November 6, 2014 | Written by: Robert Nersesian
Share this post:
Yes, it’s all going to the cloud, which is better than “to the dogs.” And yes, you have to make sure your cloud environment is secure.
You need to confront some hard realities about cloud security because the cyber landscape continues to be unforgiving. It doesn’t matter whether you’re protecting traditional computer systems, your mobile platform or the cloud itself. Simply put, organized cyber crime and cyber espionage continue to grow in sophistication. Any new hackable platform is red meat for them. Opening massive breaches that harvest critical data is their day and night job. News headlines make that clear that the aggregate total of global cyber crime damage now rivals that of many nations’ annual gross domestic product (GDP).
First reality: Organizations spend considerable time and money securing their on-premises infrastructure. That’s good. The problem is maintaining that same high level of security when outsourcing to the cloud. Security delivery requires a cloud provider’s undivided attention. Yes, there are built-in security tools, but you will not get the key to any strong security posture—24/7/365 threat monitoring, analysis and response—or “managed security service.” These are humans watching out for you. You must know what’s happening on the cloud in real time and be able to respond very quickly. You need people to manage this, even if you have automated capabilities as part of your cloud security. The “cloud” doesn’t do it on its own.
(Related: An interview with Brendan Hannigan, IBM GM Security Systems Division)
Second reality: Repeat after me: “My cloud will be breached.” Take a deep breath. Say it one more time.
Remember, just because you’ve been breached doesn’t mean an attacker knows where to go once they get in your system. If you identify the attack quickly you can prevent him or her from getting to your critical data.
So, review your incident response plan for cloud security. What, you don’t have one? Okay, review the plan you have for your premises infrastructure.
If you still have a blank look, gather your team and start putting a response plan together—fast. How you handle it is crucial, particularly the speed of your response. Sophisticated attacks often show no upfront “symptoms” but can quietly devastate your business over time. The longer it takes to resolve an attack, the more costly it becomes.
Prevention starts with an incident-response plan and mock exercises to test the plan. Get an experienced provider to try and hack your cloud. Find out your vulnerabilities. Most important, make sure you have a team ready to move quickly and decisively if you suspect your cloud has been attacked.
Third reality: Last but maybe most importantly, get smart about “security intelligence.” Your cloud systems, along with your other IT platforms, generate billions of security events each day from firewalls, emails, servers and the like. It’s simply not possible to manually sift through this data and find evidence of suspicious behavior. Beyond the costs involved, it’s confined to figuring out “what happened” rather than “what will occur.”
When applied to security data, big-data analytics tools can be transformative—the tip of the spear in security intelligence and response. Analytics can provide automated, real-time intelligence and situational awareness about your infrastructure’s state of security to help disrupt the attack chain.
Say that two similar security incidents take place, one in Brazil, the other in Pittsburgh. They may be related. But without the intelligence needed to link them, an important pattern—one that could indicate a potential incident—may go unnoticed.
You need this capability, and providers like IBM are stepping up to make it the ultimate reality.