Netflix, AirBnB and Uber are all pointing the way to the cloud as the future, and that is also true for security, according to Wolfgang Kandek, chief technology officer (CTO) at security firm Qualys.
“Most enterprises are facing today’s cyber security challenges with IT architecture that was developed 25 years ago when IT had full control over computing,” he told the RSA Conference 2015 in Abu Dhabi.
However, he said, this has changed completely with the move to employees using their own consumer devices to access enterprise services, systems and data.
“This leads to a much bigger attack surface, which we try to address by piling up security technology on security technology. In turn, this has led to a terribly over-loaded enterprise technology stack that is very brittle and bound to fail,” said Kandek.
He believes the way around the current “calamitous situation” is to move to a world where security is enabled by security agents in virtual datacentres, endpoints and apps that will be adapted and optimised for these environments.
“Think of these embedded security agents as the white blood cells in our bodies – they know about intruders and they detect and try to isolate threats,” he said.
“But unlike white blood cells, they communicate security and monitoring data to the cloud where systems are capable of joining all this data together and giving security professionals additional information, such as whether the infection is localised or part of a much bigger cyber attack.”
In this way, said Kandek, cloud computing can be applied to information security to ensure that security professionals respond quickly and in the most effective and appropriate way to security incidents.
“To achieve this capability, we need to move aggressively away from traditional enterprise systems and move things into the cloud,” he said.
Architecture of the future
According to Kandek, large companies have a bigger challenge in this regard because they have invested heavily in legacy technologies and training, but if large companies make the transition now, they will be able to benefit.
“There will be the business advantage of being able to move faster and transact worldwide, as well as the security advantage of being ahead of the rest,” he said.
But companies that delay the move to the cloud, said Kandek, will probably not get these advantages and will consequently be unable to compete with those who have made the move.
Smaller companies are less invested in legacies and are more nimble as a result, he said, and should move at least some parts of their infrastructure to the cloud, such as email or other services that are really well-defined.
According to Kandek, if companies have not done so already, 2015 is the year they should be moving to the cloud, which is a core component of the architecture of the future that is capable of delivering better security, as well as cost savings and agility for the business.
“Cloud computing has reached a critical mass and can now run any type of enterprise application in a more economically, faster, secure way that also has global reach,” he said.