All posts by timmullahy

The cloud can supercharge organisations’ productivity – but only if it is secured

In less than six years, organisations that neglect the advantages of cloud infrastructure will most likely be in a minority. It’s not difficult to see why, really. Not only do cloud services save both time and money, they also have the potential to completely revolutionise how your business operates, opening up new opportunities and revenue streams that would otherwise remain untapped.

Cloud infrastructure provides for a more connected workforce supported by a professional IT helpdesk. Cloud also provides greater agility and flexibility allowing your organization to implement new technology rapidly.

As with any new endeavour, cloud Infrastructure comes with a risk. If you can’t protect the data, applications, and infrastructure itself, the benefits become secondary to security. While the cloud may not be quite as insecure as some of its early opponents seemed to think, that doesn’t mean it’s without security challenges.

Data ownership. Information leakage through third party SaaS applications, and data breach are just a few of the risks an organisation may face when moving to a cloud infrastructure.

Luckily, there are some easy to implement steps to ensure your organization is better protected:

Implement single sign on

Within the average organisation, there are 508 unique cloud applications in use. Can you imagine having to sign-on and authenticate with each one individually? A single sign on authentication process ensures your staff only needs to sign in once to use the entire suite of apps your business provides.

Understand employee needs

If an employee is using an unauthorised, third-party SaaS application, it means your apps aren’t meeting their needs. It falls to you to figure out why, and determine what can be done about it.

Containerise your business apps

By sandboxing critical applications from other apps on employee devices, you can minimise the risk of data leakage. This is typically not an issue for SaaS applications based in the cloud as little or no privileged information is stored on the device. Desktop as a service is also a good alternative to centralise sensitive data.  

Secure your business

Your cloud might be the most secure thing in your organisation – but that doesn’t matter if your network security resembles swiss cheese. To ensure you can safely use cloud applications or infrastructure, you first need to examine your network security. How strong are your firewalls? Is your IPS/IDS solution up to par? How often do you re-evaluate your security policies?

Be choosy with your vendors

Last but not least, the vendors you choose to work with represent an extremely important choice. Especially if you manage sensitive or critical information, it’s imperative that you determine each SaaS app or cloud service is provided by an organisation with high standards of data security.

The cloud isn’t as insecure as people once thought it was, and by utilising it you can supercharge your organisation. At the same time, it isn’t without its security challenges. It’s critical that you understand them – because that’s the only way you’ll overcome them.

The key to defending your data centre against the Internet of Things

(c)iStock.com/4x-image

Opinion The Internet of Things has the potential to revolutionise society once it surmounts its initial growing pains. Unfortunately, one of those involves security.

DDOS attacks are one of the oldest and most enduring things on the web, like that creepy uncle who no one can get rid of at family reunions. And like that uncle, they’re getting progressively worse as time goes on. This past summer saw the largest DDOS attack in history, one so large that it forced content delivery network Akamai to cancel the account of one of the web’s leading security bloggers, Krebs on Security.

“It wasn’t that Akamai couldn’t mitigate the attack – it did so for three days,” writes Tim Greene of Network World. “Doing so became too costly, so the company made a business decision to cut the affected customer loose…[the attack delivered] 665 gbps of traffic.”

That’s absolutely massive- and it was all made possible through the Internet of Things. See, the advent of the connected world has had a very unpleasant side effect. As we embed sensors into more and more of our devices, it’s rapidly becoming clear that most IoT manufacturers have absolutely no idea what they’re doing as far as security is concerned.

And really, why should they? Traditionally, none of these companies needed much aside from a bog-standard IT department. That’s changed, though – and a lot of folks are struggling to keep up.

I’m sure you can see where this is going. Over the next several years, botnets are going to increase exponentially in size. And they’re going to get easier to use – even now, we’re seeing massive DDOS attacks architected by amateurs.

So where does that leave us?

High and dry, unfortunately. While some headway has been made into IoT governance, we’re still a long way from what you could call security standards. And until such time as manufacturers are held accountable for shoddy security in their embedded systems – until such time as we start seeking to actively protect ‘smart’ devices – all we can do is weather the storm.

To that end, the standard DDOS mitigation advice applies:

  • Use early detection techniques, such as a script that forwards periodic messages with your traffic count.
  • Familiarise yourself with the most common DDOS attack techniques, and learn to recognise the unique fingerprint of each.
  • Invest in a tool with automatic DDOS squelching – you aren’t always going to be able to react quickly enough to block rogue IP addresses or bogus requests, and when your site is being attacked, every second counts. As an added bonus, many of these tools also include automated DDOS detection.
  • Make sure you have a proper crisis response policy in place, and that your Computer Security Incident Response Team is fully briefed on the proper procedure in the event of a DDOS.

That aside, there isn’t a great deal else you can do, save for hoping that whatever mitigation tools you’re using, they’re powerful enough to overcome whatever massive botnet aims itself your way.