CS1805

life in the cloud
acquired, go out of business or have
other business issues of their own, how
will it impact your business becomes a
deciding factor
Transparency of security, business model
and partners are not necessarily exposed
to the end users and may have potential
conflicts that cause unnecessary
business risk. This includes security
vulnerabilities or even equipment
deployed that would not be as secure
as an on-premise implementation
and therefore out of your control
Your do not own the hardware and
therefore you are never in full and
absolute control of what is running,
when it is running or how it is running.
Think about that for a few minutes for
sensitive or mission-critical applications.
Clearly, the term 'Cloud' can mean different
things, depending on the context we use, as
Haber points out. "It can refer to technology
or weather. We can have rainbows or
tornados, and we can have reduced costs
or uncontrollable outages (yes - this has
happened before). When considering the
Cloud for your computing requirements,
it is important to remember the sunny day
benefits. It is equally important to
remember the rainy days that just would
never end. Think of the positives and
negatives, because your cloud
implementation will probably have both.
Can your business manage the stormy days,
too, if you know they are coming?"
BIOLOGICAL SYSTEM
While some complicate its definition, cloud
computing is "any computer-based event
that takes place outside your internal
network", points out Mike Ahmadi, CISSP,
global director - IoT Security Solutions
at DigiCert. "It's allowed us to connect
like never before. But the greater the
connection, the higher the stakes. The cloud
as we know it wasn't born from a massive
project; it evolved organically as connectivity
skyrocketed. Networks gradually became
more interconnected, giving us the
99.999% uptime we've come to expect."
This made moving data to a distributed
environment relatively easy, complementing
our ever-growing need for highperformance
computing, he adds. "For
example, smartphone manufacturers
realised they could only pack so much
battery life, memory and computing power
into a pocket-sized device. Turns out,
pushing the workload to server farms made
for a richer computing experience, without
having to build a pocket-sized nuclear
reactor to power it all. Thus, the cloud's
benefits are evident."
That said, people still ask Ahmadi, "Is the
cloud right for everyone?" That, he says, is
the wrong question. "Like any evolutionary
development, it's our current reality. The
cloud works well for our fast-moving
computing culture. Who's going to explore
alternatives when our existing solution
works and is used by the masses? That's
not to say the cloud doesn't have its
drawbacks, including security vulnerabilities.
To understand the gravity of cloud security,
think of the cloud as a biological system.
In biology, pathogens cause disease. If the
affected population is connected to others -
think air travellers - the disease can become
a pandemic. Security threats are like digital
pathogens; once they introduce disease to
interconnected networks, they spread - and
fast.
"During outbreaks, we don't halt travel.
Inability to transport food and medicine
would exacerbate the problem. Instead, we
address the root cause of the situation (the
disease) and learn to prevent future waves.
Over centuries of biological crises, we've
learned a few things. But we haven't had
centuries of digital security crises to study.
In the computing world, it's still the Middle
Ages - and we haven't had our Plague.
Although our understanding of security isn't
on par with the growth in vulnerabilities-for
example, we don't have the equivalent of
the Center for Disease Control (CDC) or
minimum requirements for preventing and
controlling digital diseases - I'm optimistic
we can overcome the drawbacks of cloud
computing." Success may only arrive on
the heels of enough digital diseases, he
concedes, but it will arrive.
"Fortunately, we have some proven
techniques for addressing digital diseases -
reliable methods for authentication, secure
coding, testing, and protection," comments
Ahmadi. "We just need to recognise when
and where to apply these methods. After
all, preventing disease beats reacting to
pandemics."
WIDESPREAD RELIANCE
Without the cloud, many applications that
businesses rely on every day - such as social
networks, file-sharing, video surveillance as
a service - would not be viable. "There
would be far fewer icons on smartphones
for sure! Organisations rely enormously on
the cloud to underpin digital transformation
projects and those that don't use the cloud
will miss out," cautions James Wickes, CEO
and co-founder, Cloudview.
"The key benefits are instant access
from any location, greater scalability and
increased storage. Users can store as much
data in the cloud as required, for as long as
required, and they are able to pay only for
what they use.
"And, because the cloud can be used to
consolidate data from multiple systems into
one place, it can resolve data collection,
compliance, privacy, security and reliability
issues simply and inexpensively - making
compliance with the General Data
Protection Regulation (GDPR) workable and
effective."
Among the provisions of the GDPR
(effective from 25 May this year) are strict
www.computingsecurity.co.uk @CSMagAndAwards May/June 2018 computing security
25