The Sixth Flag, Inc. today revealed its model of
Cell Structure Security
to secure its Workspace-as-a-Service in the Cloud. Recognizing
traditional approaches to securing the cloud and enterprise networks are
still falling short,
Pete Kofod,
founder and CEO of The Sixth Flag, has found that this concept, which
he developed from experience in the military, to be highly effective in
securing his Workspace-as-a-Service.
"A cell structure
is a system that is highly resilient to external compromise and severely
limits the ability of an attacker to further exploit the organization
beyond the cell. Should the cell be compromised, the parent
organization immediately isolates and collapses it. This is a concept
regularly employed in clandestine warfare, which we have adapted to the
securing of our virtual workspace," says Pete Kofod, Founder of The
Sixth Flag, Inc.
The industry response to advanced persistent
threats has been to continue to focus on hardening single points of
failure, including central authentication systems. While this is
certainly a worthwhile activity, little has been done to mitigate the
consequences of inevitable compromise. "It's not good enough to harden a
system against an attack," Kofod explains. "You must also have a
process that contains the effects of an inevitable breach."
Pete
likes to point out the following paradox: "If the systems that employ
multiple layers of security all rely on the same single 'Central
Authentication' mechanism, the question that never gets asked is whether
those systems actually provide independent layers of defense, or
'Defense in Depth.' This is not an academic exercise. Recognizing the
criticality of authentication systems, attackers have spent significant
resources on compromising them, often successfully."
The remote
user is often an initial target and while systems such as Time-based
One-Time Password (TOTP) protect against compromise of user login
credentials, they do little to protect the underlying authentication
system.
The Sixth Flag applies Cell Structure Security to its virtual workspaces, transforming the Cloud into a security asset. In a bold prediction, Pete Kofod states that "2016 is the year the cloud will be considered an asset rather than a liability."