Data Breach Frequency Doesn’t Have to Slow Cloud Computing Momentum

Matt Keil


According to Identifytheft.org, in 2014, there were 783 data breaches resulting in the loss of more than 85 million records – a bad year for secure data by any measurement. This year, unfortunately, is already worse with 80 breaches reported and 85 million records lost.

At the same time datacenter security seems to be lacking, the momentum behind cloud computing could not be much stronger. Cloud computing, with a heavy reliance on virtualization technology, provides a number of compelling business benefits to companies, large and small. Computing resources are used more efficiently, scaling to meet seasonal demands, integrating new products more rapidly, and standardizing data center infrastructure. Industry consulting firm IHS estimates that more than $230 billion will be spent on cloud infrastructure by 2018. A CIO survey done by IBM indicates that 64 percent of respondents see cloud computing as critical to the business.

The growing risk to company data and the explosive momentum behind cloud computing introduce several cloud security considerations that need to be taken into account.

  • Can you segment the data in the cloud? On one hand, many of the breaches recorded happened on physical networks, where segmentation of data and business applications can be accomplished in a straightforward manner. But moving to the cloud does not change the data security challenges or the need to segment.
  • Will the cloud make it easier for attackers? As data is moved to the cloud, access becomes flexible and ubiquitous for all users, and applications of varied trust levels often run on the same server, making access to the data potentially easier for cyber criminals.
  • Is change control applicable to the cloud? Security best practices dictate a well-defined change control process for policy updates. That sometimes takes extra time. But the cloud is dynamic, with workloads added, removed or changing frequently, resulting in a direct conflict to the security policy update process.

Next-generation security for the cloud

To help organizations protect their business critical applications and data, a new approach is needed: a platform approach that applies next-generation security to the application, not the port, while simultaneously inspecting the traffic for known and unknown threats and enabling access based on user credentials. This next-generation approach not only protects the network, it also continually learns from the threats that are prevented and uses that data to improve other cyber threat capabilities.

The question of whether application control is applicable in the datacenter arises because of the limited number of known applications that are typically in use. The theory is that we know which applications are in use, therefore we can more easily secure them. But the reality is that recent high profile breaches have shown that attackers will use applications commonly found on your network (including your datacenters) to implement their attacks and extract your data.

Some examples:

  • According to the iSight Partners report on the Target breach, FTP, NetBIOS and Webdav were the applications used by attackers to navigate across the network while stealing credit card and user data. This pattern of usage exemplifies how attackers are hiding in plain sight using common applications, as we described in the 2014 Application Usage and Threat Report.
  • RDP and other remote access tools are known to be used by attackers to navigate your network, as documented by Verizon in their annual Data Breach Reports.
  • Many business applications such as Microsoft Lync, SharePoint and Active Directory use a wide range of contiguous ports – including 80,443 and a range of high number ports – making application control a necessity as a means of allowing only Lync and no other applications to move across commonly used ports.
  • On average, 8-10 percent of your network traffic is unknown – it can be an internal application, it can be an unidentified commercial, off-the-shelf application, or it can be a threat. The critical functionality you need is the ability to systematically control unknown traffic by quickly analyzing unknowns, determining what the traffic is and where it is coming from, then managing it through policies, custom applications or threat prevention profiles. (We detailed this functionality in the 2014 Application Usage and Threat Report.)

Our security platform allows you to implement security policies based on Zero Trust principles that would help you improve your security posture in each of the examples above. The concept of Zero Trust extends the practice of network segmentation to the level of granting access based on specific applications, allowing user access based on their credentials and controlling what content can be sent at each segmentation point. This all happens on a “never trust, always verify” basis. Native management features in our platform will allow you to streamline firewall provisioning and automate policy updates so that they can keep pace with the workload changes.

To learn more about how you can apply next-generation security to your private, public or hybrid cloud, check out these resources:

Thanks for reading.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS