Having Your Cybersecurity And Eating It Too

The Catch 22

The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this question: how in the world do you eat cloud software?

Cybersecurity today seems to have an unfortunate Catch-22. You want to test (and re-test) your live cloud services to see if they are really secure, but testing too aggressively or frequently will disrupt, degrade, or even leave those services more vulnerable. Keeping your live services up and running is difficult: your aggressive scanning and testing is essentially eating those services — to see if they are good or bad — at the same time you are trying to keep them all in one piece.

Splitting In Half

As the title of this blog hints, running a live system and fully testing that same live system is exactly like trying to have your cybersecurity cake and eat it too — pick one, not both, or more realistically pick half of each. We’ve even heard penetration testing on a live network described as “running fast while shooting at your own feet to see if your boots are really tough enough for the journey.” (Please do not try this at home!)

boots-cyber

It’s no secret that classical vulnerability and penetration testing is filled with wise caution, legal landmines and detailed guidance to mitigate the impact on real operations and businesses. At least one way to try to maneuver around this Catch-22 requires a separate non-production environment of equivalent hardware and software. It’s not easy to keep that non-production environment up-to-date and it demands a lot of constant investment of time and money. The unfortunate reality is that such environments quickly diverge from real operational systems, making them less meaningful. It’s often double the cost for just a fraction of real cyber security benefit.

As businesses rapidly accelerate their dependence on cloud services and the federal government puts sensitive data into the cloud, achieving more secure cloud-based services is critically important. We’re all interdependent and have a shared stake in the outcome.

With a lot on the line there is no shortage of expectations – from financial sector penetration testing requirements to a new military effort calling for more proactive testing of critical operational systems. And we can’t help but mention the groundbreaking Cyber Grand Challenge using artificial intelligence based techniques.

Government Embracing The Cloud

Likewise, as security concerns cause the federal Government to step more firmly into the cloud — there’s even a cloud.gov these days after all — the government’s own penetration testing penetration has also anticipated this seeming Catch-22 in cybersecurity. The government expressly allows “testing in a non-production environment” to “limit the impact on business operations.” Then, in the same breath, they wisely require that the non-production environment be “identical to the production environment.” And to reinforce the point they even use italics, noting that the “environments must be exactly same” and not just “almost” the same. We couldn’t agree more!

The Clone

Our answer, then, to the original question — how in the world do you eat cloud software? Leverage the inherent ability of any cloud environment to generate and operate exact (cloned) image of the live systems. Then test those exact images. It’s a bit like interacting with a hologram, except in the cyber world the hologram behaves and reacts exactly like the real thing — because it is as real as the original due to the inherent design of the cloud’s serviced-based architecture. Once you’ve set up the parameters for the cloud service, it makes little sense to ask Amazon, for example, which particular servers in which racks you are running on, because it doesn’t make one bit of difference operationally.

As the cloned versions are setup, the live cloud services keep going while the cloned version is taking the heat. Even if during testing the cloned version goes down in flames, so to speak, that’s ok for two reasons. First, the live operational system is still running fine — keeping your customers and users happy — and, second, you have proactively uncovered an issue before it could have grown into an even larger, real one.

Meanwhile, you can just restart another cloned image and get right back to testing — no need to clean up or try to rewind time. And this approach works across multiple cloud platforms, whether hosted or on premises or a mix, so you can choose your cloud provider — or more likely choose a few of them. Furthermore, your existing investment in scanning, testing, and security tools can also be applied to the exact images.

We agree there’s really no silver bullet in cybersecurity, as it clearly takes a diverse range of tools and techniques to keep a system secure, but a service-based cloud infrastructure really does have one particular silver lining: by scanning and testing fully cloned images, you can have your cybersecurity and really eat it too.

By Ernesto DiGiambattista, Co-Founder and CEO, Cybric

ernesto


Prior to founding Cybric, Ernesto DiGiambattista was the Chief Technology & Security Officer for Sentinel Benefits & Financial Group, where he was responsible for transforming a legacy technology team into a technology innovation service group.

In addition, Ernesto was a senior member of Bank of America’s Information Security & Resiliency Group and Corporate Audit organizations. Further, Ernesto has been a trusted advisor on private and public cybersecurity policy to members of the U.S. Senate and the U.S. House of Representatives.

In June 2015, Ernesto was recognized by the Boston Business Journal as a 2015 Finalist for Boston CIO of the Year.

Anita Raj

Can the cloud handle the streaming explosion caused by the pandemic?

The Streaming Digital Explosion From the time the coronavirus forced the global community to stay at home, a whopping 16 million people have newly subscribed ...
Ian Hayes

Pick The Right AWS Course And Ensure A Brighter Future Ahead

Picking The Right AWS Course As the leader of the pack, AWS (Amazon Web Services) is the fastest-growing public cloud service in the industry, and ...
Steve Prentice

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think. In his new book, author David Friend refers to the ...
Ajay

Explainable Intelligence Part 2 – Illusion of the Free Will

Illusion of the Free Will Explainable Artificial Intelligence (XAI) is getting a lot of attention these days, and like most people, you're drawn to it because ...
Dan Saks 1

How the Cloud Will Transform in the Next Decade

Transformative Cloud Silicon Valley is easy to stereotype: the gadgets, the startup perks, the culture and mentality. However, the real reason Silicon Valley captures headlines ...
Figure4

DevOps – Secure and Scalable CI/CD Pipeline with AWS

Secure and Scalable CI/CD Pipeline According to Gartner, a leading research company, worldwide public cloud revenue will grow by 17.3 percent in 2019. Total spending ...

SIGNUP FOR OUR FREE NEWSLETTER

Enjoy thought leadership insights, industy news, free tech reports, podcasts and comics.
Something went wrong. Please check your entries and try again.