How Cloud Shifts Security Balance of Power to the Good Guys - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
Commentary
4/11/2019
10:00 AM
Barbara Darrow, senior director of communications, Oracle
Barbara Darrow, senior director of communications, Oracle
Commentary
50%
50%

How Cloud Shifts Security Balance of Power to the Good Guys

Cloud providers have the resources to fortify their data centers and hire armies of security pros, but they wield other powerful weapons to protect customer data.

Anyone who has followed tech trends over the past few years probably can recite a litany of reasons companies should turn to cloud computing instead of running their own data centers.

That list includes the intertwined notions that cloud computing can be significantly cheaper and much more flexible than the traditional company-run data center model.

The biggest cloud counterargument posed by many IT pros — sometimes known as “server huggers” — is that companies are better able to secure their own gear and data than any third-party provider.

That is not turning out to be the case. Aside from the generally accepted idea that cloud providers can offer better physical security for data centers and hire more security specialists than even their largest Fortune 500 customers, there is now considerable evidence of what cloud providers offer in terms of security. Because a large cloud provider sees a ton of traffic and data usage patterns, it is better able to detect anomalies than any one of its customers could on its own. This is true even though cloud providers do not actually “see” customers’ encrypted data itself.

Cloud players may now have advantage in hacker wars

Many people see the black hat/white hat struggle to break into or protect data as never-ending spy vs. spy one-upmanship. In their view, the bad guys and good guys take turns using the same increasingly smarter tools to attack and defend data stores.

But others now argue that cloud changes that equation drastically and shifts the power balance in favor of good guys.

At a recent Center for Strategic and International Studies event in Washington D.C., Edward Screven, Chief Corporate Architect at Oracle, said the idea that there is rough parity between attackers and defenders is no longer accurate.

Companies that handle troves of customer data and traffic have aggregate knowledge of usage patterns that no hackers can replicate, he argued. To attain the same level of detail across customers, bad guys would have to access myriad customer data centers.

 “We can learn from the legitimate behavior of our users, and that gives us an advantage,” Screven said.

Nor is it easy for companies that run their own data centers using diverse hardware and software to keep all that gear updated and patched. That means hackers can roam from company to company in search of vulnerabilities to exploit, and all too often, find them.

Last year research found that 60% of companies that suffered a breach attributed it to the use of unpatched software. “It is very difficult for most organizations to apply updates and patches as quickly as attackers can turn them around for exploits,” James Lewis, senior vice president of CSIS and director of its technology program said after the event. “It’s a race that large enterprises can almost never win.”

Thus, anything that can ease and speed patching and updates will shift the balance of power in favor of data defenders over attackers.

Investment and stakes in cybersecurity are sky high

An executive with a major IT services company agreed that cloud has changed the game in data security.

“There is a combination of scale and a level of importance to the business that prompts cloud providers to create security teams that rival the Pentagon’s,” he said. If these providers screw up on security, their businesses will suffer. This executive requested anonymity because he is not authorized to talk on this subject.

“Cloud providers are collecting [digital signatures], and applying pattern recognition on types of traffic,” he said. “Their ability to isolate traffic based on time of day, type of customer, geography and other factors, will all come in handy in keeping data secure,” he said.

Bill Kleyman, executive vice president of Digital Solutions for Las Vegas-based Switch, a large data center operator, agreed that large cloud providers can aggregate data, which gives them enhanced visibility into what’s going on in the network, and thus potentially be better able to counteract cybercrime.

The downside to all that aggregation, he said, is it “paints a big target on your back.”

Kleyman believes the pendulum will continue to swing between centralization and decentralization, which means businesses must prepare for a hybrid world.

Barbara Darrow, who has reported on business technology for more than 20 years, is now a senior director of communications for Oracle Corp.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll