Worries about security are keeping the brakes on the growth of cloud computing despite a huge drop in infrastructure costs that are making it cost effective for enterprises to move their data centers off the premises.
SAN MATEO, Calif. – Security vendors speaking at the OnCloud 2015 conference here said a lot of work remains to bolster cloud security to the point where the massive security breaches such as those recently discovered at Sony Pictures Entertainment and Anthem health insurance become a rare event.
While malicious hackers will continue working to crack the latest security schemes, Barmak Meftah, CEO of AlienVault said security could be greatly enhanced by enterprises sharing more information. “Imagine if we had a way to share threat data around the world,” he said. “For once we could be more proactive rather than reactive.”
Only recently have companies become more forthcoming about data breaches thanks to legislation and social media giving consumers an outlet to quickly spread the news that their personal accounts had been hacked and private information exposed.
Meftah and other speakers at the conference expressed hope that recent cases like the Anthem data breach that exposed 80 million customer accounts will be a wakeup call that forces companies to cooperate on potential threats.

Despite these high profile cases, security breaches could be far worse. Enterprises already spend millions on security technology, from anti-malware to firewalls to network monitors that watch for attempts by hackers to penetrate corporate networks. But Meftah said security product vendors have been too focused marketing their technology to the biggest companies that can most readily afford the most sophisticated security system.

“We’ve ignored a vast market,” said Meftah. “As vendors we love the Fortune 500 for their money, but for every one of them there are 10,000 smaller firms that can’t afford those same solutions.”
Another speaker said that identity management and authentication are the biggest security issues we face because a breach or other incursion is typically carried out by someone who by outright theft or subterfuge has gained access to someone else’s identity.
“Companies view themselves as operating in islands of commerce, but really we live in a tornado of digital identities,” said Reed Taussig, CEO of ThreatMetrix.

“Everyone is upset about malware, but we should accept the fact it’s a losing war because (the attacks) change every 20 to 25 minutes. The real problem is spoofing and stolen identities,” Taussig added. He then recounted that he himself has received four different requests in the past year to change his password from big companies that had been hacked, including Morgan Stanley and Starwood Hotels.
When he asked the room of several hundred people if any of them hadn’t had at least one of these requests to change their password in the past year, only three hands went up. “Do you have electricity in your house?” he joked.
ThreatMetrix effort to control the problem network break ins and data breaches involves a kind of crowd-sourced system covering 15,000 networks designed to identify threats, which employs what Taussig calls identity analytics. “There is no real danger of the customer losing their identity because we don’t who you are,” he said.
Meftah said firewalls are good for what they do, but that it’s not enough. “Just because you have a door, that doesn’t mean you don’t also need an alarm for your house,” he said. He called for a shift in security systems from protective to “detective analytics.”

Leave a Reply