CS1805
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
life in the cloud<br />
acquired, go out of business or have<br />
other business issues of their own, how<br />
will it impact your business becomes a<br />
deciding factor<br />
Transparency of security, business model<br />
and partners are not necessarily exposed<br />
to the end users and may have potential<br />
conflicts that cause unnecessary<br />
business risk. This includes security<br />
vulnerabilities or even equipment<br />
deployed that would not be as secure<br />
as an on-premise implementation<br />
and therefore out of your control<br />
Your do not own the hardware and<br />
therefore you are never in full and<br />
absolute control of what is running,<br />
when it is running or how it is running.<br />
Think about that for a few minutes for<br />
sensitive or mission-critical applications.<br />
Clearly, the term 'Cloud' can mean different<br />
things, depending on the context we use, as<br />
Haber points out. "It can refer to technology<br />
or weather. We can have rainbows or<br />
tornados, and we can have reduced costs<br />
or uncontrollable outages (yes - this has<br />
happened before). When considering the<br />
Cloud for your computing requirements,<br />
it is important to remember the sunny day<br />
benefits. It is equally important to<br />
remember the rainy days that just would<br />
never end. Think of the positives and<br />
negatives, because your cloud<br />
implementation will probably have both.<br />
Can your business manage the stormy days,<br />
too, if you know they are coming?"<br />
BIOLOGICAL SYSTEM<br />
While some complicate its definition, cloud<br />
computing is "any computer-based event<br />
that takes place outside your internal<br />
network", points out Mike Ahmadi, CISSP,<br />
global director - IoT Security Solutions<br />
at DigiCert. "It's allowed us to connect<br />
like never before. But the greater the<br />
connection, the higher the stakes. The cloud<br />
as we know it wasn't born from a massive<br />
project; it evolved organically as connectivity<br />
skyrocketed. Networks gradually became<br />
more interconnected, giving us the<br />
99.999% uptime we've come to expect."<br />
This made moving data to a distributed<br />
environment relatively easy, complementing<br />
our ever-growing need for highperformance<br />
computing, he adds. "For<br />
example, smartphone manufacturers<br />
realised they could only pack so much<br />
battery life, memory and computing power<br />
into a pocket-sized device. Turns out,<br />
pushing the workload to server farms made<br />
for a richer computing experience, without<br />
having to build a pocket-sized nuclear<br />
reactor to power it all. Thus, the cloud's<br />
benefits are evident."<br />
That said, people still ask Ahmadi, "Is the<br />
cloud right for everyone?" That, he says, is<br />
the wrong question. "Like any evolutionary<br />
development, it's our current reality. The<br />
cloud works well for our fast-moving<br />
computing culture. Who's going to explore<br />
alternatives when our existing solution<br />
works and is used by the masses? That's<br />
not to say the cloud doesn't have its<br />
drawbacks, including security vulnerabilities.<br />
To understand the gravity of cloud security,<br />
think of the cloud as a biological system.<br />
In biology, pathogens cause disease. If the<br />
affected population is connected to others -<br />
think air travellers - the disease can become<br />
a pandemic. Security threats are like digital<br />
pathogens; once they introduce disease to<br />
interconnected networks, they spread - and<br />
fast.<br />
"During outbreaks, we don't halt travel.<br />
Inability to transport food and medicine<br />
would exacerbate the problem. Instead, we<br />
address the root cause of the situation (the<br />
disease) and learn to prevent future waves.<br />
Over centuries of biological crises, we've<br />
learned a few things. But we haven't had<br />
centuries of digital security crises to study.<br />
In the computing world, it's still the Middle<br />
Ages - and we haven't had our Plague.<br />
Although our understanding of security isn't<br />
on par with the growth in vulnerabilities-for<br />
example, we don't have the equivalent of<br />
the Center for Disease Control (CDC) or<br />
minimum requirements for preventing and<br />
controlling digital diseases - I'm optimistic<br />
we can overcome the drawbacks of cloud<br />
computing." Success may only arrive on<br />
the heels of enough digital diseases, he<br />
concedes, but it will arrive.<br />
"Fortunately, we have some proven<br />
techniques for addressing digital diseases -<br />
reliable methods for authentication, secure<br />
coding, testing, and protection," comments<br />
Ahmadi. "We just need to recognise when<br />
and where to apply these methods. After<br />
all, preventing disease beats reacting to<br />
pandemics."<br />
WIDESPREAD RELIANCE<br />
Without the cloud, many applications that<br />
businesses rely on every day - such as social<br />
networks, file-sharing, video surveillance as<br />
a service - would not be viable. "There<br />
would be far fewer icons on smartphones<br />
for sure! Organisations rely enormously on<br />
the cloud to underpin digital transformation<br />
projects and those that don't use the cloud<br />
will miss out," cautions James Wickes, CEO<br />
and co-founder, Cloudview.<br />
"The key benefits are instant access<br />
from any location, greater scalability and<br />
increased storage. Users can store as much<br />
data in the cloud as required, for as long as<br />
required, and they are able to pay only for<br />
what they use.<br />
"And, because the cloud can be used to<br />
consolidate data from multiple systems into<br />
one place, it can resolve data collection,<br />
compliance, privacy, security and reliability<br />
issues simply and inexpensively - making<br />
compliance with the General Data<br />
Protection Regulation (GDPR) workable and<br />
effective."<br />
Among the provisions of the GDPR<br />
(effective from 25 May this year) are strict<br />
www.computingsecurity.co.uk @CSMagAndAwards May/June 2018 computing security<br />
25