If you’re reading this blog, I assume you have some vested interest in cloud-based computing. Whether you’re an IT professional weighing the benefits of migrating certain applications or functions into a virtual environment, a practitioner seeking the pulse and best practices within the industry or a manager interested in SaaS, security or next gen platform ideas, this blog is for you. However, instead of yet another blog about cloud-computing, per se, this one will concentrate on the burgeoning new paradigm of cloud-based security…or security functions managed and controlled in private, public or hybrid clouds.
And as we discuss about security-as-a-service and other related issues, I’ll tend to focus on a few major areas such as SIEM, Identity Management, Access Management, Single Sign On (both SaaS and Web) and Log Management. Additionally, we’ll be looking at the potential benefits, challenges and other relevant issues pertaining to IT asset protection.
For instance, consider what happened to the major shoe retailer Zappos a few months ago. After getting hacked and exposing its customers personal details and data, it quickly moved to neutralize the damage. The company voided and reset customer passwords so that new ones can be created. The question bears was this situation avoidable? Of course it was. Now it is accepted that no system, cloud-based or otherwise is immune from innovative and industrious ne’r-do-wellers. However, there were some steps an enterprise as large as Zappos could have undertaken to minimize their exposure.
The first question is how well did Zappos assess their own vulnerabilities prior to the intrusion. Obviously, not well enough. However, since I am not associated with Zappos, I can only speculate, but I can share a best practice from the cloud that would reduce your potential exposure to a similar attack. Ensuring you have 24/7/365 monitoring would certainly reduce the risk, but more specifically, make sure you employ a scanner (like OpenVAS or Nessus) which discovers and assesses the vulnerabilities and gives you the link of a solution to fix the problem. Of course it needs to update daily to best defend against the latest vulnerabilities. Any company also needs a Host intrusion detection system where it can configure applications logs to send for analysis. This is so you can disregard the white noise of safe and routine logs and system transactions, but correlates rules that determine what IS and what IS NOT suspicious traffic. Once you have them defined and categorized, then you can create a proper alert, action plan and defense.
Now of course, managing this all from the cloud is what this blog is all about. The first thing is to accept this new paradigm as the way all security will be managed in the future. No, you say. My organization is too big; my network to complex. Isn’t that the same things you were saying 10 years ago when forward thinking companies like salesforce.com and Google were putting applications in the cloud. Now they are part of our everyday IT lexicon. Security is simply the next, logical step from mainframe to enterprise and now to the cloud. But we can (and will) debate this another day. The cloud advantage here is the variety of automations, streamline processes and, in the cost-conscious times, considerably less expensive. So, if a cloud-based security solution can do everything an on-premise system can do for a fraction of the cost and not sacrifice security viability, why not investigate it further. I bet Zappos wish they had.
And…while I have your attention I would invite all of you to not just follow this blog, but we have an open discussion group called Cloud Security on Facebook that we welcome you to join.
By Kevin Nikkhoo