1 year ago


life in the cloud SUN OR

life in the cloud SUN OR RAIN, BRING IT ON! IS THE CLOUD RIGHT FOR EVERYONE? THAT, SAYS ONE LEADING OBSERVER, IS THE WRONG QUESTION. "LIKE ANY EVOLUTIONARY DEVELOPMENT, IT'S OUR CURRENT REALITY." BUT WOE BETIDE THOSE WHO FAIL TO TAKE EVERY SECURITY MEASURE As a child, many of us would look into the sky and stare at the clouds. We would see shapes and our brains would interpret them as images of animals or objects. We wondered what it would be like to stand on the clouds and wondered what the view would be from high above. These are all memories and made us think of the word 'cloud' in a positive way, says Morey J. Haber, CTO, BeyondTrust. "At some time, we may have seen the other side of clouds. We have experienced thunderstorms, turbulence when flying and seen the devastation from storms. These all come from clouds and weather, and can make you have a miserable or wonderful day. While the word 'Cloud' is different for technology than the weather, the analogy can help us understand the positive and negative aspects for information technology 'in the cloud'. Technology professionals will generally agree the positive aspects do outweigh the potential negative shortcomings, but they may be more than your business can handle." To that end, suggests Haber, decide if the following could impact your Cloud weather: Forecast for a Sunny Day in The Cloud (Positive Aspects) Organisations can reduce costs by no longer a dedicated environment, raised floor and optional licences for operating systems and applications Businesses can have the ability to dynamically burst capacity of the network, processing and other resources to meet demand. As your business grows, and events occur that require more resources (like the holiday season), a cloud implementation can temporary (or permanently) scale to meet those objectives Environments can simplify the capability to test, implement and deploy various resources from operating systems to applications. They can also potentially reduce costs for hardware by subleasing computing time on traditionally expensive hardware The cloud can meet multiple infrastructure objectives from SaaS, IaaS and PaaS, with shortened times for deployment and flexibility Cloud providers can centralise contracts for licensing, provisioning and additional resources, since they are all being serviced through a sole source. Forecast for a Stormy Day in The Cloud (Negative Aspects) Cloud providers can experience outages like any environment; but, as a user of the cloud, you are at the mercy of the cloud provider to restore services. Service Level Agreements (SLA) are the only recourse for a vendor to recoup partial losses during an outage Choosing a cloud provider can lock you into their platform and not allow portability to another platform, if the business or technical needs arise Financial and business longevity of the cloud or service provider (SaaS) can create issues, if your business is critically dependent on their services. If they are 24 computing security May/June 2018 @CSMagAndAwards

life in the cloud acquired, go out of business or have other business issues of their own, how will it impact your business becomes a deciding factor Transparency of security, business model and partners are not necessarily exposed to the end users and may have potential conflicts that cause unnecessary business risk. This includes security vulnerabilities or even equipment deployed that would not be as secure as an on-premise implementation and therefore out of your control Your do not own the hardware and therefore you are never in full and absolute control of what is running, when it is running or how it is running. Think about that for a few minutes for sensitive or mission-critical applications. Clearly, the term 'Cloud' can mean different things, depending on the context we use, as Haber points out. "It can refer to technology or weather. We can have rainbows or tornados, and we can have reduced costs or uncontrollable outages (yes - this has happened before). When considering the Cloud for your computing requirements, it is important to remember the sunny day benefits. It is equally important to remember the rainy days that just would never end. Think of the positives and negatives, because your cloud implementation will probably have both. Can your business manage the stormy days, too, if you know they are coming?" BIOLOGICAL SYSTEM While some complicate its definition, cloud computing is "any computer-based event that takes place outside your internal network", points out Mike Ahmadi, CISSP, global director - IoT Security Solutions at DigiCert. "It's allowed us to connect like never before. But the greater the connection, the higher the stakes. The cloud as we know it wasn't born from a massive project; it evolved organically as connectivity skyrocketed. Networks gradually became more interconnected, giving us the 99.999% uptime we've come to expect." This made moving data to a distributed environment relatively easy, complementing our ever-growing need for highperformance computing, he adds. "For example, smartphone manufacturers realised they could only pack so much battery life, memory and computing power into a pocket-sized device. Turns out, pushing the workload to server farms made for a richer computing experience, without having to build a pocket-sized nuclear reactor to power it all. Thus, the cloud's benefits are evident." That said, people still ask Ahmadi, "Is the cloud right for everyone?" That, he says, is the wrong question. "Like any evolutionary development, it's our current reality. The cloud works well for our fast-moving computing culture. Who's going to explore alternatives when our existing solution works and is used by the masses? That's not to say the cloud doesn't have its drawbacks, including security vulnerabilities. To understand the gravity of cloud security, think of the cloud as a biological system. In biology, pathogens cause disease. If the affected population is connected to others - think air travellers - the disease can become a pandemic. Security threats are like digital pathogens; once they introduce disease to interconnected networks, they spread - and fast. "During outbreaks, we don't halt travel. Inability to transport food and medicine would exacerbate the problem. Instead, we address the root cause of the situation (the disease) and learn to prevent future waves. Over centuries of biological crises, we've learned a few things. But we haven't had centuries of digital security crises to study. In the computing world, it's still the Middle Ages - and we haven't had our Plague. Although our understanding of security isn't on par with the growth in vulnerabilities-for example, we don't have the equivalent of the Center for Disease Control (CDC) or minimum requirements for preventing and controlling digital diseases - I'm optimistic we can overcome the drawbacks of cloud computing." Success may only arrive on the heels of enough digital diseases, he concedes, but it will arrive. "Fortunately, we have some proven techniques for addressing digital diseases - reliable methods for authentication, secure coding, testing, and protection," comments Ahmadi. "We just need to recognise when and where to apply these methods. After all, preventing disease beats reacting to pandemics." WIDESPREAD RELIANCE Without the cloud, many applications that businesses rely on every day - such as social networks, file-sharing, video surveillance as a service - would not be viable. "There would be far fewer icons on smartphones for sure! Organisations rely enormously on the cloud to underpin digital transformation projects and those that don't use the cloud will miss out," cautions James Wickes, CEO and co-founder, Cloudview. "The key benefits are instant access from any location, greater scalability and increased storage. Users can store as much data in the cloud as required, for as long as required, and they are able to pay only for what they use. "And, because the cloud can be used to consolidate data from multiple systems into one place, it can resolve data collection, compliance, privacy, security and reliability issues simply and inexpensively - making compliance with the General Data Protection Regulation (GDPR) workable and effective." Among the provisions of the GDPR (effective from 25 May this year) are strict @CSMagAndAwards May/June 2018 computing security 25