I cannot take credit for this one - I heard it last week at a very interesting talk by Adrian Cockroft at the Speed and Scale Meetup last week in Herzeliya.
The analogy was a very simple one, but very much to the point, and I feel that it was a great way on how we should be looking at security in the cloud.
M&M's are the one thing that me kids always ask me to bring back for them when I go to the States, especially the ones without the peanuts.
What is great about M&M's? They have a hard shell, that protects the great soft chocolate inside. The shell is not unbreakable, but hard enough to protect the the great stuff on the inside.
But once the shell is broken, you have nothing but chocolate.
A Snickers bar on the other hand, has a nice soft chocolate on the outside, but inside there are many crunchy nuts, each of them are hard and do not need the chocolate to protect them, because they are hard enough to look after themselves.
OK, enough about chocolate, what the heck does this have with cloud and security?
Traditionally, we are used to having a perimeter devices that protect everything behind them, and within the perimeter we are good to go, there is an elevated level of trust, just like the hard shell of an M&M and the soft chocolate inside.
I do not think this will suffice in a cloud environment. I don’t think you should either. Each of the above methodologies have their advantages but they have disadvantages as well.
In the cloud, you do have the option using a perimeter devices, creating VPC's with most of the providers today.
I think that we should treat our cloud environment like a Snickers bar. The outside is always soft, vulnerable, untrustworthy. You will not know what instances/vm’s are running on the same host as you are. Do they have access to the network subnet you are using? So what protects us? Only ourselves, the hard nuts.
Each and every cloud instance should assume that the environment it lives in is hostile. It will be constantly under attack from the dark side of the force.
That is why it should be locked down and its own security as tight as possible. This can be done in a number of ways which could include:
- Minimal operating system with no bloated software or unnecessary packages
- Minimal privileges to users running applications, everything should be access controllers sudo for example, SELinux also
- iptables on the instance – allowing only certain services to be open to external traffic
- SSH Key authentication to the instances – no passwords
- Security group access – defining what traffic will be allowed within your cloud – between the instances.
I am always looking for simple ways to explain sometimes complex terminology or concepts to people – and I found this one to be highly useful.