact configuration of any machine at any time.

Key Management – this is a huge problem with providers. Doing a backup to the cloud (while keeping the keys close) is OK but if you intend to use that data then the keys also need to be stored in the cloud. Being able to do a fast recover can also require keys out there. Additional legal verbiage is what typically covers key management today.

Accountability – Service Level Agreements. SLA are not so strong on the provider end and customers often need to negotiate this area.

Compliance – auditors.

There are changing architectural strategies in the cloud. Tight Integration becomes Dynamic Assembly; Inspections become Telemetry of Objects; Repair & Recover turns to Recognize & Restart; and Log Scraping becomes Analytics. You just need to change some of the old habits. Opportunities exist for standardization but in the meantime, get to a manageable set of things that need to be done and build upon the automation. Glenn closed with his Cloud Security Rules:

  • Embrace Security Systematically
  • Design for High Survivability (fight thru)
  • Compartmentalize failure (nodes going down)
  • Minimize Trust Boundaries (how far does the data go)

Good advice.



Related Resources