How Cloud Shifts Security Balance of Power to the Good Guys - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:00 AM
Barbara Darrow, senior director of communications, Oracle
Barbara Darrow, senior director of communications, Oracle

How Cloud Shifts Security Balance of Power to the Good Guys

Cloud providers have the resources to fortify their data centers and hire armies of security pros, but they wield other powerful weapons to protect customer data.

Anyone who has followed tech trends over the past few years probably can recite a litany of reasons companies should turn to cloud computing instead of running their own data centers.

That list includes the intertwined notions that cloud computing can be significantly cheaper and much more flexible than the traditional company-run data center model.

The biggest cloud counterargument posed by many IT pros — sometimes known as “server huggers” — is that companies are better able to secure their own gear and data than any third-party provider.

That is not turning out to be the case. Aside from the generally accepted idea that cloud providers can offer better physical security for data centers and hire more security specialists than even their largest Fortune 500 customers, there is now considerable evidence of what cloud providers offer in terms of security. Because a large cloud provider sees a ton of traffic and data usage patterns, it is better able to detect anomalies than any one of its customers could on its own. This is true even though cloud providers do not actually “see” customers’ encrypted data itself.

Cloud players may now have advantage in hacker wars

Many people see the black hat/white hat struggle to break into or protect data as never-ending spy vs. spy one-upmanship. In their view, the bad guys and good guys take turns using the same increasingly smarter tools to attack and defend data stores.

But others now argue that cloud changes that equation drastically and shifts the power balance in favor of good guys.

At a recent Center for Strategic and International Studies event in Washington D.C., Edward Screven, Chief Corporate Architect at Oracle, said the idea that there is rough parity between attackers and defenders is no longer accurate.

Companies that handle troves of customer data and traffic have aggregate knowledge of usage patterns that no hackers can replicate, he argued. To attain the same level of detail across customers, bad guys would have to access myriad customer data centers.

 “We can learn from the legitimate behavior of our users, and that gives us an advantage,” Screven said.

Nor is it easy for companies that run their own data centers using diverse hardware and software to keep all that gear updated and patched. That means hackers can roam from company to company in search of vulnerabilities to exploit, and all too often, find them.

Last year research found that 60% of companies that suffered a breach attributed it to the use of unpatched software. “It is very difficult for most organizations to apply updates and patches as quickly as attackers can turn them around for exploits,” James Lewis, senior vice president of CSIS and director of its technology program said after the event. “It’s a race that large enterprises can almost never win.”

Thus, anything that can ease and speed patching and updates will shift the balance of power in favor of data defenders over attackers.

Investment and stakes in cybersecurity are sky high

An executive with a major IT services company agreed that cloud has changed the game in data security.

“There is a combination of scale and a level of importance to the business that prompts cloud providers to create security teams that rival the Pentagon’s,” he said. If these providers screw up on security, their businesses will suffer. This executive requested anonymity because he is not authorized to talk on this subject.

“Cloud providers are collecting [digital signatures], and applying pattern recognition on types of traffic,” he said. “Their ability to isolate traffic based on time of day, type of customer, geography and other factors, will all come in handy in keeping data secure,” he said.

Bill Kleyman, executive vice president of Digital Solutions for Las Vegas-based Switch, a large data center operator, agreed that large cloud providers can aggregate data, which gives them enhanced visibility into what’s going on in the network, and thus potentially be better able to counteract cybercrime.

The downside to all that aggregation, he said, is it “paints a big target on your back.”

Kleyman believes the pendulum will continue to swing between centralization and decentralization, which means businesses must prepare for a hybrid world.

Barbara Darrow, who has reported on business technology for more than 20 years, is now a senior director of communications for Oracle Corp.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll