You are hereBlogs / Michael's blog / Bots in the Cloud
Bots in the Cloud
With all the recent attention to the Kneber bot net, I am reminded that we must consider how we would detect bot infections in the cloud. Most bot infections are well-hidden from local security tools and like Kneber only reveal themselves via detection of suspicious network activity. Most cloud providers do not allow tenants to monitor the network. How will cloud tenants detect when their cloud based systems are compromised?
I see three security models for solving this problem:
- Cloud Security Management -- the cloud provider assumes responsibility for detection.
- Self-service Security -- the cloud provider provides tenants with network monitoring and detection capabilities.
- Assume the risk.
1. Cloud Security Management
If your provider is charging you for security services and management then you might be in good shape. You’ll need to make sure the terms of service and business contract transfer liability to the provider and that you are adequately protected. In addition, your incident response team must be able to coordinate with the provider’s security team. For example, how will you coordinate resolution when it is detected that 80% of your cloud usage is driving SPAM emails on erectile dysfunction. Unless you sell Viagra® that won’t be a fun call.
2. Self-service Security
Some Cloud Provider’s clearly mean to make security your problem. I suppose the theory is that anti-virus and a host-based firewall are all you need. Ha ha. Good look with son-of-Kneber, because you’ll have no chance of detection. With this solution, you must have access to audit and controls at the virtual network and hypervisor layers. Ideally, you’ll have the option of configuring security and compliance policy that monitor and enforce controls across all of your cloud and private cloud infrastructure. (Hint: call Catbird)
3. Assume the risk
Assuming the risk is the cheapest for the short-term and not so bad for the long-term as long as you do not store any sensitive data in the cloud, or use the cloud to support a critical business process, or have any reputation risk if your company name makes the next cloud security headline. Seriously, using dynamic cloud based web services to serve up content might be ok…but watch out if put anything valuable in the cloud. Cloud Providers are a sweet target for criminal enterprise and we've already seen plenty of headlines, here, here, and here.
Buy a Solution
Finally, know what you are doing. If you’re making a conscious decision on the security model you have chosen, you’re on the right path. I recommend a solution that incorporates some measure of self-service security. Even if you can find a provider who gives you the reports and audit access you need, you can't put all of your trust in the provider. Save budget for your own security operations and management team to deliver oversight and incident response capabilities. This does not mean you have to go 100% self-service for security, but you will need some combination of the first two solutions.
Michael
www.catbird.com
- Michael's blog
- Login or register to post comments
