AT EVERY security conference I attend, there seems to be a consensus that the insider threat is the primary problem, yet all the time and energy is still focused on encryption, password protection, protocols and the good old firewall. But in a dynamic world of outsourcing and transitory employment, the insider threat really is the bigger problem.
This is exemplified by the recent News of the World phone hacking scandal: it was weak security in the terminal and user environment that allowed it to happen. None of the reported penetrations demanded the use of hi-tech equipment or software; the acquisition of mobile numbers and PINs was engineered through observation and guesswork.
What can individuals and companies do to protect themselves against this threat?
First, everyone needs education on the techniques of hackers and industrial spies.
Second, technical solutions can aid the defence of any system, service and/or infrastructure. Ideally, gaining access should require something that is unique to one person.
All this extends from the mobile world into that of PC and LAN where laxity in matters of security is also rife, and the same simple hacking techniques apply. By being opportunistic, making a few observations, leveraging social engineering and perhaps applying some specialised software, the malevolence wins out every time.
So what of the cloud environment – why should it be any better? Here is an analogy to explain the protection possible inside and outside a firewall, or in a cloud with a non-conventional protection strategy and no firewall.
Suppose a burglar is determined to break into a secure building by picking the lock. The burglar gets out his tools and, a few minutes later, the last tumbler drops and he has gained entry. But he now finds himself in a room with little of real value, and is faced with another 10 identical doors. However, each door has a different brand of lock that is different to the one on the first door.
How does he choose the most productive door, and how can he be sure that door will lead somewhere profitable? He can’t. So he picks a door at random, but this new door has a different and even tougher lock. He works away when suddenly the door behind him closes and the lock switches to a new combination.
The burglar still presses on and opens the door into a second room. This room also has another 10 doors with different and stronger locks. On he goes… and the door behind him always goes bang.
Then the walls spin and all the doors change position. Now he can’t find his way back. He has been detected, located and identified, and his fate rests with the owner of the network.
This translates to a human or viral security attack on a multi-cloud system with intruder detection, isolation and destruction.
Conventional networks present a simpler target and a model that is well understood. They may have a couple of security layers, but present a stable and identifiable target.
So what else can we do to spot an intruder? The network knows the good guys and their work patterns, locations, week and weekend habits, and travel patterns. And it turns out that it is relatively easy to spot rogue activity and the person responsible by monitoring ports, machines, connections and activity.
In the cloud environment, security is no longer a static or isolated activity of limited richness. Every cloud is different and continually changing. This means that companies no longer look big, dumb and static. In fact, it can be quite difficult to find many elements of a company, even as an insider, unless you are given the keys to the right sequence of doors. ?