Part 1: Privileged Identity Management in the Hybrid Cloud–What’s Changed?
It’s become axiomatic to assert that hybrid-cloud computing is growing rapidly. But consider a few data points nonetheless:
- Total global spending on public-cloud services will reach $100 billion by 2016, up from $40 billion just last year according to market researcher IDC.
- One-third of virtualized workloads consist of mission critical applications, according to Morgan Stanley surveys.
- IDC projects at least 80 percent of the growth in the IT industry will come from cloud services by the end of the decade.
- In the United States, the federal government has mandated a “cloud first” policy for new IT initiatives. Commercial entities are following suit.
The burgeoning popularity of the hybrid cloud—the combination of workloads deployed across traditional data center infrastructure, virtualized servers, and public/private clouds—is a consequence of multiple compelling benefits.
Most pointedly, hybrid-cloud deployments offer lower costs due to reduced capital expenditures—often dramatically so—and more economical operations.
Strategically, the hybrid cloud offers organizations improved flexibility. Workloads can be deployed, moved, and grown instantaneously in response to changing conditions.
Innovation is fostered because the cost of experimentation is so low. Organizations can prototype and evaluate concepts cheaply. That’s unlike the past, when even simple programs might require massive infrastructure costs to evaluate—or be completely impossible at any level of investment.
But, for all its benefits, the hybrid cloud brings significant implications for privileged identity management. These factors challenge the ability of organizations to effectively manage risks and demonstrate compliance.
We see changes across four broad areas:
- An extended management plane, which is both more complex, and which exists outside the borders of traditional perimeter defenses and controls.
- Increased reliance on shared responsibility security models.
- New management consoles and technology to master.
- Unprecedented challenges in enforcing security controls in increasingly complex, large scale, and dynamic environments.
Extended Management Plane
In the past, an organization’s IT management plane—if not simple—was at least self-contained. All the consoles and interfaces used to manage IT infrastructure were located within a constrained environment. Physical and virtual access could be controlled—through firewalls, intrusion prevention and detection systems, virtual private networks, and other security controls.
Growing reliance on virtualization increases the complexity of privileged identity management and the management plane by introducing new management tools. But virtual infrastructure still exists within an established perimeter that can be defended. For organizations with immature approaches to privileged identity management, limiting physical access to devices and consoles provides limited protection.
However, cloud computing breaks that model by eliminating the perimeter—moving systems into an abstract environment, operating within physical data centers whose precise location may not even be known. There is no perimeter; so perimeter-based protection strategies don’t just fail, they become almost irrelevant.
Yet another challenge is determining how to extend existing control structures to the cloud. Established security best practices, compliance and regulatory requirements, and audit mandates have led organizations to develop comprehensive policies, processes, and enabling technology to control their privileged users.
Successfully moving those controls to the cloud first requires organizations be able to integrate with identity and access management capabilities in these new environments. But with so many different environments—each with their own unique approaches to authentication, access control, policy enforcement, and monitoring—an equal or greater challenge is architectural. Effective PIM requires a consistent set of policies be defined, implemented, and enforced across all the different platforms that comprise the hybrid cloud.
Lastly, privileged identity management technology deployments become more complex. As already suggested, the initial hurdle is identifying PIM technologies providing broad platform support for resources across the hybrid cloud—servers, databases, networking devices, virtual and cloud management consoles, and more. But equally important is flexibility in deployment. One of the principal benefits of the hybrid cloud is the suppleness and responsiveness the environment offers. PIM technologies must be capable of delivering the very same attributes. Otherwise, they become a constraint on the ability of the organization to fully leverage the hybrid cloud infrastructure, and leave critical assets unprotected.
Shared Responsibility Security Models
At some level, shared responsibility for security has always existed. IT teams proffer at least an implicit level of trust (sometimes sadly unwarranted) that the hardware and software technologies vendors provide are safe and secure. Where operational requirements dictate more demonstrable levels of trust, they can be achieved through implementation of high assurance technologies (e.g., encryption, smart cards and other multi-factor authentication), and through testing and certification programs such as FIPS 140.
In virtualized environments, the status quo of implicit trust remains largely intact.
But with the cloud, that’s not the case. As noted, systems execute in an abstract environment, located in physical data centers whose precise location may be unknown or obscured. Gaining access to those data centers to evaluate their integrity would invalidate the very controls established to ensure they deliver the security and integrity necessary for multiple other customers.
To overcome the inherent issues introduced in such an environment, cloud vendors—such as Amazon Web Services—have established shared security responsibility models. The models are meant to clearly delineate responsibilities for specific aspects of security.
In doing so, these shared models offer a number of advantages and benefits.
By making these implicit assumptions explicit, end-users are in a much better position to evaluate the risks they’re undertaking within a given technology infrastructure.
And, faced with the requirement to satisfy customer security concerns, cloud vendors are incented to both make real investments in improving the security of their portion of the technology stack, and to provide attestation of that integrity via third-party examination and validation. Technology platforms become demonstrably more secure, and customers gain greater insight into risks.
New Management Consoles
Both Amazon Web Services and VMware, like IT technologies before them, introduce new management consoles. As always, new technologies introduce new security challenges.
The first is relatively conventional and expected—more management consoles and APIs introduce more surfaces to be attacked. Organizations must ensure new technologies are protected—authorized users are identified and authenticated, access and authority rights and constraints are established and enforced, and the environment is appropriately monitored. While these tasks are potentially much more difficult to carry off (given the elimination of the perimeter that had served as the basis for much protection), the overall job is much the same as it’s always been. It’s just bigger.
Other risks were harder to predict.
The nature of virtualization and cloud computing—the ability to create (and destroy) resources with the stroke of a key—introduce fundamentally new security challenges.
These new consoles—offering the capability to manipulate not just target systems, but infrastructure as well—deliver ultimate control over the environment to privileged users. It’s fair to say the power they deliver—and the risk they entail—is unprecedented in IT. They’re the ultimate in superuser accounts, and merit special attention and care.
In addition, hybrid cloud computing bypasses a number of traditional IT control points. Physical hardware doesn’t, as much as we might wish, just show up. Purchases must be budgeted, procurements authorized, boxes shipped and received, testing performed, rack space and power/cooling allocations secured, devices installed, configurations checked—and on, and on, and on.
In both virtualization and cloud computing, those processes (much like traditional perimeter defenses) are sidestepped. Without new processes and controls, privileged users can create, move, and delete resources at will. That introduces a number of operational risks to the environment.
Importantly, that flexibility also introduces financial risks since deploying resources (particularly in the cloud) incurs costs. In organizations where expenditures are subject to tight controls, such as the government, that flexibility can result in unauthorized and unapproved financial commitments. An IT management console can become a de facto procurement system.
Complexity and Dynamism
Famously, we’re taught those who “live by the sword shall perish by the sword.”
It’s a bit like that in the hybrid cloud.
Start by thinking about the benefits the hybrid cloud delivers—flexibility, rapid deployment, massive scale at a moment’s notice, and much more. Now think about the implications of that environment on traditional privileged identity management technology—which is more often manual in nature, slow to implement, and potentially difficult to deploy and scale. It is critical that privileged identity management solutions not just keep pace with the environment, but rather outpace the rate of change to maintain protection. Falling behind a rapidly evolving environment is a recipe for failure on a stellar scale.
It’s clear that the hybrid cloud changes privileged identity management requirements and deployments. Protecting an expanded management plane; understanding and leveraging shared security responsibility models; understanding and protecting new technologies; and scaling up to maintain control over new, highly elastic, cloud environments. They’re all difficult challenges. In our next post, we’ll look at what’s necessary to successfully assert control in these new environments.
View the previous post.