Super secure clouds


Published on

Cloud Computing could be the biggest single opportunity for a significant improvement in our network and information security for decades. Multiple operators and suppliers offering multiple access points, services and applications that we can tap at the same time will give us a diversity of new protection mechanisms way beyond those we enjoy today.

For sure we need to improve our log-on processes, firewalls and malware protection, but thin clients change the name of the game. A lack of memory and processing power leverage down any malware sophistication, whilst access and utilisation will be harder to compromise when we choose different devices and servers at random. If we also sign up for applications and services from multiple players, and disperse our information in parsed and scattered locations that are never connected in the same manner more than once, then infiltration will be orders of magnitude more difficult.

All clouds are not the same, and their will be large numbers of them spanning corporates, governments, social and personal applications. Some will last, others will be sporadic and last for seconds. Connections too will be continually varying and sporadic. A moving target is harder to hit, and The Cloud might be the ultimate target!

Published in: Technology
  • As Michael said over a year ago, cloud based virtualization is 'the biggest opportunity for a security cock-up in decades', unless the foundation is rock solid. A hyvervisor is great, if it is secure and formally proven.
    Are you sure you want to  Yes  No
    Your message goes here
  • ah yes, but when I use a cloud-based service provider, how do I know that they have set it up properly or if they are as leaky as a sieve? Recent attacks on iPhones, Android phones, gonvernment servers, bank servers and WiFi hotspots show that providers of services and infrastructure are not worthy of trust. Perhaps some kind of internationally recognised accreditation for cloud-storage systems is required.
    Are you sure you want to  Yes  No
    Your message goes here
  • People are always the problem and not the machines! If they choose to dumb things then nothing and non one can help them. It is a matter of choice. BUT we do know how to make very reliable, and very secure systems, using unreliable and insecure components.

    Thus we have an engineering problem - how to engineer people out and security in!

    In this presentation I have given some pretty strong hints and suggestions just how that is to be done :-)
    Are you sure you want to  Yes  No
    Your message goes here
  • Just another quick comment, regarding the cyber-terrorism and cyber-crime mentioned in the slide presentation. This will become much more of a threat when we adopt wide-scale machine-to-machine technology for essential services such as smart power grids. O brave new world.
    Are you sure you want to  Yes  No
    Your message goes here
  • hmm....I tend to see it as the biggest opportunity for a security cock-up in decades. My bank offered to provide a cloud-based service to back up all my business data but refused to provide any indemnity against my clients' data being stolen by hackers. Can we really rely on some Tom, Dick or Harry entity in a cloud to adequately configure their security? Even the Pentagon didn't adequately protect themselves against bedroom-hobbyist hackers. And do we know that everyone is using thin-client devices to access it? We have to assume that hackers will be using state-of-the-art equipment. On the bright side, IETF has a working group (DECADE) specifying how cloud security should work and they have a very active security WG. But in the end, it comes down to trusting some cloud service provider (who may subcontract the job) to have adequate security controls and to configure them correctly. I am not a trusting person at heart, which is perhaps why I work in the field of information security and why I am an atheist :-)
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Super secure clouds

  1. SUPER Peter Cochrane SECURE, 26 June 12
  2. Security is always a cat and mouse game...Tuesday, 26 June 12
  3. And we are always trying to tilt the odds in our favour...Tuesday, 26 June 12
  4. But we cannot leave anything to chance, we cannot afford to gamble, the stakes are far too high..Tuesday, 26 June 12
  5. We have to think like the enemy, war game, test and probe, & constantly keep ahead technically and strategically...Tuesday, 26 June 12
  6. Laws of security... 1) There is always a threat 2) It is always in a direction you’re not looking 3) Perceived risk/threat never equals reality 4) Nothing is 100% secure 5) People are always the primary risk 6) Resources are deployed inversely proportional to actual riskTuesday, 26 June 12
  7. Laws of security... 7) You need two security groups - defenders & attackers 8) Security & operational requirements are mutually exclusive 9) Legislation is always > X years behind 10) Security standards are an oxymoron 11) Security people are never their own customer 12) Cracking systems is far more fun than defending themTuesday, 26 June 12
  8. Laws of security... 13) Hackers are smarter than you - they are younger! 14) Hackers are not the biggest threat - governments are! 15) As life becomes faster it becomes less secure 16) Connectivity and data half lives are getting shorter too 17) We are most at risk during a time of transition 18) The weakest link generally defines the outcomeTuesday, 26 June 12
  9. If we continue to do what we’ve always done our Cloud exposure will accelerate..Tuesday, 26 June 12
  10. In The Cloud - the attack surface is the entire planet...Tuesday, 26 June 12
  11. We w i l l n e e d more and smarter firewalls...Tuesday, 26 June 12
  12. All forms of malware protection will have to become evolutionary...Tuesday, 26 June 12
  13. Has to become far more sophisticated...Tuesday, 26 June 12
  14. Enhancing login vectors... Something you: - Do - Are - Know - Posses - Deduce - Relate to A concatenation - Recognise of weak vectors - Remember rapidly becomes - Understand very strong...Tuesday, 26 June 12
  15. Concatenating numerous low cost biometrics is a good example... - Eye - Face - Hand - Voice - Typing - Habits - Devices - Locations - ++++Tuesday, 26 June 12
  16. Automated & stronger encryption... ...but only where needed !Tuesday, 26 June 12
  17. More anonymity applications...Tuesday, 26 June 12
  18. More url hopping, identity, & location cloaking applications...Tuesday, 26 June 12
  19. What does The Cloud offer beyond all this ?Tuesday, 26 June 12
  20. It will destroy dominant mono-cultures of: - Devices So what are the extras The - Browsers Cloud brings to the party ? - eMail clients - Application sets - Operating modes - Operating systems Hackers love mono-cultures - it makes their lives so very much easier...Tuesday, 26 June 12
  21. More variety, dynamism, and faster change...Tuesday, 26 June 12
  22. Clouds of all sizes will form and dissipate by demand ...with the clustering of people and devices +++Tuesday, 26 June 12
  23. Connectivity will be less static, comms between Clouds sporadic and far more varied...Tuesday, 26 June 12
  24. Moving targets are very hard to hitTuesday, 26 June 12
  25. Thin clients offer very limited processing and memory, making it far harder for malware to be effective...Tuesday, 26 June 12
  26. - Infrastructure - Platform - Software Cloud services now available from multiple suppliers...Tuesday, 26 June 12
  27. Use multiple suppliers for connectivity, apps, storage, security et al and employ in a randomised fashion...Tuesday, 26 June 12
  28. ...seamlessly flip between devices...Tuesday, 26 June 12
  29. WhyTuesday, 26 June 12
  30. To make it incredibly difficult for the dark side: - No single log-on device - No single log-on location - Variable log-on routine - Distributed applications - Distributed filing system - Parsed and distributed data - Multiple clouds and providers - Dynamic creation of clouds - Dynamic cloud interconnection - Inter-cloud encryption and coding - Corporate strength security for allTuesday, 26 June 12
  31. Storage App Corporate App Personal App Storage Personal App App Corporate One of many Storage Connection Clouds Corporate Surrounded By CloudsTuesday, 26 June 12
  32. Parsed data flows to/from multiple destinations... ...are incredibly difficult to intercept and decode...Tuesday, 26 June 12
  33. Parsed, encrypted & distributed folders over multiple global s e r ve r s . . . i s ev e n harder!Tuesday, 26 June 12
  34. The biggest threat is still people laxity and the insider... Parsed, encrypted and distributed data folders over multiple global even worse!Tuesday, 26 June 12
  35. Behavioural monitoring and analysis will become an essential cloud service for SMEs, corporations & .gov...Tuesday, 26 June 12
  36. Half lives of connections, data, info and knowledge...are going to get much shorter!Tuesday, 26 June 12
  37. We have to reduce the opportunity and the time available for The Dark Side to infiltrate and take action...Tuesday, 26 June 12
  38. And should they break in we confront them with partial access and a very confusing picture... Which door to choose, and to which cloud, for how long, with access to what ?Tuesday, 26 June 12
  39. How many layers, combinations, connections, locks, types ? How long will they be open, and what is in each of the many clouds ?Tuesday, 26 June 12
  40. The Dark Side will t h u s h ave The day of the lone far less time to infiltrate hacker is coming to and take an end... action...Tuesday, 26 June 12
  41. The New Dark Side are gov agencies and criminal organisations with huge budgets, people & tech resources...Tuesday, 26 June 12
  42. The sophistication of StuxNet and Flame surprised industry and governments ...and they mark the start of a new era...Tuesday, 26 June 12
  43. We may be transiting to‘Cyber Warfare’...Tuesday, 26 June 12
  44. Fen din go dem ff su and ch t tha sm hre n in ore ats mu divi ster dua capa l co bili rps ty canTuesday, 26 June 12
  45. Global cooperation will be required, to develop militar y grade solutions ...Tuesday, 26 June 12
  46. To sur vive and prosper we have to think and act differently whilst leveraging new technology, and techniques...Tuesday, 26 June 12
  47. The DIY companies will not survive...Tuesday, 26 June 12
  48. Malware is now open code for free or a modest price from multiple sources... is also breeding by the hand of man and by a digital life force we created...Tuesday, 26 June 12
  49. “Speed is the essence of war. Take advantage of the enemys u n p re p a re d n e s s ; t r ave l b y unexpected routes and strike him where he has taken no precautions” The Art of War by Sun Tzu, 600 BCTuesday, 26 June 12
  50. Be prepared !Tuesday, 26 June 12
  51. Thank You COCHRANE a s s o c i a t e sTuesday, 26 June 12