Cloud Computing could be the biggest single opportunity for a significant improvement in our network and information security for decades. Multiple operators and suppliers offering multiple access points, services and applications that we can tap at the same time will give us a diversity of new protection mechanisms way beyond those we enjoy today.
For sure we need to improve our log-on processes, firewalls and malware protection, but thin clients change the name of the game. A lack of memory and processing power leverage down any malware sophistication, whilst access and utilisation will be harder to compromise when we choose different devices and servers at random. If we also sign up for applications and services from multiple players, and disperse our information in parsed and scattered locations that are never connected in the same manner more than once, then infiltration will be orders of magnitude more difficult.
All clouds are not the same, and their will be large numbers of them spanning corporates, governments, social and personal applications. Some will last, others will be sporadic and last for seconds. Connections too will be continually varying and sporadic. A moving target is harder to hit, and The Cloud might be the ultimate target!
3. And we are always
trying to tilt the odds
in our favour...
Tuesday, 26 June 12
4. But we cannot leave anything to chance,
we cannot afford to gamble, the stakes
are far too high..
Tuesday, 26 June 12
5. We have to think like the enemy, war
game, test and probe, & constantly keep
ahead technically and strategically...
Tuesday, 26 June 12
6. Laws of security...
1) There is always a threat
2) It is always in a direction you’re not looking
3) Perceived risk/threat never equals reality
4) Nothing is 100% secure
5) People are always the primary risk
6) Resources are deployed inversely proportional to actual risk
Tuesday, 26 June 12
7. Laws of security...
7) You need two security groups - defenders & attackers
8) Security & operational requirements are mutually exclusive
9) Legislation is always > X years behind
10) Security standards are an oxymoron
11) Security people are never their own customer
12) Cracking systems is far more fun than defending them
Tuesday, 26 June 12
8. Laws of security...
13) Hackers are smarter than you - they are younger!
14) Hackers are not the biggest threat - governments are!
15) As life becomes faster it becomes less secure
16) Connectivity and data half lives are getting shorter too
17) We are most at risk during a time of transition
18) The weakest link generally defines the outcome
Tuesday, 26 June 12
9. If we continue to do what we’ve always
done our Cloud exposure will accelerate..
Tuesday, 26 June 12
10. In The Cloud - the attack surface is the
entire planet...
Tuesday, 26 June 12
11. We w i l l n e e d
more and smarter
firewalls...
Tuesday, 26 June 12
12. All forms of malware
protection will have to
become evolutionary...
Tuesday, 26 June 12
13. Has to become far
more sophisticated...
Tuesday, 26 June 12
14. Enhancing login vectors...
Something you:
- Do
- Are
- Know
- Posses
- Deduce
- Relate to A concatenation
- Recognise of weak vectors
- Remember rapidly becomes
- Understand very strong...
Tuesday, 26 June 12
15. Concatenating numerous
low cost biometrics is a
good example...
- Eye
- Face
- Hand
- Voice
- Typing
- Habits
- Devices
- Locations
- ++++
Tuesday, 26 June 12
16. Automated & stronger encryption...
...but only where needed !
Tuesday, 26 June 12
18. More url hopping,
identity, & location
cloaking applications...
Tuesday, 26 June 12
19. What does The Cloud
offer beyond all this ?
Tuesday, 26 June 12
20. It will destroy dominant mono-cultures of:
- Devices So what are the extras The
- Browsers Cloud brings to the party ?
- eMail clients
- Application sets
- Operating modes
- Operating systems
Hackers love mono-cultures
- it makes their lives so very
much easier...
Tuesday, 26 June 12
30. To make it incredibly difficult
for the dark side:
- No single log-on device
- No single log-on location
- Variable log-on routine
- Distributed applications
- Distributed filing system
- Parsed and distributed data
- Multiple clouds and providers
- Dynamic creation of clouds
- Dynamic cloud interconnection
- Inter-cloud encryption and coding
- Corporate strength security for all
Tuesday, 26 June 12
31. Storage
App Corporate App
Personal App
Storage Personal
App App
Corporate
One of many Storage
Connection
Clouds Corporate
Surrounded
By
Clouds
Tuesday, 26 June 12
32. Parsed data flows to/from
multiple destinations...
...are incredibly difficult to
intercept and decode...
Tuesday, 26 June 12
33. Parsed, encrypted &
distributed folders
over multiple global
s e r ve r s . . . i s ev e n
harder!
Tuesday, 26 June 12
34. The biggest threat is
still people laxity and
the insider...
Parsed, encrypted and
distributed data folders
over multiple global
servers...is even worse!
Tuesday, 26 June 12
35. Behavioural monitoring and analysis will
become an essential cloud service for
SMEs, corporations & .gov...
Tuesday, 26 June 12
36. Half lives of connections,
data, info and knowledge...are
going to get much shorter!
Tuesday, 26 June 12
37. We have to
reduce the
opportunity
and the time
available for
The Dark Side
to infiltrate
and take action...
Tuesday, 26 June 12
38. And should they break in we confront them
with partial access and a very confusing
picture...
Which door to choose, and to which
cloud, for how long, with access to what ?
Tuesday, 26 June 12
39. How many layers,
combinations,
connections,
locks,
types ?
How long
will they
be open,
and what is in each
of the many clouds ?
Tuesday, 26 June 12
40. The Dark
Side will
t h u s h ave The day of the lone
far less time
to infiltrate
hacker is coming to
and take an end...
action...
Tuesday, 26 June 12
41. The New Dark Side are gov
agencies and criminal
organisations with
huge budgets,
people & tech
resources...
Tuesday, 26 June 12
42. The sophistication of
StuxNet and Flame
surprised industry and
governments ...and
they mark the start of
a new era...
Tuesday, 26 June 12
43. We may be transiting to‘Cyber Warfare’...
Tuesday, 26 June 12
44. Fen
din
go
dem ff su
and ch t
tha sm hre
n in ore ats
mu divi
ster dua capa
l co bili
rps ty
can
Tuesday, 26 June 12
45. Global cooperation
will be required, to
develop militar y
grade solutions ...
Tuesday, 26 June 12
46. To sur vive and
prosper we have
to think and act
differently whilst
leveraging new
technology, and
techniques...
Tuesday, 26 June 12
47. The DIY
companies
will not
survive...
Tuesday, 26 June 12
48. Malware is now
open code for free
or a modest price
from multiple
sources...
...it is also breeding
by the hand of man
and by a digital life
force we created...
Tuesday, 26 June 12
49. “Speed is the essence of war.
Take advantage of the enemy's
u n p re p a re d n e s s ; t r ave l b y
unexpected routes and strike
him where he has taken no
precautions”
The Art of War by Sun Tzu, 600 BC
Tuesday, 26 June 12