The recent OpenStack summit was held in Atlanta on May 12th and 13th. It’s clear that security was a hot button topic as noted by both the presenters and attendees of the conference. This backs up the fact that industry reports suggest that many businesses are reluctant to transition into cloud because of the unknown security factors. Presenters at the OpenStack summit asked attendees to look at the other side of the coin when it comes to cloud security.
Bryan Payne, the security research director for Nebulla was noted as saying, “Cloud is an interesting opportunity to do really good security work.” When you think about it, Payne is correct. In today’s datacenters, both public and private, there aren’t a lot of unknowns. Payne went on to say, “When rolling out infrastructure for cloud, enterprises have control of what is in place and that’s a security dream.”
Payne’s presentation was rich with OpenStack security knowledge. Payne mentioned that the most common attack in the OpenStack platform is called the “VM Breakout.” This term describes the process of a malicious person executing code on a cloud system allowing the virtual machine to break outside of the hypervisor thus allowing the malicious user to gain control over other systems in the pool.
Payne recommends properly implementing SELinux into your environment. SELinux stands for security enhanced Linux. This deployment severely reduces your clouds attack service thus securing your cloud deployment. SELinux is a recommended best practice in your organization. Payne’s presentation also mentioned that TLS should be used in OpenStack in order to provide encryption for your data in motion.
Securing OpenStack deployments still remains a hot topic within the cloud community. Presenters such as Payne believe that while legitimate security concerns exist, many of the concerns can be addressed by doing what you already do in your organization. You should use your organization’s own set of security guidelines coupled with OpenStack’s Best Practices while staying up to date on the latest exploits as a way to mitigate attacks.