Layer upon Layer (Defense in Depth) ◾ 139
SIDEBAR: RISKS ASSOCIATED WITH OUTSOURCED SERVICES
Unfortunately, the required emphasis on shared-risk and service-provider management often isn’t there. The ten-
dency is for the consumer to trust the provider and the provider’s protections, but this isn’t prudent. Once, during an
assessment of a provider’s site Bill found a hole in a fi lter that allowed one consumer to create database connections
to a server in a neighboring enclave. Fortunately, it was found before it could be exploited, but this was a collabora-
tive application development site; just imagine how much damage could have been done! It is imperative that the
consumer fully understand the risks associated with using outsourced services and resources. There is no such thing
as a free lunch; every scenario has an associated set of risks. A decision to use outsourced services does not change
your obligation to keep your data secure. You cannot transfer this responsibility to the provider, and it is guaranteed
that the provider has no intention of taking on that responsibility either. The data belongs to you; make sure you
understand what it will take to ensure its security.
Provider Objectives
Consistency is the best scenario for a service provider. It is far better to have one standard set of
security objectives to work from than it is to provide customized security scenarios for individual
customers. For example, if the service provider has fully hosted customers, it may be advantageous
for the provider to treat every scenario as if it were fully hosted. While a “one size fi ts all” approach
is the most cost eff ective, it can be diffi cult to reconcile it to the customer’s particular require-
ments. is is especially true in hybrid scenarios where a high level of integration is present. e
security objectives discussed in the fully hosted scenario (uncompromising application security,
exceptional customer data isolation, shared-risk mitigation, and superior accountability) apply in
the hybrid scenarios as well. is section covers objectives that are specifi c to the diff erent hybrid
environments.
Uncoupled Scenarios
Uncoupled services are based entirely on consumer-initiated actions. e connection is typically
a secure socket layer (SSL) connection on a public network (i.e., the Internet). e connection is
primarily used to confi gure or update content on the service. e primary concern on the provider
side is boundary protection because these services are exposed on a public network. e concern is
not with the security of the service per se, but with the utilities and tools. For example, if the con-
sumer uses FTP to transfer content to their site, how does the provider support this functionality
in a secure manner? To a lesser extent, distribution attacks are also of concern because it is possible
for the consumer to knowingly or unknowingly upload malicious code to the site. Providers must
address these risks in the security objectives for uncoupled services.
Loosely Coupled Scenarios
e concerns in this scenario are the same as those in the uncoupled scenario, but the shared risk
and distribution issues are amplifi ed because the connection is bi-directional and in most cases,
code must be installed on the end-user system for the service to work properly. e code could be
a browser add-on, script, or a custom application. Web-based conferencing is a typical example
of this scenario. e service is exposed to the Internet and uses SSL connections for conference
scheduling, confi guration, and attendance. Presenters may upload content, and attendees may
stream content in real time or download saved/stored records (i.e., video or audio records, stored
presentations, etc.). e end user must download and install browser code to support the confer-
encing functionality, and in some cases (e.g., Netmeeting) the end user may install a stand-alone
client application. e provider must establish security objectives to guard against the corruption
TAF-K11348-10-0301-C008.indd 139TAF-K11348-10-0301-C008.indd 139 8/18/10 3:08:41 PM8/18/10 3:08:41 PM