ernesto

Having Your Cybersecurity And Eating It Too

The Catch 22

The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this question: how in the world do you eat cloud software?

Cybersecurity today seems to have an unfortunate Catch-22. You want to test (and re-test) your live cloud services to see if they are really secure, but testing too aggressively or frequently will disrupt, degrade, or even leave those services more vulnerable. Keeping your live services up and running is difficult: your aggressive scanning and testing is essentially eating those services — to see if they are good or bad — at the same time you are trying to keep them all in one piece.

Splitting In Half

As the title of this blog hints, running a live system and fully testing that same live system is exactly like trying to have your cybersecurity cake and eat it too — pick one, not both, or more realistically pick half of each. We’ve even heard penetration testing on a live network described as “running fast while shooting at your own feet to see if your boots are really tough enough for the journey.” (Please do not try this at home!)

boots-cyber

It’s no secret that classical vulnerability and penetration testing is filled with wise caution, legal landmines and detailed guidance to mitigate the impact on real operations and businesses. At least one way to try to maneuver around this Catch-22 requires a separate non-production environment of equivalent hardware and software. It’s not easy to keep that non-production environment up-to-date and it demands a lot of constant investment of time and money. The unfortunate reality is that such environments quickly diverge from real operational systems, making them less meaningful. It’s often double the cost for just a fraction of real cyber security benefit.

As businesses rapidly accelerate their dependence on cloud services and the federal government puts sensitive data into the cloud, achieving more secure cloud-based services is critically important. We’re all interdependent and have a shared stake in the outcome.

With a lot on the line there is no shortage of expectations – from financial sector penetration testing requirements to a new military effort calling for more proactive testing of critical operational systems. And we can’t help but mention the groundbreaking Cyber Grand Challenge using artificial intelligence based techniques.

Government Embracing The Cloud

Likewise, as security concerns cause the federal government to step more firmly into the cloud — there’s even a cloud.gov these days after all — the government’s own penetration testing penetration has also anticipated this seeming Catch-22 in cybersecurity. The government expressly allows “testing in a non-production environment” to “limit the impact on business operations.” Then, in the same breath, they wisely require that the non-production environment be “identical to the production environment.” And to reinforce the point they even use italics, noting that the “environments must be exactly same” and not just “almost” the same. We couldn’t agree more!

The Clone

Our answer, then, to the original question — how in the world do you eat cloud software? Leverage the inherent ability of any cloud environment to generate and operate exact (cloned) image of the live systems. Then test those exact images. It’s a bit like interacting with a hologram, except in the cyber world the hologram behaves and reacts exactly like the real thing — because it is as real as the original due to the inherent design of the cloud’s serviced-based architecture. Once you’ve set up the parameters for the cloud service, it makes little sense to ask Amazon, for example, which particular servers in which racks you are running on, because it doesn’t make one bit of difference operationally.

As the cloned versions are setup, the live cloud services keep going while the cloned version is taking the heat. Even if during testing the cloned version goes down in flames, so to speak, that’s ok for two reasons. First, the live operational system is still running fine — keeping your customers and users happy — and, second, you have proactively uncovered an issue before it could have grown into an even larger, real one.

Meanwhile, you can just restart another cloned image and get right back to testing — no need to clean up or try to rewind time. And this approach works across multiple cloud platforms, whether hosted or on premises or a mix, so you can choose your cloud provider — or more likely choose a few of them. Furthermore, your existing investment in scanning, testing, and security tools can also be applied to the exact images.

We agree there’s really no silver bullet in cybersecurity, as it clearly takes a diverse range of tools and techniques to keep a system secure, but a service-based cloud infrastructure really does have one particular silver lining: by scanning and testing fully cloned images, you can have your cybersecurity and really eat it too.

By Ernesto DiGiambattista, Co-Founder and CEO, Cybric

ernesto


Prior to founding Cybric, Ernesto DiGiambattista was the Chief Technology & Security Officer for Sentinel Benefits & Financial Group, where he was responsible for transforming a legacy technology team into a technology innovation service group.

In addition, Ernesto was a senior member of Bank of America’s Information Security & Resiliency Group and Corporate Audit organizations. Further, Ernesto has been a trusted advisor on private and public cybersecurity policy to members of the U.S. Senate and the U.S. House of Representatives.

In June 2015, Ernesto was recognized by the Boston Business Journal as a 2015 Finalist for Boston CIO of the Year.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and consultancy services.

Are you a cloud services expert in a world of digital transformation? If so, contact us for information on how to become part of our growing cloud consultancy ecosystem.

CONTRIBUTORS

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
4 Open Source Business Intelligence Tools For Big Data Reporting

4 Open Source Business Intelligence Tools For Big Data Reporting

Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up ...
What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
What is shadow IT?

How to Make the Move to the Cloud Securely

Move to the Cloud Securely The 2016 Enterprise Cloud Computing Survey from IDG offers multiple interesting insights concerning the state ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
How Big Data Can Empower Native Ads

How Big Data Can Empower Native Ads

Empower Native Ads The realm of big data is expanding an astonishing rate, and its presence can be felt across ...
AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
Financial Management Finds a Welcome Home in the Cloud

Financial Management Finds a Welcome Home in the Cloud

Cloud Based Financial Management The most cautious person in any organization is likely to be the CFO. After all, they’re ...

NEWS

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...