Operations Management

Monitoring, Capacity, and Maintenance

CSPs need to know how their services for compute, storage, and networking - hardware and software are running.

• Monitoring

  • OS Logging - OS logs events when capacity utilization reaches critical levels,

  • Hardware Monitoring - monitor performance CPU temp, Fan speed, and voltage levels

  • Network Monitoring

    • HW

    • SW

    • Cabling

    • capacity/utilization

  • Temperature

    • 64 - low

    • 81 High

  • Humidity

    • Dew point 42 to 59 at 60% humidy

• Maintenance

  • Data Center operational modes

    • Normal

    • Maintenance

  • General Maintenance Concepts

    • Data Center going into Maintenance Mode -> all operational instances removed

      • Prevent all new login

      • Ensure Logging is used for all devices while administrators are conducting maintenance

  • Updates

    • Document how, when, and why the update was initiated -

    • Move the update through the change management (CM) process -

  • Upgrades

    • Replace older elements with newer ones

  • Patch Management

    • Timing - countdown timer, should apply patches regularly

    • Implementation: Automated or Manual

      • Automated - much faster

      • Manual - Trained and experienced personnel may be more trustworth

  • Automated

  • Manual

• Dates

Change and Configuration Management

• Baselines

• Deviations and Exceptions

• Roles and Processes

  • Change Management

    • Initial process mode

      • Full inventory

      • Codify baseline - build a baseline and get CMB approval

      • Secure baseline - develop what this

      • Deploy new assets

    • Operational Mode

      • CMB Meetings

      • CM Testing

      • Deployment

      • Documentation

  • Configuration Management

• Release Management

  • Works

IT Service Management and Continual Service Improvement

• ITIL

• ISO/IEC 20000-1

• ITSM

Business Continuity and Disaster Recovery (BD/DR)

• Event

• Disaster

• Business Continuity Efforts

• Primary focus

  • Getting people out

  • Getting people out safely

  • designing for protection

• Continuity of Operations

  • Identify critical assets and hold onto those

  • Keep them critical assets operating

• BC/DR Plan

  • List of the items from the Asset Inventory Deemed Critical

  • Circumstances Under Which an Event or Disaster is Declared

  • Who is authorized to make the declaration

• Essential Points of Contact

  • List of contacts for BC/DR Activity

• Detailed Actions, Tasks, and Actions

  • create checklists to manage these

• BC/DR Kit

  • Kit holds all information for necessary operation

• Relocation

• Power

• BC/DR Terminology

  • MAD - maximum allowable downtime

  • RTO - recovery time objective

  • RPO - recovery point objective

  • ALE - Annual loss expectancy

• Testing

  • Tabletop Testing

  • Dry Run

  • Full Test - fully ensures that BC/DR will function during a contingency

Run the Physical Infrastructure for the Cloud Environment

• Configuration of Access Control for Local Access

• Securing Network Configuration

  • VLANs

  • TLS

    • TLS Handshake Protocol

    • TLS Record Protocol

  • IPsec

  • DNSSEC

• OS Harding Via the Application of Baselines

• Availability of Standalone Hosts

• Availability of Clustered Hosts

  • Distributed Resource Scheduling (DRS)

  • Dynamic Optimization (DO)

  • Storage Clusters

  • Maintenance Mode

  • High Availability

Manage the Physical Infrastructure for the Cloud Environment

• Configuring Access Controls for Remote Access

• OS Baseline Compliance Monitoring and Remediation

• Patch Management

• Performance Monitoring

• Hardware Monitoring

• Backup and Restore of Host Configuration

• Implementation of Network Security Controls

  • Firewalls

  • Intrusion Detection Systems (IDS)

    • Host Intrusion Detection Systems (HIDS)

    • Network Intrusion Detection Systems (NIDS)

    • Intrusion Prevention Systems (IPS)

    • Honeypots

  • Vulnerability Assessments

  • Log Capture and Analysis

    • Security Information and Event Management (SIEM)

    • Log Management

  • Management Plan

    • Scheduling

    • Orchestration

    • Maintenance

Build the Logical Infrastructure for the Cloud Environment

• Secure Configuration of Virtual Hardware-Specific Requirements

• Installation of Guest Operating System Virtualization Toolsets

• Considerations for sharing resources:

  • Legal: Simply by sharing the environment in the cloud, you may put your data at risk of seizure. Exposing your data in an environment shared with other companies can give the government “reasonable cause” to seize your assets because another company has violated the law.

  • Compatibility: Storage services provided by one cloud vendor may be incompatible with another vendor’s services should you decide to move from one to the other.

  • Control: If information is encrypted while passing through the cloud, does the customer or cloud vendor control the encryption and decryption keys? Most customers probably want their data encrypted both ways across the Internet using the secure sockets layer (SSL) protocol. They also most likely want their data encrypted while it is at rest in the cloud vendor’s storage pool. Make sure you control the encryption and decryption keys, just as if the data were still resident in the enterprise’s own servers.

  • Log data: As more and more mission-critical processes are moved to the cloud, SaaS suppliers have to provide log data in a real-time, straightforward manner, probably for their administrators as well as their customers’ personnel. Will customers trust the CSP enough to push their mission-critical applications out to the cloud? Because the SaaS provider’s logs are internal and not necessarily accessible externally or by clients or investigators, monitoring is difficult.

  • PCI DSS access: Because access to logs is required for PCI DSS compliance and may be requested by auditors and regulators, security managers need to make sure to negotiate access to the provider’s logs as part of any service agreement.

  • Upgrades and changes: Cloud applications undergo constant feature additions. Users must keep up to date with application improvements to be sure they are protected. The speed at which applications change in the cloud affects both the software development lifecycle and security. A secure software development lifecycle may not be able to provide a security cycle that keeps up with changes that occur so quickly. This means that users must constantly upgrade because an older version may not function or protect the data.

  • Failover technology: Having proper failover technology is a component of securing the cloud that is often overlooked. The company can survive if a non-mission-critical application goes offline, but this may not be true for mission-critical applications. Security needs to move to the data level so that enterprises can be sure their data is protected wherever it goes. Sensitive data is the domain of the enterprise, not of the cloud computing provider. One of the key challenges in cloud computing is data-level security.

  • Compliance: SaaS makes the process of compliance more complicated because it may be difficult for a customer to discern where his data resides on a network controlled by the SaaS provider, or a partner of that provider, which raises all sorts of compliance issues of data privacy, segregation, and security. Many compliance regulations require that data not be intermixed with other data, such as on shared servers or databases. Some countries have strict limits on what data about its citizens can be stored and for how long, and some banking regulators require that customers’ financial data remain in their home country.

  • Regulations: Compliance with government regulations, such as the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA), and industry standards such as the PCI DSS are much more challenging in the SaaS environment. There is a perception that cloud computing removes data compliance responsibility; however, the data owner is still fully responsible for compliance. Those who adopt cloud computing must remember that it is the responsibility of the data owner, not the service provider, to secure valuable data.

  • Outsourcing: Outsourcing means losing significant control over data. Although this is not a good idea from a security perspective, the business ease and financial savings continue to increase the usage of these services. You need to work with your company’s legal staff to ensure that appropriate contract terms are in place to protect corporate data and provide for acceptable SLAs.

  • Placement of security: Cloud-based services result in many mobile IT users accessing business data and services without traversing the corporate network. This increases the need for enterprises to place security controls between mobile users and cloud-based services. Placing large amounts of sensitive data in a globally accessible cloud leaves organizations open to large, distributed threats. Attackers no longer have to come onto the premises to steal data; they can find it all in the one virtual location.

  • Virtualization: Virtualization efficiencies in the cloud require VMs from multiple organizations to be co-located on the same physical resources. Although traditional data center security still applies in the cloud environment, physical segregation and hardware-based security cannot protect against attacks between VMs on the same server. Administrative access is through the Internet rather than the controlled and restricted direct or on-premises connection that is adhered to in the traditional data center model. This increases risk and exposure and requires stringent monitoring for changes in system control and access control restriction.

  • VM: The dynamic and fluid nature of VMs makes it difficult to maintain the consistency of security and ensure that records can be audited. The ease of cloning and distribution between physical servers can result in the propagation of configuration errors and other vulnerabilities. Proving the security state of a system and identifying the location of an insecure VM is challenging. The colocation of multiple VMs increases the attack surface and risk of VM-to-VM compromise.

Run the Logical Infrastructure for the Cloud Environment

• Secure Network Configuration

  • VLANs

  • TLS

  • DHCP

  • DNSSEC

  • IPsec

• OS Harding Via Application of Baselines

  • Windows

  • Linux

  • VMware

• Availability of the Guest Operating System

Manage the Local Infrastructure for the Cloud Environment

• Access Control for Remote Access

• OS Baseline Compliance Monitoring and Remediation

• Patch Management

• Performance Monitoring

• Backup and Restore of Guest OS Configuration

• Implementation of Network Security Controls

• Log Capture and Analysis

• Management Plan

Ensure Compliance with Regulations and Controls

• Change Management

• Continuity Management

• Information Security Management

• Continual Service Improvement Management

• Incident Management

• Problem Management

• Release and Deployment Management

• Configuration Management

• Service Level Management

• Availability Management

• Capacity Management

Conduct Risk Assessment for the Logical and Physical Infrastructure

• Framing Risk

• Assessing Risk

  • Qualitative Assessments

  • Quantitative Assessments

    • Single Loss Expectancy

    • Annual Rate of Occurrence

    • Annualized Loss Expectancy

• Responding to Risk

  • Accept the Risk

  • Avoid the Risk

  • Transfer the Risk

  • Mitigate the Risk

• Monitoring Risk

Understand the Collection, Acquisition, and Preservation of Digital Evidence

• Proper Methodologies for the Forensic Collection of Data

• Evidence Management

• Chain of Custody

Manage Communication with Relevant Parties

• Vendors

• Customers

• Partners

• Regulators

• Other Stakeholders