The role of the cloud in the modern security architecture
In this interview, Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.
How is the cloud shaping the modern security architecture? Have we reached the point where it’s unpractical not to use it?
Leveraging the cloud is really inevitable. IT organizations are moving infrastructure, applications, and data to the cloud for management benefits, and end user organizations appreciate the benefits of cloud services for more rapid time-to-value.
The cloud brings new issues to IT organizations:
- Change in attack surface. As IT organizations move their applications and their data to public clouds and SaaS, there are new surfaces for hackers to attack.
- Loss of control over devices and networks. As cloud enables anytime / anywhere access, users are accessing their data from devices and networks not controlled by the company.
- Empowerment of end user organizations. The emergence of the cloud has empowered end user organizations (e.g., sales, marketing, HR, support) to deploy applications without IT involvement, dramatically impacting governance issues around security posture.
- Shift in IT resource allocation. Usage of the cloud shifts the burden of hosting servers on premises toward providing adequate network connectivity and traffic prioritization to business critical cloud services. It also requires a shift in allocation from traditional backhauling of data center traffic over private networks towards providing local Internet access from remote offices.
Still, there is much to be leveraged in the security architecture by providing security in the cloud:
- Ability to provide protection everywhere. Utilizing cloud security services can help protect users wherever they are connected and still provide central IT management and reporting on security posture.
- Ability to terminate connections and analyze threats to block them before they reach the customer’s networks or devices.
- Ability to leverage vast amounts of crowd-sourced data in real-time to perform functions such as global Bayesian analysis or polymorphic virus detection that were previously inaccessible to organizations who did not leverage the cloud.
- Ability to provide redundancy during customer site outages.
- Ability to leverage elastic-compute to handle operations that may exceed the processing power of typical endpoint network security devices.
What security technologies have benefited the most from the cloud?
Many technologies benefit from the cloud. One of the most impactful has been cloud-based, real-time threat protection.
The familiar security concept introduced by desktop anti-virus vendors was to collect virus samples from some subset of customers, produce definitions and have endpoints download those definitions on a periodic basis. The relative isolation of every individual attack instance on which to collect data and the periodic nature of updates in the old world created relatively long attack windows for attackers to exploit.
With the adoption of real-time threat protection services that leverage the cloud, real-time lookups themselves can generate data that can be used to make block decisions instantly, thwarting attacks automatically once they are released in the wild. This use of cloud and big data has dramatically reduced the length of attack windows, in many cases changing the economics and targeting of attacks in general.
What advice would you give to a CISO concerned about moving the secure storage of its documents into the cloud?
The first piece of advice is to stay close to end user organizations. Document storage through services like Dropbox generally started without IT involvement, largely because IT departments in general were not responding quickly to demands in their end user organizations for convenient access, mobility, and easy sharing of data with those outside the company. New requirements are already emerging, such as automating workflows for signing documents. Staying close with end users is key.
Beyond that first and oft-told advice is the need to consider the actual security implications of the documents at rest in the data center, as they transit in-motion, and as they rest on any endpoints to which they are replicated. Technical capabilities around encryption, access control and revocation, and even the security posture of cloud providers should be considered. CISOs should also consider any security policy implications surrounding both content of data (DLP) as well as end user access control both inside and outside the company.
In addition, beyond the security implications are very practical business continuity decisions around cloud storage. How organizations backup their data, maintain revision control in case of data corruptions or accidental deletions, and even ensure access on the insolvency or lack of availability from a cloud provider should all play into strategy.