Everything I Know About Cloud Security I Learned from Star Trek (Part 1)

Aside from the expendability of red-shirted nameless extras, is there any wisdom about security that can be gleaned from the iconic television show Star Trek?

Last month we hosted a webinar that explored such a theme and discovered there are a plethora of best practices that mirror the security issues and challenges being experienced by IT professionals today. Obviously it’s not about about alien life forms invading the starship Enterprise (unless you define aliens as malware or botnets) or how the transporter split Captain Kirk in to good Kirk and Evil Kirk (unless you consider the lesson of encrypting data in transit). However many of these adventures can easily be extrapolated into usable policies and strategies that can be used in a cloud-security (security-as-a-service) configuration.

First off, let’s consider the cloud itself. Is it viable? Is It safe? Well Kirk thought so. When (in Star Trek II: Wrath of Khan) the Enterprise was outgunned, systems failing left and right and matching up against a threat bent on its destruction, what did the crafty captain do? Right! He headed for the cloud. In this case a giant nebula that allowed him safe harbor and a way to even the odds against the scurrilous Khan.

In today’s evolving IT environment, the cloud is likely a considerable or growing segment of your overall IT strategy. In most cases it is the inclusion of various applications. Whether it is data shared across the enterprise (yes, I realize the pun!!!) in a SaaS like Salesforece.com or access to files in Google Docs or a customer portal via your website, you have determined a level of trust with the cloud. The next step paradigm shift is using the same trustworthy platform to manage your security. The benefits are much the same as with their application counterparts. There is considerable cost savings. There is incredible resource surplus (in terms of personnel time, maintenance, reporting and updates). There is solid compliance performance. And there is expanded functionality and service many companies could not otherwise afford.

But you are reading to get some Federation insight!

Let’s consider the Tribbles. Yes, those cute fuzzy, purring balls of fluff from the famous episode The Trouble With Tribbles. If you recall, the Enterprise was called to an outpost to help secure a valuable grain. Since the station was in the Neutral Zone, the Federation’s arch enemies the Klingons, were also on the station. Security was so worried how the Klingons were going to hijack the grain, no one recognized the threat of the innocuous Tribbles.

The best practice here is to develop a set of policies that filters the events and issues you that present risk you care about. Your system might log thousands and thousands of pings and events, most of it generally harmless; you need a means to filter out the innocuous and only monitor defined issues.  In every enterprise there’s several devices routers, firewalls, workstations, servers, intrusion detection and prevention systems, and all these generate a multitude of events. But what is valuable information and what is noise?  Do you really care if someone successfully logs on to a system and then logs off? Do you care if there is a port on your router that is getting turned on and off during the normal course of business?  What you really want to do is get rid of all this noise and focus on what’s truly important for you.

Now for you fans of Star Trek Next Generation… Your IT landscape is more than your network, more than your applications, more than individual protocols… it is a large evolving, complex entity. Much like the Borg.  And it is the perfect allegory of learning this lesson. For those who remember, the Borg is a group of cybernetic organisms that intrude, take over and assimilate a species into its collective….like a virus. But the lesson is that the whole is far more dangerous than the sum of its parts and you run into a much greater danger if you don’t recognize the danger by correlating your intelligence across the enterprise.  By destroying a single Borg drone or even an entire ship doesn’t combat the larger Borg stratagem. You lull yourself into a cocoon of protection, but because you looked at information in silos, you never saw the Big Plan and you end up with a can opener for a hand.

You may have strong intrusion detection/protection; you might have strong network traffic analysis, you might have state-of the art authentication controls, but if you audit each on an island, you still run the risk of potential issues falling through the cracks. The sign of a mature, compliant enterprise is how you can granularly analyze the big picture. This is called situational awareness. One flag in itself might not be troubling, but when correlated and seen in context with minor anomalies in other seemingly unrelated sections, you can properly recognize (and therefore properly remediate) threats.

Want more…above was just 2 of the 10 best practices taken from our white paper “Everything I Know About Cloud Security I Learned from Star Trek.” You can download Part I (the first 5) from the CloudAccess website HERE. Next week, we’ll follow up with Part 2!

Also it’s not to late to register for our webinar THIS THURSDAY on Threats and Countermeasures. We will be dissecting and dissects some of the most injurious IT threats and provide some cloud-based countermeasures. You can read more and register on the Webinars and Other Events tab above. I hope you will join me.

Kevin Nikkhoo
http://www.cloudaccess.com