cloud_computing_case_study

advertisement
ISACA Case Study – Risk Ranking Cloud Computing Usages
Case Study Background Information
Cloud
Application
Google Apps
Email (Free)
Deployment
Model
Public
Salesforce.com Public
CRM
Amazon Web
Services EC2
1
Service
Model
PaaS
SaaS
Private(VPC) IaaS
Owner
Business Usage
Data Classification
Dependencies
Business Unit
– Alumni
Relations
Business Unit
– Corporate
Travel
Marketing to
Alumni
Unclassified
(Informational e-mail)
0
Recovery Time
Objective
31 days
Production
Customer
Relationship
Management
Development and
Testing
Restricted (Tax IDs,
Banking Details, Fees
and Rates)
7
4 hours
Restricted (Copies of
Production
Authorization
Requests)
0
None
Development
Team – Card
Authorizations
ISACA Case Study – Risk Ranking Cloud Computing Usages
Solution - Risk Model Scoring
Cloud
Application
Google Apps
Email (Free)
Salesforce.com
CRM
Amazon Web
Services EC2
2
Deployment Service
Model
Model
5
3
Data
Classification
1
Dependencies
1
Recovery Time
Objective
1
Total Risk
Score
11
5
1
3
3
5
18
1
5
3
1
1
11
ISACA Case Study – Risk Ranking Cloud Computing Usages
Google Apps Free Comments:




3
Information alumni e-mail seems to be an appropriate use of public cloud computing, but keep in mind there are no service level or
security guarantees
Very easy to get e-mail services, web sites, calendaring, and chat services going. Requires only DNS registration
Not many configurable options –limited to adding users, creating/managing groups, and granting access
Upgrade to paid version needed for security features and service level expectations of a business - it’s probably fine for a small business
owner
ISACA Case Study – Risk Ranking Cloud Computing Usages
Salesforce.com CRM Comments:







4
Application security settings require configuration (refer SFDC Best Practices document for more information), including:
o Password complexity
o Password expiration
o Password length
o Password history
o Failed login attempts
o Lockout period for failed password attempts
o Inactivity Logoffs
o Single Sign On
o Mandatory HTTPS
o IP address range restrictions – can be used to force access from corporate network through VPN
o Security certificates
o Security Hardware Tokens
Fairly easy to understand and configure, but will probably require some changes to defaults to comply with enterprise standards
More complex settings, like IP address restrictions and Single Sign On, definitely require involvement of your enterprise’s infrastructure
SMEs
Securing PII can be challenging – encrypted fields are available, but introduces use of digital certifications and complexity
No apparent method to attach encrypted files to records or to encrypt the entire instance
Must ensure effective use of user profiles for:
o Limited Administrative Access
o Segregation of Duties
o Change Management (customization of screens, reports and, access)
Seems to be marketed as a Lotus Notes replacement (complete with migration tools) – be alert for legacy Notes Databases being
reinvented as Salesforce.com instances
ISACA Case Study – Risk Ranking Cloud Computing Usages
Amazon Web Services EC2 Comments:









5
Overall – this can be fairly complex to deploy in a secure and highly available manner and probably requires security and infrastructure
architects, much like an internal infrastructure deployment
Marketed to development teams – “no worries about infrastructure” – this could be a very efficient and appropriate use of cloud
computing
Secure use of EC2 requires the following to be configured (How many application developers have you ever known to be concerned
about these?):
o Network segments
o Virtual Private Cloud (VPC)
o Virtual Private Network (VPN) to Amazon
Encrypted file system must be deployed for storage if privacy is required by your organization
Must avoid “shared” Amazon Machine Images (AMIs) - there are no security guarantees and they run a high risk of malicious and/or
insecure configuration
Must import VMWare image to ensure use of corporate image approved by your security organization – however it is only available for
Windows 2008 server
Must have process for patching virtual servers or images or a process for rapid and effective redeployment of new server images (and
associated applications)
o Replacing images, instead of patching, may be a big paradigm shift for many organizations
Must deploy to multiple geographic regions to avoid single points of geographic failure at Amazon
Must have diverse network connectivity at your organization to avoid single points of failure at your organization
Download