Cloud security rivals traditional data center safeguards
Government IT systems have been under scrutiny since it was revealed in June that two large-scale hacks at the Office of Personnel Management (OPM), resulting in the theft of 21.5 million employee personnel records.
The most substantial attack, which breached a server used to store background check information, enabled hackers to take off with sensitive security-clearance information including social security information, financial and mental health histories, and usernames and passwords.
Coincidentally, these breaches involved on-premise systems and not cloud systems—which helps dispel the false notion that cloud computing isn’t as secure as traditional data centers.
The Federal Risk and Authorization Management Program (FedRAMP) has been successful in ensuring that cloud service providers serving government customers are in compliance with federal cloud security standards.
This is an incredibly important takeaway as the opportunity for cloud in the federal marketplace continues to grow. Gartner estimates that the advantages afforded by cloud-based technologies will propel spend from $3.5 billion in 2015 to $8 billion by 2019.
Next year, the Obama administration plans to spend over $7 billion on provisioned services like cloud—but still, far more money will be spent on legacy data centers, which store most government data.
Traditional data centers have both physical and logical security layers—data encryption, policy enforcement and security intelligence—and yet the high-profile hacks of OPM, Target, U.S. Health insurance plan provider Anthem and Sony all targeted internal company data centers.
This fact drives home Amazon CTO Werner Vogels’ point that the cloud will improve the security posture of most organizations. Speaking at the July Amazon Web Services (AWS) Summit, Vogel said, “You can actually move to the cloud to improve your security, compliance and governance.”
Moving beyond traditional perimeter security into public, private and hybrid cloud architectures stretches the capabilities of traditional security tools. However, increasing cloud adoption has ramped up the development of cloud-focused security tools. So much so that Information Week’s Andrew Froehlick says these tools will soon outmatch any type of non-cloud parameter security architecture.
“In many ways, cloud security is gaining strength on a seemingly inherent weakness. Cloud service providers are in a unique position to absorb vast amounts of data,” says Froehlich. “Because large clouds are geographically dispersed in data centers around the globe, they can pull in all kinds of security intelligence as data flows in and out of the cloud.”
In addition to big data threat intelligence, Froehlich forecasts four cloud security tools and architectures that are on the rise in 2015:
Encryption Certificate and Key Management
Encryption is critical for any enterprise environment that moves data beyond traditional security borders—but certificate and key management can be difficult. To ease this burden, some cloud companies are offering a complete certificate and key management system to enterprises seeking to encrypt all cloud traffic.
DDoS Shock Absorber
Cloud service providers are also leveraging their massive cloud presence to absorb the impact of sophisticated distributed denial of service (DDoS) attacks as they pass through their cloud data centers, stopping the attack before it ever reaches a network.
Retroactive Malware Protection
Thanks to big data security aggregators in the cloud, information related to the discovery of malware breaches can be used to identify and retroactively revert any system changes made by the intrusive software.
Cloud security blind spots will soon be a thing of the past thanks to software-defined network (SDN) advancements. SDN can overlay the complexity of cloud networks, allowing admins to see across the entire network and control data flows and security policies as needed.