Patrick Crowley

Global Public Cloud Spending To Double By 2020

The Cloud and Endpoint Modeling

The worldwide migration of IT resources to the public cloud continues, at a head-spinning pace. Global public-cloud spending was forecast to reach $96.5 billion in 2016, according to IDC — and this spending is expected to more than double by 2020, while overall IT spending sees only a 13 percent increase during this period.

Yet the effort to secure all of those cloud-resident services, applications, and data lags far behind. In a 2016 Unisys survey of U.S.-based business and IT executives, 42 percent of respondents named security as the most challenging aspect of cloud management. In a Ponemon Institute survey, 54 percent of respondents said their companies do not have a proactive approach to managing security – or complying with privacy and data-protection regulations – in cloud environments.

The drivers of this rapid migration are well understood: business leaders cite cost reduction, faster access to computing capacity, and the need to replace end-of-life technology, among other factors.  However, these benefits come at great potential cost, because the cloud carries with it new security risks.

New Environment, New Risks

The familiar bugbears of legacy computing environments – such as data breaches, phishing attacks, and ransomware – are compounded by new potential threats in the cloud, including system vulnerabilities created by multi-tenancy, APTs (advanced persistent threats) introduced to cloud accounts, and abuses such as using cloud-computing resources to launch DDoS (distributed denial of service) attacks.

ddos cloud

Where do these new threats come from? In large measure, they are the result of the fundamental differences between public clouds – such as those offered by Amazon, Microsoft, Google, and IBM – and legacy computing environments. Unlike conventional networks, the public cloud:

  • Is not wholly controlled by the owner of proprietary IT systems and data,
  • Is a shared resource, accessed on-demand by users from multiple geographies and organizations,
  • Invites access from a potentially unlimited pool of users, devices, and endpoints, and
  • Provides limited opportunity to monitor one’s own computing “footprint,” let alone the network as a whole.

What’s more, the vast amounts of data stored on cloud servers have made cloud providers an attractive target, prompting hackers and other malefactors to develop new techniques to access important data and applications stored in the public cloud.

In such a setting, it’s no wonder that IT and security professionals – charged with protecting their organizations’ networks, devices, applications, and data – can be fretful, even fearful, about trying to maintain security in the public cloud. One of their biggest concerns is the lack of visibility: the difficulty of seeing, in real time, what the assets within your VPC (virtual private cloud) are doing, as well as monitoring external activities that may be trying to compromise your assets in the cloud.

New Threats Call for a Different Approach

As you might expect, security solution providers and cloud providers have been active in innovating to meet the new threats. Security vendors have beefed up tools familiar from conventional networks, such as firewalls, IDS/IPS systems, and logging, to make them useful for customers who are now active in public clouds. They have also adapted processes like encryption and tokenization to the new environment.

For their part, public cloud providers have developed and implemented – for the benefit of all customers who want them – a wide range of “cloud-native” services that automate tasks essential for operating securely in the public cloud, in order both to protect their customers and to increase their confidence.

Amazon, for example, has introduced a set of innovative services that enable its AWS (Amazon Web Services) customers to monitor, measure, and respond to their traffic in a VPC environment. These services include:

  • AWS CloudTrail, which delivers a structured feed of all requests to access or monitor your AWS footprint,
  • Amazon CloudWatch, a monitoring device that reports on utilization and status of both built-in Amazon services (such as servers, databases, and data analysis), and custom applications and services, and
  • AWS VPC Flow Logs, which provide visibility into the network traffic that your AWS servers send and receive.

Together, these three services make up a comprehensive “visibility layer” for a public cloud footprint, allowing out-of-the-box visibility into account usage, user behavior, infrastructure management, application/service activity, and network activity.

But even when a public cloud provider does its best to run a tight ship within its own purview, lots of security pitfalls will remain in any public-cloud environment. Many of them are the result of customer organizations’ behavior, such as:

  • Using software with known vulnerabilities,
  • Carelessness with user credentials,
  • “Temporary” access permissions that are never revoked,
  • Neglecting to log out of an application on a shared machine,
  • Lost or stolen devices, and
  • End-to-end encryption (which, despite its value, can obscure the content of data packets).

As a result, Amazon and other major providers advocate a shared responsibility model for security within a public cloud. They secure the hardware that customers’ instances run on, while the customer must take care to secure its own computing environment, as well as the resources it has initiated in its public-cloud footprint. While the public-cloud infrastructure provides a great foundation for security, it remains the cloud user’s responsibility to leverage those services to create and operate a secure application “in” the public cloud.

The Endpoint Modeling Advantage

This brings us back to visibility, or the persistent challenge of having, and maintaining, a detailed understanding of how your users, applications, and IT resources are behaving – locally, remotely, or in the public cloud.

One new class of solution has rapidly gained acceptance and use in the past year, because it addresses network vulnerabilities in ways that conventional security tools simply cannot. This advanced threat-detection system, which complements an organization’s security portfolio, is endpoint modeling.

Endpoint modeling automatically discovers each device that is on your network; creates a software-based model of that device’s usual behavior; continuously monitors the behavior of the device over time, looking for any deviations from the model; and when an exception occurs, generates a near-real-time, actionable alert to your security analyst(s), so that your organization can respond to a potential threat.

For example, wouldn’t you like to know when a device accesses the internet for the first time? When a domain controller makes use of a Google form? Or when a local (but networked) printer suddenly behaves like a Web server, serving remote clients? These and countless other “anomalies” in an organization’s network are systematically tracked, identified, and reported by an endpoint modeling solution.

The advantages that endpoint modeling offers over conventional security tools are worth noting. Most important, it provides a higher degree of visibility into what’s happening on a network, in real time. It can discover problems or threats that were previously unknown to the network’s guardians, because it is not dependent on recognizing threat “signatures.” Instead, it is able to combat end-to-end encryption, not by packet inspection, but by tracking the behavior of users and devices that employ encryption. It generates no more alerts than are required to accurately report on a network’s activity, and minimizes false alarms. And it is platform agnostic, working equally well on legacy (on-premise) networks, public-cloud environments such as AWS and Microsoft Azure, and hybrid infrastructures that combine legacy and cloud.

While the cloud, for all its advantages, is known for its lack of visibility, endpoint modeling holds the promise of cutting through the mist.

By Patrick Crowley, Founder and Chief Technology Officer, Observable Networks

Patrick Crowley

Patrick Crowley is the founder and CTO of Observable Networks. He is also professor of Computer Science & Engineering at Washington University in St. Louis where he has been a leading researcher on deep packet inspection (DPI) technologies within various academic, commercial, and government communities.

View Website


What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
The Paradigm Shift In Enterprise IT Operations Management

The Paradigm Shift In Enterprise IT Operations Management

IT Operations Management Rapid change is the new constant with today’s Enterprises. There is a continuous shift in the technology ...
A Closer Look at the Hidden Costs of Collaboration Solutions

A Closer Look at the Hidden Costs of Collaboration Solutions

The Hidden Costs of Collaboration Solutions Collaboration technology is key to efficient communication and productivity for a dispersed and global ...
Predictions For The Enterprise - Interconnected Cities

Predictions For The Enterprise – Interconnected Cities

Predictions For The Enterprise The IoT will be reality In 2016, we’ll work smarter, not harder. Human beings, appliances, homes, ...
Why Your Cloud Project Needs A Strong PMO

Why Your Cloud Project Needs A Strong PMO

Cloud Project Needs A Strong PMO Cloud projects are highly complex. Without a strong project management office, they have a ...
Salesforce Gets Serious About Its Security Ecosystem

Salesforce Gets Serious About Its Security Ecosystem

Security Ecosystem Salesforce is one of the fastest growing enterprise software companies in history and while security is a major ...


Where's Zuck? Facebook CEO silent as data harvesting scandal unfolds

Where’s Zuck? Facebook CEO silent as data harvesting scandal unfolds

Amid calls for investigation and a #DeleteFacebook campaign, company releases an official statement but its figurehead keeps quiet The chief executive of Facebook, Mark Zuckerberg, has remained silent over the more than 48 hours since ...
Lydia launches Lydia Premium

Lydia launches Lydia Premium

French startup Lydia announces two new things today. First, the company is launching a financial hub with multiple new products. Second, Lydia is announcing a new premium subscription to access those new features. “Today, we’re lucky enough to have ...
Demand for Augmented Reality/Virtual Reality Headsets Expected to Rebound in 2018, Says IDC

Demand for Augmented Reality/Virtual Reality Headsets Expected to Rebound in 2018, Says IDC

FRAMINGHAM, Mass., March 19, 2018 – Worldwide shipments for augmented reality (AR) and virtual reality (VR) headsets will grow to 68.9 million units in 2022 with a five-year compound annual growth rate (CAGR) of 52.5%, according ...
Uber said to be negotiating sale of self-driving tech to Toyota

Uber said to be negotiating sale of self-driving tech to Toyota

Uber  might begin selling its autonomous driving systems to outside companies, including major automakers, according to a new report from Japan’s Nikkei. The report claims that Uber has had talks with Toyota regarding supplying the automaker with ...
EU lawmakers to investigate alleged misuse of Facebook users' data

EU lawmakers to investigate alleged misuse of Facebook users’ data

BRUSSELS (Reuters) - EU lawmakers will investigate whether the data of more than 50 million Facebook users has been misused, the head of European Parliament said on Monday. Antonio Tajani urged the social media giant ...
Europe's New Privacy Law Will Change The Web

Europe’s New Privacy Law Will Change The Web

CONSUMERS HAVE LONG wondered just what Google and Facebook know about them, and who else can access their personal data. But internet giants have little incentive to give straight answers — even to simple questions ...