Peter Jopling, CTO and Software Security Executive, IBM UK & Ireland, talks about threats to cloud infrastructure providers, the importance of real-time data analytics, illustrates the way cloud enables cybercriminals to expand the scope and size of their attacks, and more.
What are the most significant threats every cloud infrastructure provider has to face on a daily basis?
Cloud Infrastructure as a Service (IaaS) has a number of challenging security problems to mitigate against:
- Logical and physical isolation – How do you ensure isolation of data in multi tenant environments?
- Securing virtual machines – Ensuring there is no “data leakage” from hypervisors or cross contamination with malware.
- Patching of default images – In the ever changing threat landscape how does the service provider ensure that the latest patches are loaded in a timely manner when there may be 10’s or 100’s of virtual images running on a machine?
- Encrypt stored data – How can service providers ensure data stays “secure” ie; encrypted and that the encryption keys are changed in a timely manner? Lastly, when the service is no longer required, how to ensure all the data is securely erased from all the virtual machines.
- Access self service portals – Self service is paramount in reducing operational costs for IaaS, yet robust access needs to be implemented to accommodate different ways of authentication depending on the sensitivity, rights of the user and regulatory compliance needs.
- Monitoring logs on all resources – This is critical as just collecting data logs adds no business value except in “box ticking”. Business value is achieved by real time anomaly and behavioural detection, preventing or eliminating the unusual activity as opposed to merely collecting historical logs.
- Defence of network perimeters – Another critically important aspect, defending the multi-tenant environment against generic and focused cyber attacks.
Are real-time data analytics the answer to tackling the security issues in the cloud? How can they help?
Real time analytics are absolutely needed in a dynamic IaaS environment as organisations will be activating and de-activating services as operational needs change. This means there is considerable real time fluidity in the environment and the ability to consume vast quantities of data as we move ever closer to the “Internet Of Things” with more devices and assets becoming internet enabled. Anomaly and behavioural detection will be the only pragmatic way to understand the implications of a security incident in such a dynamic environment.
How does the cloud enable cybercriminals to expand the scope and size of their attacks?
IaaS potentially exposes vulnerable applications. IBM X Force Research last year showed that over 50% of applications contained some vulnerability that could be used to compromise the application. Cloud IaaS constantly exposes APIs to connect services to each other – again, care must be taken in how these are exposed and defended. Of greater concern is the potential sharing of databases within an IaaS environment leading to potential attacks from account take over, privileged user access and orphaned user ID accounts (unused accounts that are still active) take over by cyber attackers.
Can we expect the cloud to make security easier in the long run or will the underground ultimately exploit it to its advantage?
Security is only as strong as its weakest link, this might be a technology or a procedure. As we connect more services to cloud based delivery this opens up a plethora of ways in which an attacker can breach the infrastructure. Additionally, cloud can be used to protect – with heterogeneous cloud based security services more data can be consumed in real time allowing faster analytics on a plethora of security issues.
Generically, a pragmatic approach is needed to security based on asset value and risk of exposure. This may be fundamentally different for a personal user than a corporate organization needing to comply with differing regulatory needs geographically. One of the key challenges is how applications and users authenticate.