OpenStack adoption continues to grow, with major companies including PayPal, Walmart, eBay and AT&T now using the open source cloud platform. But like any new technology, committing to OpenStack can introduce potential security risks, such as the recently discovered Secure Socket Layer vulnerability. And while OpenStack has created a Vulnerability Management Team, along with a 200-page guide to OpenStack security, to protect against these risks, it's still important for users to build their own OpenStack security strategy.
Building a cloud is not the same as creating a traditional IT cluster. For instance, the number of sockets needed to support the scalability of a large cloud deployment can introduce certificate management issues that slow down operations. And with OpenStack, the range of cloud services is broad, including messaging queues, access and configuration policies, logging services and various other modules.
In many ways, the world of cloud security is different than traditional firewall management, switch and router control and load balancers. The cloud flattens the network topology, and almost everything is virtual. In addition, the number of security tokens can be staggering, authentication certificates can run into the many thousands and the number of sessions being generated in Secure Socket Layer is much higher. Any one of these components can create a vulnerability point.
Exploring the top OpenStack security challenges
With OpenStack, the cloud security challenge is compounded because the technology is a work in progress. Some of the tools have deficiencies that need to be addressed. For instance, Horizon, the OpenStack dashboard, is missing two-factor authentication. Horizon is a Web-based solution that is both admin- and tenant-facing. It's a powerful tool for managing cloud resources, but any vulnerability could impact a large number of users, making this a hot target for hackers. Keystone, the OpenStack authentication service, is pluggable for multiple forms of authentication, so an admin setting up this module should aim for the most robust system possible.
There are other OpenStack security factors to consider. For example, because of OpenStack's modularity, log structures vary, which makes it difficult to prove compliance and secure operations during an audit. While the audit process for any cloud can be a challenge, it should be done regularly. For OpenStack, an audit should involve validating Keystone's integrity, and looking at patching and levels for code and policies. Log mining using Splunk or other tools makes it easier to audit log activities, though monitoring capabilities, such as those provided by a dashboard like CERN's Lemon, are also useful. Tools like Puppet can also help simplify deployments.
Best practices for OpenStack security
When deploying an OpenStack-based cloud, there are general best practices organizations can follow to protect their environment from threats.
For instance, because there are many OpenStack authentication certificates, it's tempting to give them long lifespans, but with a flattened system like OpenStack, it is dangerous to do so; a single security failure can lead to wide exploits. It's a best practice to keep certificate lifespans as short as possible.
In addition, most OpenStack operations are driven by policies. At low and medium scale, this is easy to manage, but at a larger scale, it's difficult to maintain consistent policy levels across all instances. The rapid pace of evolution within the OpenStack module family makes manual management difficult, so use a protocol management tool to avoid errors. Exploits that attack clusters by looking for down-level services are common, and as future policies start to control software-defined infrastructures as well as instance management, we can expect this to become even more fertile ground for hackers.
Organizations should ensure that access to the OpenStack control plane is restricted and well protected. The data plane is another matter; encrypt all data at the source and maintain that encryption at rest.
Despite potential risks, an OpenStack private cloud can have security advantages over the public cloud. Generally, access to the private cloud is much more restricted, and organizations can deploy detection tools, such as those for file and deep packet inspection, data loss prevention and intruder detection, to improve security.
Still, given all the challenges of multi-tenancy, most public cloud providers have developed an aggressive security approach that can lend best practices and tools to the OpenStack community. The maturity of public cloud providers like Amazon Web Services (AWS) and Azure means they've already fought, and won, many hacker attacks.
OpenStack security is maturing fast. It should end up at the same level as all three major public clouds -- AWS, Azure and Google -- and benefit from being deployed in private environments, where additional tools can restrict data access.
Comparing OpenStack vs. VMware for private cloud
Building a hybrid cloud with AWS and OpenStack
Using OpenStack modules to support containers