Cloud Security

Security at scale for the enterprise: Borrowing a page from home security handbooks

Unfortunately, we are getting too accustomed to seeing headlines about companies getting compromised and their consumer data or intellectual property falling into the hands of bad guys. Organizations are losing the battle against the hackers.

Why is this happening when the industry is throwing its brightest people and substantial resources at the problem? Frankly, the tools that organizations have relied on to protect their networks are antiquated and no longer work. Many of these solutions were designed in the “good old days” when the assets being protected all were behind the corporate firewall. That world no longer exists.

Much has changed in recent years. The corporate perimeter has expanded drastically to what I like to call the “cloud perimeter” as enterprises evolve to support internet commerce, internet hosting, web-based business services, mobile devices, and social networks. In short, the attack surface available to hackers has vastly increased in size and continues to grow organically as business units lean on the web to become more efficient and agile. 

The multiplicity of internet-facing systems and the sensitive traffic that flows between them gives hackers a target-rich environment.  And once inside, they are very difficult to eradicate, staying for months to make the most of the infiltration, and then leaving methods for re-entry once you think they've been defeated.

In this new world the challenge is threefold. First, we must get a complete view of our organization's cloud perimeter, which is often off-premises and ever-changing. Second, we must continually monitor these assets and their traffic flows, evaluating them with an awareness of the specific attributes and security posture of each endpoint system. Third, we must be able to detect anomalies and quickly act.   

Unfortunately, “old guard” solutions don't make the grade in this new world. They don't give us a reliable way to inventory the assets on our cloud perimeter, are too complex to install and maintain even once you do have visibility, and rely on generic firewalling techniques that are not sensitive to the attack vectors specific to a given endpoint type. 

Interestingly enough, home security systems offer a model for the direction that enterprise security needs to evolve. My son's home was burglarized recently. In response, he bought an off-the-shelf solution that includes mobile monitoring for several hundred dollars. A few years ago that would have cost 5-10 times as much in hardware, installation and service.  Home security has become affordable, easy to deploy and control. This is because they combine low-cost cameras and sensors, wireless networks for easy installation, and centralized alert-based control via the internet.

In the same way that the cloud enables better protection of the home, it can help secure the enterprise. Cloud-based security offers several advantages to legacy solutions, including endless scalability, continual monitoring, centralized management, and the use of Big Data computing power to identify new threats. Also, because the heavy lifting is done in the cloud, the “sensors' in the enterprise security world can be software-based and lightweight, running on anything from a server farm to a smartphone, allowing for a standardized approach covering all endpoints.   

So, perhaps enterprise IT should borrow a page from the home security handbook, using the benefits of the cloud to solve the security issues created by an internet-based world. Indeed in time we may look back at the exploits of the last few months as a tipping point towards a world using cloud-based security.
Philippe Courtot

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor’s Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign’s payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe’s direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life-saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a master’s degree in physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.