134 ◾ Security Strategy: From Requirements to Reality
to many system resources. All you need to do is fi nd a way to exploit a fl aw in one of those
resources to gain unauthorized access to the system. Compromised Internet sites are a great
example of this. Anonymous is a valid user on the system with valid permissions granting read
and execute privileges to system fi les and applications. In December 2009 attackers used these
permissions to execute a SQL Injection attack that compromised over 130,000 websites. e
same type of attacks can be executed against online services as well; it just requires a valid user
identity for the service.
Depending on the type of service being provided, getting that identity can be a trivial pursuit
or a major endeavor. For commoditized services like Windows Live, getting a user ID means you
must provide a valid e-mail address. For shared services like Microsoft Online, a valid e-mail
address and credit card are required. For dedicated services, a valid customer user ID is required.
e latter can be a real challenge, but the other two are trivial. How an attacker obtains the
identity really doesn’t matter; the fact that an attacker can use that identity to directly attack and
compromise service applications and systems is the real concern. Perhaps, even more disconcert-
ing is the fact that a single service identity frequently provides access across multiple services.
Once a system has been compromised, this shared trust can be exploited to propagate the attack
across service boundaries. is is why application-level security is a critical security objective for
service providers. In light of the privileges being granted to users, service providers must provide
uncompromising application security. e slightest user exploitable fl aw can easily result in a
massive compromise.
Exceptional Customer Data Isolation
Service providers must also provide exceptional customer data isolation. Whenever a service
processes, transfers, or stores data from multiple customers, there is the possibility for data
leakage between customer entities. e threat is more prevalent in shared services because all
customers use the same resources, but data leakage is also a threat in dedicated services because
customer environments use a common set of service support applications. For example, infor-
mation from multiple customers can be found in service desk, performance, backup, and mon-
itoring systems. Although this information may be more diffi cult for an external attacker to
compromise, it is still susceptible to disclosure from human or application error. For example,
one of the service providers Bill worked with had a recurring problem with service ticket
reporting. Operators would sometimes include cross customer information in service reports.
e issue was as much a problem with the application as it was with the operators, but that
didn’t make the customer whose information was leaked feel any better, and it certainly was
detrimental to the provider’s reputation. e problem, to some extent, is systemic. Applications
that have been designed for internal use, including monitoring and ticketing systems, typically
do not have robust security features.
e threat of cross customer data leakage in shared environments is even greater. Data is
present in shared memory during processing, intermingled during transport, stored in shared
databases, and backed up to common media. e threat is further exacerbated because these data
elements have diff erent levels of sensitivity and are subject to diff erent regulatory and legal require-
ments. Although there is no practical way for a service provider to know what these sensitivities
and requirements are, nonetheless, customers have a reasonable expectation that the provider will
provide appropriate protections. And if the customer is wise, they will make those expectations
part of the service-level agreement. Exceptional customer data isolation must be a priority security
objective for service providers.
TAF-K11348-10-0301-C008.indd 134TAF-K11348-10-0301-C008.indd 134 8/18/10 3:08:41 PM8/18/10 3:08:41 PM