Leveraging the Inherent Strengths of the Cloud to Enhance Security Will Enable us to More Effectively Stay Ahead of Attackers
Much airtime has been given to answering the question: Is the cloud secure? We’re becoming programmed to think of the cloud as a security challenge. From loss of governance and concerns about segmentation from other parties in the cloud, to potential data loss and leakage, there are many possible security risks to consider when deploying a cloud-based strategy.
But there’s another aspect of the cloud that has largely gone ignored and that’s the fact that the cloud can be a tremendous security enabler.
• Enhanced performance with lightweight and compatible IT security solutions. The cloud can be used for all the ‘heavy computational lifting’ typical in IT security solutions. If performed locally these tasks tend to slow down machines, inhibit solution performance and usually require additional hardware. Freeing an enterprise’s network and devices from this burden also enables users to more effectively support a defense-in-depth strategy since it facilitates running multiple security offerings simultaneously. Offloading heavy-duty processing to the cloud becomes even more beneficial with mobile devices that can have significant computation constraints and even more stringent power consumption requirements.
• More informed security decision-making with centralized and up-to-date security information. With virtually unlimited storage in the cloud it now becomes possible to create, maintain and share extensive information on network threats, advanced malware, IP and file reputation lists, as well as geo-location and other security data. This global and centralized approach eliminates the need for enterprises to manage and store vast amounts of information on their infrastructure, increasing productivity of the security software while ensuring that the latest, comprehensive security information is available as needed.
• Faster, better protection through the power of Big Data analytics. Today we see hundreds of thousands of security threats each day. Understanding the data and then translating this intelligence into protection can take days to months rendering it virtually ineffective given the pace at which new threats are introduced and increasing the time of exposure. Leveraging the processing power and storage of the cloud along with intelligence gathered from the community of cloud users, large-scale data mining techniques can be applied to identify anomalous patterns across systems and create to new detections and protections more quickly. This environment also provides a more effective ‘test bed’ for better security. New protections can be tested against live data as part of security technology development cycle rather than using isolated test sets that exist in a lab. There’s no better way to test efficacy than against real-world data.
• More efficient and economical protection against real threats with intelligent delivery. Because only a small number of threats are ever seen in an individual enterprise and we can’t always determine which will become widespread, it isn’t practical or feasible to provide enterprises with every possible signature available. The time and resources required for huge downloads of largely irrelevant information is cost prohibitive and impractical. The cloud can deliver only the protections that are relevant to an organization’s risk profile and do so much more quickly to protect against the threats that matter for their specific environment.
We’re still in the early stages of leveraging the cloud as a security enabler. There is more to come. For example, we’re beginning to see technologies that can harness the benefits of storing large amounts of relevant security data to go back in time to identify patient zero—who was infected first— which is an essential first step in stopping the spread of malware. Analysis of this historical data can also be used to evaluate end-user programs previously thought to be safe against the latest threat intelligence, retroactively identify programs now deemed malware and quarantine just those infected devices without a full system scan. As technology continues to evolve it is also reasonable to expect users will be able to dynamically query the cloud to find out if an IP or file has been identified as malicious, if a signature exists and then download it to proactively protect their unique environments.
Just as hackers are accessing all available tools to accomplish their missions, so must we as defenders. Leveraging the inherent strengths of the cloud to enhance security will enable us to more effectively stay ahead of attackers as we fight this relentless and increasingly sophisticated cybersecurity war.