The Department of Defense chief information officer has outlined a plan to modernize DOD information technology environments through a 10-point network modernization initiative. Two of the initiative’s points that are symbiotically related are “deliver DOD enterprise cloud” and “strengthen cybersecurity.” These are lofty goals, and, although public cloud providers have gone to great lengths to provide solutions to these problems, it is simply not possible for all data to reside in the public cloud.
How can the government build an enterprise-class private cloud while strengthening its security posture? By focusing on infrastructure and governance.
Look below the VM layer
In multi-tenant environments, it is increasingly important to protect the underlying infrastructure. Recent vulnerabilities, such as VENOM, demonstrate that it is not impossible to run commands on a host from a guest virtual machine, or VM. Every hypervisor has been bitten by a vulnerability that exposed elevated privileges at some point. Having a myriad of tenants, each running their own operating system and application variants, increases the likelihood of an attack against the underlying infrastructure.
There are tried-and-true approaches to help maintain the security of the host when it is faced with the threat of escalated privileges and the potential for remote code execution. These include limiting the number of accounts that can authenticate; deploying a host-based firewall that limits traffic; practicing remote logging for event correlation; and ensuring that other configuration items are in line with established standards.
However, in today’s IT landscape, vulnerabilities are discovered through the exploitation of poor code and malformed inputs. Additional security controls, such as enforcing access to files using a mandatory access control system like SELinux sVirt, prevent hijacked processes, like VMs, from accessing files and other parts of the host that they should not have access to.
Additionally, the federal government can bolster security by increasing cloud governance. Governance ensures that federal IT’s use of its cloud infrastructure and associated resources are maintained and used in an acceptable manner. Tenants in the cloud should be subject to the governance policies that do not hinder their use of cloud resources.
Governance has traditionally consisted of a board of interested parties that determines policy for every aspect of the IT environment, including approved operating systems, network protocols, coding standards and security practices. In this scenario, policy enforcement was derived from periodic reviews or scans of a network and associated devices. As the number of devices in the data center increased, ensuring compliance with established policies became more difficult and automated ways of enforcing governance began to be researched.
For cloud governance to be effective, it must be automated. Typically, any automated action consists of an action, a condition being met and a follow-on action. For example: “If a VM has been told to power on (event) and will attach to the production network but is not fully patched (condition), turn it off (action).”
Automated policy enforcement is not limited to VMs — it can apply to hosts as well. Here’s another example: “If the host scan is complete and the SSH configuration allow for root access, put the host into maintenance mode.” These types of policies created and put into action by the cloud manager or owner can help ensure that the integrity and operational efficiency of the cloud is maintained by enforcing governance policy.
Governance tools support the creation of such policies and are used in real-life situations, such as protecting against recent vulnerabilities like Shellshock and Heartbleed. In both instances, an effective governance tool could detect which VMs had the bad software installed and either notify the application owner that the vulnerability existed or take an automated action to remediate the situation. This type of automation helps ensure that clouds that are secure when they are deployed, stay secure.
Follow two principles
Automated governance should join the same thought hierarchy as compliance and data security when it comes to building a secure cloud environment. That is just one principle to follow. The other principle is to ensure that the cloud has a strong foundation that implements security below the VM layer.
Following these principles results in a more secure infrastructure that can be proactive and respond accordingly to threats — and move federal IT closer to the vision outlined in the network modernization initiative.
Ted Brunell is a senior solution architect at Red Hat.