March 4, 2013 | Written by: Sreekanth Iyer
Share this post:
I reached the airport two hours before time to catch my flight to Delhi. I was on my way to present on cloud security at the 2013 Open Group conference in New Delhi. Since I had some spare time, I opened up the laptop to look through my talking points. While I was sitting at the airport, it was interesting to notice the similarity between how airport security works and how we secure the cloud.
Airport security has changed since the 9/11 attacks, and there are several high-tech solutions being used today to make the air space as safe as possible. The threats that we see in cyberspace have also changed in the last few years. Early in 2011, IBM X-Force declared it the year of the security breach. Enterprises both large and small were targeted. In 2012, the trend continued, and enterprises today are asking the hard questions about how to secure an enterprise that is interconnected by means of cloud, mobile and outsourcing technologies.
From a security solution approach perspective, securing the cloud is no different from securing an airport. The first line of defense is obviously the fences, barriers and walls. In fact, in Bangalore International Airport the many police barricades and humps make it difficult for anyone to get near airport property quickly. And sensitive areas, like fuel depots or the terminals and baggage-handling facilities, are even more secure, with more guards, security checkpoints or surveillance cameras. Along the same lines, in the IT world we follow the defense-in-depth security model. We keep our critical information infrastructure protected well behind the firewalls and demilitarized zones.
Security patrols regularly scan the perimeter in case someone tries to cut through the fence at the airport. This is very similar to the intrusion prevention systems (IPS) keeping track of the traffic coming into your network.
The next important security measure is about confirming the identity of travelers. This is done by checking a photo ID, such as a driver’s license, or a passport if you are traveling internationally. Once you are authenticated, you get access to specific areas of the airport. For instance, if you are an airline employee or part of airport’s authority you have access to areas where a normal passenger does not have access. Similarly, identity and access management is a critical component when it comes to cloud. You need to authenticate people and based on their role provide them risk-based access to different resources on the cloud.
Bangalore had a smaller airport before the new airport was built some 40 kilometers outside the city. But with the increase in passenger traffic, the new airport is also adding new terminals. So when I was there I could see lot of work going on and temporary arrangements or screens to prevent people from entering into those areas. This is similar to what is required when you have lot of new endpoints (virtual machines [VMs] as well as image templates) to handle in the cloud. The virtualization layer and VMs are susceptible to attack unless they are properly configured for security. Endpoint management, especially patch management, is an important topic that you can’t ignore in virtualization security.
Then before getting to the gates, every person must walk through a metal detector, and all items must go through an X-ray machine. These machines help the security officers detect if there are any suspicious items, not just obviously suspicious items like guns or knives but also anything that could be a component for making improvised explosive device or a bomb. In the cloud security world, we need to have similar tools to analyze the network traffic and protocols as well as tools that can do deep packet inspection. We need to do this analysis for inter-VM traffic as well. So you will need tools like IBM Security Virtual Server Protection for VMware, which allows you to do rootkit detection and prevention, or IBM Security QRadar VFlow, which provides application-layer visibility of all virtual network traffic to act as your metal detectors and X-ray machines.
You might go through more airport checks and may even be inspected by bomb-sniffing dogs before you can board the plane. What I think is probably missing in airport security is the security intelligence that could correlate things happening across the terminals, security gates, check-in counters, baggage screening points and so forth. The role of intelligence in an airport environment, and how it can be leveraged for better service, has long been a subject of debate. But in the case of cloud security, we see definite value in having security intelligence that can correlate events happening across your virtual environment and make your life easy when it comes to generating reports for audits and compliance.
I’m flying to Las Vegas this week to participate in the IBM Pulse 2013 event (March 3–6). I’ll be talking on the topic of “Securing your cloud with IBM SmartCloud Security Solutions” (session 1890) along with Nataraj (Raj) Nagaratnam, IBM Distinguished Engineer, CTO for Security Solutions. We will be discussing and demoing some of the topics that I mentioned in the post in detail: identity and access management, federation and risk-based access, virtualization security and patch management as well as my favorite topic, security intelligence. It is time to catch my flight. I’ll see you at IBM Pulse 2013. Come learn how to do a secure check-in to the cloud.