Virtualization Technology News and Information
Article
RSS
2015 Cloud Predictions from dinCloud


 

Virtualization and Cloud executives share their predictions for 2015.  Read them in this VMblog.com series exclusive.

Contributed article by Garret Grajek, CSO at dinCloud

2015 Cloud Predictions from dinCloud

A recent survey by the BT Group, revealed a major dilemma facing our community in 2015: 79% of respondents said they're adopting cloud storage and web applications in their businesses. However, in study titled, "What's Holding the Cloud Back" by Intel, 80% of respondents "identify security and ease of deployment" as the primary obstacles to cloud computer adoption.

The security of the cloud will be the discussion on everyone's lips in 2015.

Cloud is the Obvious Part - But How to Secure It?

The BT Group's survey states, almost 80% of medium and large-sized enterprises are moving to the cloud for storage and web - but, at the same time, the IT community does not feel the industry has resolved the security issues.

The real battle for security and IT sustainability will be fought by the cloud vendors.  These vendors, including my company, dinCloud, exist to find a solution of accessible IT resources, in a secure manner with a price model which is acceptable to their consumers.

To meet this challenge, cloud vendors will have to break down the problem in (3) parts:

  • Protect from outside threats to the cloud space
  • Encrypt and monitor activity once users have entered the trusted network
  • Provide high-availability and backup

Outside Threats Will Increase

In 2014, we have seen major attacks on all cloud resources - from big names like Apple iCloud and eBay, to smaller names like EverNote and SnapChat - and what's worse is these attacks are increasing, not decreasing. The tools the hackers are using are readily accessible and being exchanged openly.  The RAND Corporation reveals cyber black markets have reached unprecedented levels of economic maturity and growth, and reported the below findings in a 2014 report:

  • The cyber black market is not that much different than the traditional market, with participants communicating through various channels to place orders and obtain products
  • The cyber black market mirrors normal evolution of markets in both innovation and growth
  • For many, the cyber black market has become more profitable and thus replaced markets such as the illegal drug trade.

To this end, the need for the cloud will increase - not decrease. There is no way an individual enterprise, especially in marketplaces like education and medical, can keep up with these attacks.

Enterprises Need to Protect Against Outside Threats

Enterprises have to start understanding, inspecting, and blocking (when necessary) relevant traffic from the outside.  And while it's a given that hackers will have new tools, cloud providers must have their own as well.

Enterprises will need to look towards IP Reputation (IPR). There are some good tools out there created by companies like ThreatSTOP and Norse that not only keep a record of malicious addresses, but can also process requests from sites in real-time. These tools input and collate malicious attacks from 1,000s of entry points across the globe to provide real time analysis of the sources that are entering the network.

When dinCloud set up its network, this is one of the first technologies that we looked at when building out a more secure cloud. By evaluating network requests and dropping the sources that come from known malicious sites, the internet equation becomes that much more secure. Once the source is identified, a true Authentication/Authorization/Accounting (AAA) system must be put in place, for all users, and ALL points of access.  Our friends at Target can attest to that - given the breach was via the HVAC system that allowed access to the corporate network. Different levels of access require (by both security standards and best-practices) different levels of 2-factor authentication, but all resources should have some additional access above traditional username/password access.

Moving forward, all clouds should have all access from its customers be governed by 2-factor authentication, because in the multi-tenanted cloud, enterprises are only as secure as the security practices of the adjacent neighbors who are sharing the facilities.

But a Crunchy Outside, Soft Middle is No Security

Traditional security has started from the outside, with firewalls and authentication, but this is where the cloud has to step up its game - and can.

For example at dinCloud, we started by delineating EACH hosted cloud with its own dedicated set of SSL VPNs, firewalls and routers. In this scenario we can mitigate breach spill-over and insure confidentiality and security to each enterprise. Much the same way a naval vessel incorporates bulkheads and partitions to insure that a breach on one segment does not cause damage to other unaffected areas.

This segmentation and partitioning is paramount to a secure cloud design, and one that other enterprises and cloud vendors need to deploy.

Once inside the segment, it's imperative to implement security procedures in these trusted zones.  This is another growth area for 2015. Just as outside traffic will be more inspected by the IPR tools described above, intelligence on the actions and behaviors of traffic inside the network will have to be elevated.

Anti-virus and malware detection should be offered on all servers and hosted desktops. In addition, intelligent IDPS (Intrusion Detection and Prevention Systems) will have to be installed on all internal network segments. This includes both enterprise and department segments - the latter which are a typical "honeypot" for attackers looking for the weak link in the chain.

Finally - What are We Doing with the Data?

Encryption and backup is the last growth area in security for 2015. Enterprises simply can no longer afford to leave data-at-rest unencrypted. This is all but too evident in the all of the large PII (Personal Identifiable Information) attacks of 2014, such as Home Depot,  Neiman Marcus, Michaels, Feedly, and P.F. Chang's.

Enterprises simply can NOT leave their data unencrypted and this is once again, an area where cloud service providers can help. Migrating from a non-encrypted environment to a secure, encrypted environment is behind the scope of most enterprises - and thus a growth in cloud data storage is foreseen for 2015.

Of course, there is more than one way for an attacker to wreak havoc.  For example, with the "Code Spaces" cloud tragedy, an attacker seized the company's Amazon console and held the company hostage over threats of deleting all storage. The company didn't give into demands, and the attacker deleted all of Code Spaces IT assets.

Enterprises need to insure they have FULL data recovery, not just for their data, but for their servers and storage too. Once again, this is where we will see large growth for cloud services, because they are already set up to enact full scale data and server recovery. But, for the enterprises that are playing catch up on data recovery, a move to the cloud, where the services are already available, will make the choice even more obvious.

The Future is A Secure Cloud

Most articles details the cost benefits for a cloud move, but the real saving for moving to the cloud could be reputation. A well-managed cloud with the proper security mechanisms built-in, provides a systematic approach and quantified mechanism for securing against the latest attacks.   An enterprise starting from scratch on these is simply no match.

Final prediction:  cloud providers that offer secure services as part of their "on-demand offerings" will be the growth leaders in 2015.

##

About the Author

Garret Grajek (ggrajek@dincloud.com) is the Chief Security Officer at dincloud, a cloud service provider and transformation company that helps businesses and public/private organizations rapidly migrate to the cloud through the hosting of servers, desktops, storage, and other cloud services via its strong channel base of VARs and MSPs. Visit dinCloud on LinkedIn: www.linkedin.com/company/dincloud. 

Published Tuesday, November 04, 2014 6:32 AM by David Marshall
Comments
@VMblog - (Author's Link) - February 10, 2015 7:00 AM

Once again, how great is it to be a part of the virtualization and cloud industries? 2014 was another banner year, and we witnessed a number of fantastic technologies take shape and skyrocket. And I, along with many industry experts and executives, media

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2014>
SuMoTuWeThFrSa
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456