Cloud as an “Opporthreat” in IT Security

Every now and then in a decade we see what’s referred to as a “black swan event” when disruptive phenomenon occurs due to a new technology, characterized by Nassim Nicholas Taleb in his book, The Black Swan. The advent of the Cloud is one such trend which has shaped the “ubiquitous utility computing without walls”. In this new world without walls, a lot of the old rules and conventional enforcement models become insufficient, thanks to globalization and Googlization.

Look around the security market. The pace of change is stunning, driven largely by reductions, disruptions and innovations to business ecosystems that were once quiet. From manufacturing to retail to the technology sector itself, entire industries are being transformed as traditional business methods move to the web after being “cloud readied” in a rush to go to market.

The question of whether the security industry is a separate industry or is it just a subset of IT depends on who you ask – a practitioner or an analyst. Regardless of how one looks at it, security is not built as a feature within most of the key business applications. Therefore, a suite of security tools have to be applied to secure the business environment to safeguard privacy and uphold trust beyond mere regulations like CISPA (Cyber Intelligence Sharing and Protection Act) and SOPA (Stop Online Privacy Act). Once upon a time, everyone managed their own infrastructure on premise and the physical walls of the enterprise provided administrators with a definite perimeter. Then a process of “de-perimeterization” started once people began moving data centers off-site into collocation facilities and the like. This resulted in a set of opportunities (for vendors) and threats (for the businesses).

Cloud as an Opportunity
Thanks to virtualization, the need, speed and greed to get on a cloud of some sort has created an array of opportunities. The density of data centers increased because you could virtually fit more machines into a given space than you could physically fit in a room. Virtualization proved to be popular with businesses helping them reduces cost, and emerged as the “on ramp” to embrace cloud computing for on-demand virtualization. There were times when you needed more computing power than you were subscribed for and one way to provide that was by bursting into the cloud.

This stage was a natural extension of the previous stages. First you had a traditional program running inside a physical computer. That process got virtualized so that multiple programs were running within a computer within a premise. Finally, you have multiple programs running across computers across premises, and in that most abstracted way, in that last scenario, you basically don’t have an option, but rather, a mandate to run workloads intelligently by making them “identity aware.” Here is how “identity awareness” can be thought of – just as in a server’s run-time environment, every running process has a process identifier, every thread inside a process has a thread identifier, every fiber within a thread has a fiber identifier, the “unique identifier” concept can be applied to intelligently running workloads with the notion of a unique workload identifier (UWI). In summary,

1. On-demand virtualization –reduced cost of hardware and physical space
2. Cloud bursting - increased computing efficiency in the cloud; the best way to think of it is you own the base and you rent the spike (on demand)

In the cloud model, competitors are collocated on the same silos, so we have to bottom-up make sure that we keep their data channelized. The buzzword is “multi-tenant,” but that essentially means partitioning the data in a way, so that we can be continuously compliant and we have highly available systems that can be audited, logged, charged back and billed correctly. The way to ensure that is by making the workload intelligent and aware enough to know where it’s running, where it is allowed to run, who is allowed to access it, and what to do when there is a problem. In summary,

1. Tenancy model
2. Identity awareness

Mixed Workloads in the Cloud
Our present day contemporary computing environment transcends physical, virtual and cloud dimensions. Few noteworthy call outs:

• First, almost all the environments are a hybrid of physical, virtual and cloud. At present 70% is physical, 25% is virtualized, and a mere 5% is cloud, although these numbers will shift radically over the next couple of years. 
• Second, all of the three worlds co-exist in commercial environments. There is seldom an “all virtual” or “all cloud” environment. So, the trick is to make these environments seem seamless and interoperate with each other despite their heterogeneous stacks so that it reduces complexity for end-users and improves efficiency for its stakeholders. 
• Third, the workloads on the hybrid physical, virtual and cloud have to have consistency while performing “on premise" or “off premise” and its infrastructure is all connected by pipes that you no longer fully own or control.

Finally, in a world without boundaries, unless you intelligently manage your workload by making them “identity-aware”, you are out of luck. 

Cloud as a Threat
As much as the virtualization and cloud provided businesses with opportunities for cost savings and efficiency, it also sprinkled the spectrum with a set of threats that businesses have to combat. Again, the need, speed and greed to get on a cloud gives rise to new threats like cloud bots and botnets. There are "dark" for-profit clouds called cloud bots that run infected machines to spread malware, launch cyber attacks, and steal computing power from your private or hybrid clouds undetected.

All the broad business areas within the industry, i.e., products, managed services, professional services, integration services as well as journalism and analyst services have been affected by the cloud computing phenomenon.

• Security products built and sold in the industry to compensate for inherent product weaknesses are affected by the cloud model. Reasons are that in case of the cloud model, the insiders become the outsider, and vice versa, hence requiring re-thinking product features for end-users.
• Managed security services where commercial products and proprietary services are packaged to provide value-added solutions are affected by the cloud model. Reasons have to do with what worked on premise most like would not work off-premise, and vice versa. 
• Professional services that are common in the security industry are also affected by the cloud model. Reasons are commonly related to rates differential for onsite and offsite services rendered. 
• Analysts and reporters who exclusively focus on the conventional security have to re-think their recommendations, and are affected by the cloud model. Reasons again have to do with the market messaging stemming from the role reversal of insiders and outsiders in the cloud, which require re-thinking and re-writing the value proposition for tools.

Cloud as an Opporthreat
In a cloud environment, workloads (combinations of applications, middleware, and operating systems) become “fluid” and are subjected to shifting from one locale to another to optimize performance. With these dynamic and shifts at run-time, it becomes indispensable to maintain an equilibrium in the computing model plus the security model of the environment. This contemporary paradigm of computing has led to re-thinking IT security within the applications and within the infrastructure, as much as it has led to re-writing the rules of enforcing IT security on- and off-premises to protect the users, data and resources of businesses. Cloud has brought about as many new threats to mitigate as it has new opportunities to monetize.

Related posts by Dipto Chakravaty can be found here within Qmunity, plus don't miss his 'Solving Cloud Security: Your Nightmare, A Hackers Dream' webcast.

| Follow us on Twitter | Follow us on Facebook