The cloud has received a lot of negative press from security professionals and, I have to admit, we’ve come off a bit strong. There are real and valid security concerns for the cloud, but there are also plenty of articles explaining how to combat these challenges. With such resources, the informed person should be equipped to evaluate cloud security and the cloud’s acceptability as part of the organizational technology portfolio. Instead, I want to introduce you to the ways that the cloud can be used to improve information security.
You are probably well aware of the cloud’s ability to leverage distributed resources and to expand organizational technology footprints with minimal lead-time and a relatively linear increase in cost. The cloud’s flexible cost and inherent scalability contrast with traditional IT scalability models where increases in storage or computing power required significant preparation and high capital costs at specific growth thresholds. What is less known, however, is how the cloud is improving security. The same methods that create efficient and rapid scalability allow for fast response, risk dispersal and continuity through cloud-based DDoS protection, anti-malware detection, and cloud archiving.
The hacker’s cloud
Attackers are using their cloud of sorts. It consists of millions of bots, also known as zombies, that are encapsulated and distributed through malware. These bots are managed and controlled to perform powerful, coordinated attacks on organizations with ease. The most well-known bot-based attack is the Distributed Denial of Service (DDoS) where an overwhelming amount of traffic is sent to a site or network to prevent legitimate traffic from being processed. Such attacks can be quite harmful to organizations that rely on an Internet-facing application to make sales or perform business operations. An organization has little defense on its own as its computing and bandwidth resources can quickly be consumed, but the cloud has come to the rescue. Cloud DDoS prevention services allow for traffic to be redirected to large bandwidth networks with plenty of resources to absorb a DDoS attack if and when it occurs.
Just as we have seen great works such as Wikipedia created through the combined efforts of many persons distributed through the Internet, we also see the perpetuation and rapid enhancement of malicious tools and techniques through millions of iterative improvements offered by cyber criminals connected to the same Internet. The cloud combines threat response capabilities of antivirus and spam detection systems around to the world to coordinate, analyze and protect against new forms of malware and new variations of spam and phishing messages. These cloud services may be integrated into the anti-malware and perimeter defense mechanisms you have in place right now, or they could be additional features that you can take advantage of with little extra cost and minimal or no additional hardware investment.
Cloud data breaches and incident response
Despite the preventative measures in place, most organizations will still suffer a breach of a loss of availability. For this reason, it is imperative that business continuity and backup operations be well-established, validated, and integrated into processes to allow for rapid recovery. The cloud offers methods to backup data to an offsite location without the costs of a secondary site and personnel. Furthermore, cloud services can also be used to host systems if the entire primary site is unavailable, allowing an organization to resume business quickly following a disaster or other significant event impacting critical business technology systems.
Next time you think of the cloud, remember how it can be used to enhance security and consider whether you are using the cloud to its full potential.