Last updated: 16 May 2016
What is the allure of the cloud?
Sure, there’s the cost savings and flexibility when trying out new ideas and proofs of concept; not having to commit to acquiring all the necessary infrastructure and the associated CapEx costs. There’s even an entire market segment out there, devoted to helping you maximize cloud spending and efficiency. It isn’t all about cost though. The true value of the cloud, I find, is in the ability to program infrastructure. This idea of programmable infrastructure is an important piece behind what we call Digital Infrastructure and I find it makes solving several traditionally challenging security issues a breeze to squash in the cloud.
First off, don’t think of cloud infrastructure as virtualized copies of physical servers, applications, databases or workloads. In the cloud, everything is disposable. I like to think of server instances in the cloud as files. With simple scripts, files can be duplicated, created, moved, copied, backed up or deleted. So now, so can servers. It goes far beyond infrastructure also – with AWS Lambda, it is possible to stitch together workflows between other AWS services without using servers. Once most people become aware of the available functionality and APIs, the possibilities begin to open up.
So what? How does this help security? Some security examples I’ll share won’t work for all businesses or all server types, but where they work, the security and IT benefits are significant. At the core of each example are cloud’s most powerful benefits – automation and orchestration.
- Policy – We can now apply and enforce policy at levels that weren’t possible before from a single source (be it scripts or commercial product). A single policy can implement whole disk encryption, provision appropriate users, apply firewall rules at the host level (a trend often referred to as ‘microsegmentation’) simultaneously.
- Consistency – Traditionally, a server would be built by an individual. Most companies didn’t have strict build guidelines or hardening rules, so servers built by Kevin would be distinctly different from servers built by Beth. They would carry Beth or Kevin’s signature. The problem here is that managing patches and vulnerabilities gets difficult when you have lots of fingerprints. The ability to create servers from pre-built, pre-hardened and constantly updated templates solves much of this problem.
- Immutable and disposable infrastructure – This next example is popular in DevOps shops. The concept of immutable infrastructure is that you don’t ever change a server in production. If a server requires a configuration change or application change, we build a replacement that comes from a recently updated master template. The changes are applied and the new server is promoted to production. The old server is destroyed, as it is designed to be disposable. Most, if not all pre-production release testing is automated, so the whole process could take only minutes. Once we consider that we only need to make changes in production, we realize we have an opportunity to reduce attack surface, so we shut down admin access before promoting each server to production. In some cases, companies have even been known to additionally mount filesystems as read-only to further frustrate attack/hacking attempts.
- Visibility – In the world of virtualized infrastructure, we never have to run discovery scans to obtain a list of assets. The underlying management plane does that for us. We simply ask it for a list of servers or other configuration information and it responds.
Risks in the Cloud
As you might imagine, the cloud introduces new risks. They’re far from insurmountable though, so it is most important to be aware of them and address them early on.
- Ensure you protect your cloud management consoles closely. The concept of a single pane of glass to manage a datacenter didn’t exist in the old world, and if one user in your environment can do something drastically damaging like deleting all objects in your cloud, the results can be catastrophic.
- Criminals have been known to steal credentials and ransom access to cloud consoles, so always use 2-factor authentication.
- Employees have been known to make catastrophic mistakes, so use role-based access controls in designing your infrastructure so that no single account can run your cloud.
- Also set up thresholds and alerts to keep scripts, criminals or employees from running your cloud infrastructure bill through the roof.