Page 15 - CDM-Cyber-Warnings-March-2014
P. 15
+.4# 1.5(#$12 $"41(38 $-#.12 -# .4 .1*(-& .&$3'$1 %.1 3'$ $23 8!$1 $%$-2$ By Stephen Coty, Director, Threat Research, Alert Logic Once upon a time your IT infrastructure was your castle where the lifeblood of your business resided on physical servers you could see and touch. You built a moat of the latest security technology around the perimeter of this castle and you slept well at night knowing that your infrastructure was safe from physical and cyber intruders alike. Enter the cloud, where you can expand IT with additional castles in more places on an infrastructure of both virtual servers offering up next-generation cloud-based apps and virtual desktops. “Old world” security models are not effective in the cloud, and while there is still a perimeter it has changed so that protecting it must be a shared responsibility between three kingdoms: the service provider, the security vendor and the customer. At peak periods on Amazon Web Services (AWS), for example, “castles” of applications and data are continually being built and “remodeled” as demand for information changes in various markets within in the cloud infrastructure. You don’t need to lose sleep about cloud security, but you do need to be fully conscious of the unique security requirements of the cloud. The key thing to understand is that the cloud is not necessarily insecure, but rather it is a different, dynamic infrastructure that demands a different, cloud-native security solution to protect your applications and data against specific cyber threats. An emerging best practice is to forge a partnership-driven approach to cloud security technology revolving around the responsibilities of your cloud services provider, your security vendor, and you. Why you need security designed for the cloud Alert Logic’s State of Cloud Security Report, Spring 2013 analyzed more than 1 Billion security events that generated over 46,000 security incidents reported by more than 1,800 customers over a six month period. The findings showed that cloud environments are no more attack prone than enterprise data centers, but that web application attacks make up a significant threat vector and that threat levels are consistent across many industries and verticals. After web application attacks, the biggest threats against cloud-based infrastructures are cyber- attacks such as distributed denial of service (DDoS) attacks that strike with brute force to take web applications offline, making them unavailable to thousands of users in seconds flat. Some other examples of specific cyber threats against cloud applications are infiltrations of Trojans and other malware, unauthorized scans, and brute force credential attacks, which can compromise the integrity of web applications and modify entire websites for malicious purposes. With the cloud you must think beyond traditional security technologies that are designed around protecting traditional IT infrastructure. They either will not work in a cloud environment, or even if they can be deployed, they cannot leverage the full benefits of a virtualized infrastructure to give you the security results you expect. " # % " $ " # ! !
