Hacked on the way to the cloud

You know the what digital transformation is, even if you haven’t heard the term before (hint: it’s been happening since the late 1990s). Yes, that digital transformation.

To be sure, there have been significant advances on many fronts, butdata security isn’t always–or even often–one of them.

Companies are radically changing how they assemble and deploy business networks. Legacy systems are getting melded onto cloud services, in a bid to monetize swelling oceans of data flowing from smartphones and Internet of Things (IoT) devices.

All this data whizbang promises innovation–driverless cars and IoT that beggars the imagination–but it comes at a cost: an expansion of our attackable surface.

Every industry “disruption” and most kinds of data-based innovation open new attack vectors. These fresh exposures have always been there, and slowly but surely they are being exploited.

Some 90 percent of the organizations participating in a recent poll conducted by Oracle and KPMG  acknowledged that at least half of their cloud data is comprised of sensitive information, with 38 percent reporting they have had a problem detecting and responding to cloud security incidents.

Oracle and KPMG surveyed 450 IT professionals who reported that when security incidents do arise in the cloud, they can have a major impact on operations. Some 66% of companies said they had suffered a significant cloud-related disruption in the past two years.

Uber’s loss of sensitive data for 50 million customers and drivers, and the hacking of Tesla’s servers by crypto miners may be the minor harbingers of major attacks directed at the cloud layer of business networks in both the here-and-now and the foreseeable future. Yet the pressure for companies to charge ahead with cloud-driven innovation, while giving security issues comparatively short shrift, remains intense.

Clearly something has to give.

A New Paradigm

For more than 20 years, companies have, by and large, bought into the notion that they have to take a layered approach to network security. The best way to curtail network breaches, companies were told, was to install strong firewalls, and then pile on dozens of layers of defenses on endpoint devices, servers and applications. The approach is called “defense in depth.”

Defense in depth, and the legacy security systems that go along with it, have been pushed to the brink of obsolescence.

In a recent survey of 1,900 security professionals conducted by Crowd Research Partners, only 16 percent of organizations reported they believe their current security can protect them in the cloud, with 84 percent saying their security measures had, at best, limited capabilities in the cloud computing environment.

A new paradigm for securing business networks — one that weaves security into the dynamics of cloud computing — is desperately needed.

The encouraging news is that the fundamental components exist to do this. They are actually a by-product of the digital transformation: mega data sets. Security vendors increasingly feel that the application of big data analytics techniques to secure business networks is the future of infosec.

Encouraging Advances

A cottage industry of innovators backed by deep-pocketed investors is hard at work developing, refining and promoting cutting-edge security systems designed to match the agility and scalability of cloud computing.

I wrote recently about how Oracle, as part of its push to become a major cloud services infrastructure supplier, recently unveiled technology that uses machine learning to continually monitor databases from within. The mission: to steadily become ever more precise at identifying any malicious activity.

Seattle-based ExtraHop Networks, similarly, has developed network scanning systems specially tuned for hybrid networks that co-mingle legacy and cloud-based resources. ExtraHop spotlights critical areas keeping close track of who’s accessing sensitive areas and scrutinizing how they behave. Through advanced machine learning, the company intends to make these systems smarter and faster, and thus able to keep up with ever rising loads of incoming data.

We’re in very early days for this new approach, and there’s a long way to go. One of the most telling benchmarks is false positives. It seems logical that the innovators that can minimize false alerts, while maximizing protection, will be the ones to thrive in this space.

Security startup Demisto, founded in 2015 by four McAfee alums, has begun tackling false alerts where they are causing the most headaches — in Security Operations Centers, or SOCS, operated by large enterprises. Demisto’s technology leverages automation to extract useful intelligence from more than 160 security products. This intel then becomes source material for “playbooks” designed to help security analysts triage security alerts much more efficiently.

Technology is only part of the long run solution, of course. Robust cyber hygiene policies and effective continuous training must also become a part of corporate culture to meaningfully stem the tide of cybercrime. That said, we’re at a critical juncture where every step in the right direction matters.