Enterprises continue to spend billions annually on security technology, yet cyber breaches continue to come fast and furious. So what exactly is going on here? Why are the odds stacked against the good guys?
It turns out there are some pretty good reasons why security remains so elusive. Many organizations simply don’t have the staffing resources to do battle with a heavily automated enemy.
What’s more, IT innovation and the move to the cloud is moving at light speed. Those can be good things, but the pace of change is also introducing a new level of complexity and unmanageability that is exposing us to human error. In many cases, we’re trying to fend off laser-guided missiles with defense shields designed for the last war, not this one.
To make it a fair fight, we need to invest in security where it is most needed. Rather than pour billions of dollars into the latest and greatest antivirus or firewall solution, organizations should invest in the ability to respond to incidents and prevent them from spreading.
We have to assume some attacks will get through our defenses. And we have to have the ability to quickly bounce back from an attack, rather than just trying in vain to block every attempt. It’s through this resiliency that enterprises can better defend themselves against cyber threats.
Security in the cloud
In the early days of cloud, there was a lot of hype suggesting that security problems would be a thing of the past. Of course, we now know that security breaches have only gotten worse. Cloud infrastructure is easy to build and easy to move. While this makes life better for application developers, it also makes keeping track of what is where, and what is protecting it, exponentially more challenging.
The cloud is evolving in its own way, with each vendor incorporating their own proprietary languages and adding ever-more feature complexity. Users, for their part, are struggling under these disparate tools because each cloud has a proprietary interface that needs to be learned and managed.
Here’s another challenge. Because the cloud delivers a new computing paradigm, it doesn’t easily merge with older systems. For example, a new Lambda Service from a cloud provider acts very differently from a legacy mainframe or datacenter app. And since your organization is probably not migrating 100% of IT to the cloud, that means you not only have to contend with the risks associated with your legacy system, you also have new risks associated with the cloud.
Pets vs. cattle
It’s helpful to think of the pets versus cattle analogy when talking about cloud security. We treat our pets like part of the family, showering them with love and tending to them when they’re sick or injured. But, when it comes to cattle, we have a very different attitude. Cattle, for their part, are a disposable commodity. The trick is to understand the difference between the two. Security teams need to know which assets are being treated as cattle by the IT organization, and which are managed as pets so they can apply the right fixes when issues arise.
Another significant challenge for security teams are the new architectures that the cloud introduces. Anyone with a puppy at home knows how important it is to gate off certain areas of the home to contain the mess and limit the havoc. But when traditional IT “pets” move out to the cloud, where do you install those gates – the firewalls, IDS/IPS sensors, DLP detectors, etc.?
The good news is that, in the emerging serverless era, where location is held to be irrelevant, there are certain benefits you can leverage to enhance protection. In traditional systems you would need a dedicated server and comms in and out, which presents a significant threat surface for an attacker.
But in a serverless environment, you can break off a small part of compute and hand it to a provider. The benefit here is that, if you don’t need admin access and don’t know the location, then it also becomes difficult for the bad guys to find it. Security teams, for their part, can just focus on the data that needs to be protected, and can pay less attention to where and how the compute happens, because that is now moved out of sight for everyone, friend and foe alike.
Resiliency in the cloud
A digital network is like an office building. If for some reason the building catches fire, you need to quickly respond to the incident and stop the blaze before it causes large-scale damage. Having a well-built structure made from the highest quality material can help. But that’s not all it takes to guarantee security. Only with holistic visibility can you check for structural integrity, and ensure that if something goes wrong, you’re alerted straightaway.
The same holds true for digital networks. In today’s cloud-based business world, breaches are inevitable. But they don’t have to be fatal. In fact, the ability to embrace resiliency and quickly respond to threats is a significant competitive advantage that will ultimately ensure success in the digital economy.
By Dr. Mike Lloyd
Dr. Mike Lloyd, CTO of RedSeal, has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control.