What do Virtualization and Cloud executives think about 2011? Find out in this VMblog.com series exclusive.
Contributed Article By Simon Crosby, Chief Technology Officer, Datacenter and Cloud Division, Citrix
Lesson from Wikileaks - Cloud is good.
Wikileaks ought to have you sitting bolt upright in your black leather CIO chair. Independent of your views of the legitimacy or otherwise of Wikileaks, the last month has given us a shocking demonstration of the results of weak IT control over enterprise data and applications, and the incredible resilience of cloud based apps to both government-initiated take-downs and organized attacks. It's time to wake up. If you aren't turning the IT lessons from Wikileaks into actionable plans for your organization, we'll probably be reading your secrets online, a few months from now.
Tools for electronic attacks are now standard in the arsenals of national governments (eg: [Stuxnet| http://en.wikipedia.org/wiki/Stuxnet] and the [Google attack| http://www.guardian.co.uk/technology/2010/dec/04/wikileaks-cables-google-china-hacking]) and [organized crime| http://www.sophos.com/pressoffice/news/articles/2006/10/extort-ddos-blackmail.html] alike, and huge amounts of money are being poured into tools and techniques to attack vulnerable targets. Major enterprises, such as Visa, PayPal, Amazon and others have experienced first hand the inverse of [Metcalfe's law| http://en.wikipedia.org/wiki/Metcalfe's_law]: N squared-to-one brute force DDOS attacks that co-opt the compute and bandwidth of tens of thousands of disaffected or clueless individuals to deliver attacks on a massive scale. If anything, the [Anonymous| http://forums.whyweprotest.net/splashpage.html] [attacks| http://www.computerworld.com/s/article/9200639/Anonymous_attack_on_Amazon.com_appears_to_fail] have been muted by comparison with what we might expect from a [Conficker-style| https://blogs.accenture.com/technology_labs_blog/archive/2010/04/13/bad-cloud.aspx] attack, commanding tens of Tb/s of bandwidth and tens of millions of CPUs.
Hidden in the Wikileaks furore is a powerful, positive message about cloud computing. Of course, if your confidential information was stolen and dispersed across thousands of mirrors around the world, you would be justifiably furious. You might think this proof-positive that cloud computing and everything to do with it is unsafe. And as a result the only kind of cloud you would ever tolerate would be a private cloud, in your own data center. So permit me to offer a contrarian view. Here are two reasons to view Wikileaks and the infrastructural lessons that follow from it, in a positive light:
# _You can empower your users *and* never lose data_: There is a better way to deliver confidential information and applications to end users - as an IT operated service that is secure, offers a rich end user experience and that and that would never allow data theft of the nature that we have seen here. At Citrix we call it [XenDesktop |http://www.citrix.com/xendesktop].
# _Running your apps in the cloud offers resilience to dream of_: Well architected web based applications can make use of the immense resources of the cloud to survive attacks and ensure that end users are always able to get access to mission critical information. Outages suffered by traditional enterprise IT shops when faced by a DOS attack need not be your fate. The cloud is your friend, as it has been to enterprises prepared for cloud-scale attacks - such as Amazon. Large providers have much more capacity, they offer geographic diversity, massively scalable DNS services and implement the most robust countermeasures to protect their tenants.
*Desktop Virtualization addresses challenge (1)*: IT is forced to support a set of operating environments that are beyond its ability to protect and control. Why? Users. Use cases. Consumerization of IT. iPads. Android. Afghanistan. Whatever. Let's call it _reality_. *Reality* says that IT is out of control - and the enemy is the average user (and, because the average user is just trying to get the job done, therefore arguably, the enemy is the mission of the enterprise). The options are to for IT to continue to [pretend to enforce the unenforceable by "fiat"| http://www.nypost.com/p/news/national/us_military_expands_ban_of_external_UCl15sb4xYsCQvvf8cQa1J], or to get real. I'm glad I'm not the one who has to explain how it was possible for a low privilege operative to copy files from [SIPRNET| http://nautilus.org/publications/books/australian-forces-abroad/security-general/siprnet] to a USB drive, particularly given an [existing ban| http://www.wired.com/dangerroom/2008/11/army-bans-usb-d/#ixzz0fu2o8OKr]. And I'm glad I'm not [this chap| http://www.af.mil/information/bios/bio.asp?bioID=7533] who has to pretend that he has the ability to guarantee that this won't happen again. Because he can't. This is just ["closing the door after the horse has bolted"| http://www.thedailystuff.ie/_wp_generated/wp7d8ca45f.jpg].
So what shall we do? Permit me to be bold for a moment: If SIPRNET users were running XenDesktop, _nobody_ would have been able to copy 250K confidential documents to a USB stick. But more importantly, it would be possible to empower every one of the personnel who relies on access to such a system to get their job done, and to do so with precise, policy controlled access to centralized app/desktop/data management, with no ability to steal. XenApp and now XenDesktop have done this for years in the commercial and Federal sectors.
* Desktop Virtualization means that *all data* remains centralized, but end users receive a highly consumable app/desktop that can deliver them all the information that they need - via a hosted desktop/app experience _or_ a rich client experience. Desktop Virtualization centralizes state, and securely delivers an immersive experience (app/desktop) for access to apps and their state, with precise, granular control over devices, applications and data in such a way that can guarantee that no data is permitted to leave the bounds of the enterprise. Moreover it's all encrypted at rest, and the keys are never allowed out of the keep.
* To stress the point - this works for rich clients too: The user may be mobile or need to go offline. A [XenClient|http://www.citrix.com/xenclient] based desktop can guarantee protection of the virtual desktop and all corporate state on an Intel vPro based client. Policies control access to corporate apps and data, and to all devices. Any client resident corporate state is encrypted, and continually synchronized with the XenDesktop synchronization services. Centralized controls allow access to a desktop or apps to be instantly removed if needed, and XenClient stores any corporate state in a locked down, encrypted bubble from which nothing can be removed - with granular policy over external device access. If you don't want the user to steal the data, remove access to all writeable media. At the same time, the user can use a lower privilege virtual desktop to access the web and other services, with no risk that the high security virtual desktop can be compromised.
* At all times, policies restrict the user's ability to copy / save corporate state on any devices, including USB and other media, and prevent those device classes from ever being accessible in the corporate VM.
* All corporate state is always encrypted and continually backed up. In the event of loss of the client, the enterprise is guaranteed to be secure against data loss (encrypted using enterprise keys, policy based wipe, always backed up), and the user's virtual desktop can then be delivered via a hosted virtual machine (VDI style) until a new rich client is provisioned.
* For the centralized model the HDX delivery protocol provides a rich set of security controls to enforce corporate policies with regard to saving data on the client. Access to the data / apps is via an SSL VPN and access is protected using the enterprise's preferred form of authentication, and encrypted using enterprise-held keys and continually backed up.
* All data access can be monitored and logged, and user access sessions recorded for later inspection by the enterprise
The above techniques, properly deployed, can guarantee that a Wikileaks-style leak of your confidential information will not occur, while also delivering a highly consumable, user-empowering, service-centric notion of app/desktop delivery.
*Cloud Delivers Jaw-dropping Resilience*:
* A distributed application, hosted across multiple availability zones, providers and national boundaries, can dodge the most aggressive take-down attempts. A highly available DNS is your friend, as is a service agreement that ensures that your service provider is committed to your right to offer the service if your intentions are legal. Your provider(s) need _lots_ of bandwidth. Anonymous mustered 10Gb/s against its targets. This is chump change by comparison with a significant attack launched by a nation state. Picking a provider with enormous bandwidth and compute capacity and (therefore) capacity to counter an attack, is a wise thing to do. Only the largest clouds can do this. (A good Federal-focussed cloud with bullet-proof security credentials that can offer this is [Carpathia|http://www.carpathiahosting.com], which sources an incredible 1% of Internet transit bandwidth, and also has top secret clearance). If you run an enterprise IT shop, it ought to be clear that you can't afford to build one of these, and moreover why would you not let the Federal government foot the bill for the physical security of your hosted private cloud?
The bottom line:
# Desktop Virtualization means empowering users *and* IT. No more data leaks
# Cloud means putting massive commoditized compute/storage/network resources to use to ensure survivability of your app, under the worst attacks
# Both motivate the use of cloud-based, service-centric architectures to serve and protect your end users
# Automation, service, and delivery are your friends
May your data remain secure, your apps highly available, and your users empowered and delighted.
About the Author
Simon Crosby is chief technology officer of the Datacenter and Cloud Division, Citrix Systems. He joined Citrix in 2007 through the acquisition of XenSource, where he was founder and chief technology officer.
Previously, Crosby was a principal engineer at Intel where he led strategic research in distributed autonomic computing, platform security and trust. He was also the founder of CPlane Inc., a network optimization software vendor, where he held a variety of executive roles. Prior to CPlane, Crosby was a tenured faculty member at the University of Cambridge, where he led research on network performance and control and multimedia operating systems.
He is the author of more than 35 research papers and patents on a number of datacenter and networking topics including security, network and server virtualization, resource optimization and performance.
In 2007, Crosby was awarded a coveted spot as one of InfoWorld's Top 25 CTOs, and in 2008 eWEEK nominated him as one of the 100 most influential leaders in IT.