WindowSecurity.com Newsletter of January 2011 Sponsored by: Collective Software
Welcome to the WindowsSecurity.com newsletter by George Chetcuti, BSc in Computing & IS (Honors), CISA, MCP, HP Certified. Each month we will bring you interesting and helpful information on the world of Security. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: email@example.com
1. Cloud Opportunities and Risks
Welcome to the first edition of the monthly WindowSecurity.com newsletter, by George Chetcuti, CISA. I have been in the IT Industry for more than 23 years now and have dealt with HP high-end Unix setups, MS Windows clusters and cloud computing, specifically with Amazon's EC2. For the last years I have been working in the GRC (Governance, Risk and Compliance) area and will be sharing with you some experience and interesting concepts on a monthly basis. I am more than happy to accept your suggestions regarding the content and layout of future newsletters, please send an email to: firstname.lastname@example.org.
Cloud service disruption
A lot of talk has been done about cloud computing and the most cited topics remain security and compliancy in the cloud, and rightly so! However, having experienced a bit of hands-on with Public cloud environments I would like to put security aside for a moment and deal with an equally important risk that is service disruption. I have to admit that service disruption is less frequent but when it happens, it has some worrying consequences. Disruption of services is not just a lost connection but includes cases when virtual servers in an Infrastructure as a Service (IaaS) setup disappear and cannot be recovered. Some may argue that the cloud concept provides the automated scaling up or down of services where new instances can be instantiated from set templates or images on the fly and hence, can overcome the problem of unexpected shutdown of virtual servers.
Last year Terremark experienced connectivity disruptions which caused some severe downtime to its customers. Salesforce had a complete shutdown with the failover mechanism not kicking in while stories of disappearing instances (Virtual Machines) have been reported elsewhere more than once, with the latest official incident from Heroku.
It is quite unfair to highlight major cloud failures with regards to downtime caused by power and hardware problems as internal data centers of organizations are no less vulnerable to the same risks. On the other hand, having instances or services completely disappearing and not knowing where they ended up is something that hardly happens in an organization's internal data center. Imagine an IT system administrator trying to explain that some server, application or service has just disappeared! However, this has actually happened in the cloud!
Apart from the revenue loss due to the unavailability of services, the following are a few significant challenges that you have to face with Virtual machines or instances in IaaS setups: lost instances, unrecoverable instances, recovery time, integrity of instances/services after the disruption and possibility of data leakage or data loss during the disruption as monitoring services stop collecting events and information.
On the bright side, I would limit the risks of cloud computing and take advantage of the infrastructure using it as an extension to the internal IT setup. I would explore the possibility of using the cloud as archive storage, a temporary computational base for demanding applications, or as a disaster recovery site.
The cloud as archive storage
Rather than using internal resources to archive data, I would go for a remote storage solution. Costs for remote storage have become extremely cheap and storage capacity is in abundance. Freeing up local resources would make space for other relevant data and services, which being logically closer to end users would give an application better response times. In addition, the task of archiving data can be set to off-peak hours without affecting business productivity. From the security perspective, the most important attribute is the encryption of data residing at the remote party. Such a process does not involve complex technology and can be easily achieved at reasonable costs.
The cloud as a disaster recovery site
Recovery sites are sometimes dealt with lightly because their initial expense is not justified by top management or because having idle resources sitting there is not a feasible option for some businesses. However, with cloud computing building a disaster recovery site is much cheaper. I am not referring to a complete business recovery site but a concept of recovering services on individual basis, which when all unique services are combined together can give an organization an adequate recovery means. For example, an organization offering web services and hosting its web sites with a traditional hosting provider can easily implement a backup site in the cloud. Going for an instance (backup web site) with a cloud provider would save the organization both initial and operating costs. There is no need to lease new hardware and one would not incur bandwidth costs as the backup web site in/out traffic is just limited to data sync/backup and admin traffic only. This also applies to other services such as: backend applications, database applications and custom built web applications. The security issues remain, but if one of the backup instances had to disappear it does not disrupt the organization services.
The cloud as a temporary computational base
Having a cloud based backup service has additional benefits apart from serving as a disaster recovery spot. An idle backup instance can be used to test specific scenarios or run tasks that would normally have an impact on the production machines. For example, a backup instance with synced data could easily be used to perform resource intensive tasks such as data mining. It is important that any task performed on such instances would not affect data integrity, security controls and data sync processes of the backup instance. Therefore one purpose should not nullify the other as there is the possibility that some tests may change the recovery state of these instances. As regards to idle assets, I would like to point out that backup instances residing in the cloud can be turned off when not in use hence, saving the organization lots of money.
Finally, if you are apprehensive to start with cloud computing because of service disruptions and disappearing instances, a good first step would be to start with less critical projects such as using the cloud as an archive storage or as a disaster recovery service.
Should you have any ideas for content in future editions of the WindowSecurity.com newsletter or would like to ask questions, you're more than welcome to e-mail me at email@example.com .
See you next month! - George
2. WindowSecurity Articles of Interest
3. Tip of the Month
WHOAMI - Security command-line tool for Windows Server 2008, Windows Vista and Windows 7.
This command-line tool displays user, group, and privileges information for the user who is currently logged on to the local computer. If used without parameters, whoami displays the current domain and user name. While sitting at an end user workstation and you are troubleshooting a permissions issue in a domain environment, you might need a quick and easy means of verifying the end user privileges. The whoami command with the /all option will reveal all this info!
The /all command option allows you to display all information in the current access token, including the current user name, security identifiers (SID), privileges, and groups that the current user belongs to. For more information about whoami visit Microsoft's TechNet online library.
4. Latest Security Exploits and Concerns
5. Ask George a Question
With the current talk about security in the cloud and reports of instances that disappear and connectivity issues, how can I think of moving my instances to the cloud?
Thanks! - Sean
Yes, I can understand the uncertainty people may have before venturing into cloud computing but I recall the same insecurity we went through with the introduction of virtualization. Can you recall how many sys admins were reluctant to trust their email or backend application services running on VMs rather than on bare metal?
My recommendation is always to invest your money and assets with more than one provider while using the cloud as a backup service gives you the added benefit of testing a provider without risking business services. It is highly unlikely that both production servers and the cloud based backup go faulty at the same time. Never place your eggs in one bag!