Using the same approach as Cyber threat creators to fight them

Pushing the boundaries of modern computers at computex
Pushing the boundaries of modern computers at computex.

Using the same approach as Cyber threat creators to fight them. (Image Credit: Darryl Linington).

The same model of sharing data and intelligence employed by those who create the threats to our organisations should inform our approach to meeting them head on. And cloud gives us a key means to do this, writes Trevor Coetzee, regional director, South Africa and sub-Saharan Africa, Intel Security.

Earlier this month, Intel Security released “Blue Skies Ahead? The state of cloud adoption” – a report that illuminates the opportunities, challenges, and barriers to cloud adoption internationally. Collated from respondents in eight countries, the report details the current sentiment of 1200 “IT decision-makers with responsibility for cloud security in their organisations”.

Key findings
Respondents showed positivity and trust towards cloud services, with over three-quarters reporting trusting cloud computing more than a year before. And this is reflected in the earmarked budgets too: respondents said that as much as 80% of their organization’s IT budget is likely to be dedicated to cloud computing services in 16 months’ time, and 96% of respondents expected organisations to increase their cloud investment. Private cloud dominated current deployment (with 51%), and infrastructure-as-a-service (IaaS) appears to be getting the bulk of the attention in terms of investment planning. Business intelligence and financial accounting were the most commonly stored data types.

Despite these positive leanings, as many as 13% of organisations simply do not know if they have “sensitive data” stored in the cloud, and 23% have experienced “unauthorised access” of their data or services. Shockingly, 20% of respondents believe that their organisation’s top executives – the “C-suite” – has “no awareness of or does not fully understand the security implications of the cloud”.

Local factors
South Africa was not one of the countries from which respondents were drawn, but I can tell you from Intel Security’s local and regional experience that many of the same themes and key messages emerge from our organisations as those surveyed. There has been a growth in the trust that our IT decision-makers have in cloud. There is a drive towards shifting storage and even key operations to the cloud – from infrastructure, to software, to a platform, all “as a service”.

Although traditionally, we speak of SA as somewhat conservative and perhaps slower to jump to new things, with cloud the uptake is relatively quick. In fact, it’s more likely other factors – like broadband connectivity – holding us back. We need cost effective bandwidth to utilise these tools. Fortunately, the options thereof are also diversifying and improving.

Secure at all levels
Larger enterprises are shifting to cloud quickest, and are making sure they can provide the relevant security into the cloud environments. Many cloud providers only provide security from the perimeter; they don’t necessarily offer built-in security for the servers that you rent, or the services you are getting. That is still often the responsibility of the end user or renter.

A sensible approach
So, if your company is speeding up your cloud adoption, remember to think of cloud as an extension of your organisation, subject to the same threats and vulnerabilities as your internal network would be.

IT managers and CIOs need to know that the same level of visibility is key: They need to understand what is in the cloud, what protection mechanisms there are, and what data is stored there. They have to make sure that they can protect the data from both uploads and downloads, making sure that that data flow is secure. And then consider accessibility, specifically who has access. The ability to protect, detect, and correct any threats is just as vital, making sure you don’t have data leakage, or malware running in your system. Finally, if there is a breach, how fast can you react? Do you have the functionality to automatically protect your infrastructure?

The hacker’s model
Cloud is an opportunity to change our model around security intelligence. Companies tend towards secretiveness. They take a distinctly negative view of sharing knowledge outside of their organisations, especially in competing environments where intellectual property (IP) is king and insight is a competitive advantage.

Contrast this with the people who create the threats we fear. Cybercriminals share info and insight relatively freely. They learn about the latest malware – code, entry points, tactics – from a broad community of hackers who develop, and often boastfully share the technology. Even new or low level attackers can thus lever existing malware for maximum impact. There’s no need to reinvent your own bespoke wheel, so to speak, and so these attackers can quickly employ or even innovate on the latest threat technologies.

The attackers benefit from advantages in the best of class tech at their disposal, in their shared experience, and from a resources perspective because of the “freelance” nature of most cybercriminals. Companies, on the other hand, compete for scarce resources and skills, and operate in knowledge siloes.

Cloud collaboration
This is where cloud can come in. The big data capabilities of cloud, the scale and agility stemming from the pooled resources that so often form part of the model – all of these allow companies and organisations to take back some power.

Ultimately, the cloud is a big data platform for threat intelligence gathering, sharing collective knowledge and experience, enabling assessment and predictive analytics, and artificial intelligence or machine learning. In the case of the later, anticipating attacks and even automating certain responses frees teams up to focus on higher level threats and make the most of their finite human resources’ time.

One step further
Cloud gives us this built right in, but we can make the most of it if we rethink our attitudes towards our peers and competitors. We tend to be very insulated in companies, and battle to share intelligence. We’ll have to overcome this to defend our networks and data effectively in future. CIOs need a much more open forum to learn from each other. Thankfully, we are beginning to see a degree of this more and more, especially within verticals. The financial services vertical, for example, has begun to see the benefits of sharing intelligence.

Intelligent cloud security combined with strategic knowledge sharing will enable organisations to swiftly analyse and identify attacks as they happen, to pre-empt what attackers might be after, and finally to better prepare for new threats yet undeveloped—taking back those critical advantages of technology, experience, and resources.

By: Trevor Coetzee, Regional Director of Intel Security South Africa and Sub Saharan Africa.