Securing the Internet:The Cloud is for Security
People hear the term “cloud computing” and conclude the underlying rationale is cost savings. I believe it is in fact security. While cost savings is no doubt a critical driver of adoption, I would ask a larger question: “What happens to the global economy and our national defense if the Internet cannot be secured?”
Think about it seriously. Cyber crime is the fastest growing business in history and its scale is off the charts. Today there are more than 5 million new variants of malware discovered every day, according to McAfee. What will happen when a $200 million international bank transfer simply disappears, or when credit cards or e-commerce transactions are no longer viable due to the cost of added security or insurance?
To make my point let’s consider a warning from a cyber luminary, the strategy of a super-user, and a few related user trends.
Army Gen. Keith Alexander, head of both the National Security Agency and our nations Cyber Command, recently commented that cyber crime is resulting in “the greatest transfer of wealth in history.” He cited published reports from security vendors, “Symantec placed the cost of IP theft to United States companies at $250 billion a year,” he said. “Global cybercrime at $114 billion - nearly $388 billion when you factor in downtime. And McAfee estimates $1 trillion was spent globally on remediation. And that’s our future disappearing in front of us.” This is a gentleman who rarely seeks the public spotlight.
From a super-user standpoint consider the Department of Defense (DoD). They use the National Institute of Standards and Technology’s definition of cloud computing for their strategy. NIST defines cloud computing as “a model for enabling ubiquitous, convenient, on‐demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The goals for the DoD cloud are to “consolidate and share commodity IT functions resulting in a more efficient use of resources.”
The DoD understands this strategy also allows for sharing and adopting the most secure commercially available cloud services. The strategy is that the eggs are not all in one basket but in several very large “redundant” baskets that you continuously monitor and secure. This is actually a better strategy than policing millions of little baskets. Think about this in the context of the mobile device growth trend.
According to Machina Research, growth in handset data users will also be significant, with 3G+ (i.e. 3G, 4G and potentially beyond) devices set to grow from 2 billion at the end of 2011 to 9 billion by 2020. How do you secure them? Users could not download security patches fast enough — if you could depend on users to do it in the first place (the devices are not robust enough, and you would constantly be downloading software).
Enter the cloud: Step (1) access the cloud, (2) pass security checks, (3) get access to data (email/web), (4) exit security checks, (5) back to device. This is the real value of cloud architecture — centralized and managed security for distributed device access in an age where perimeter security is nonexistent.
Numerous surveys conclude companies are accelerating their trust in cloud solutions, with adoption rates accelerating across industry segments as the cloud deploys mission-critical business applications. At the same time, security remains a primary concern. The good news is that today security can actually be part of the solution upfront rather than an afterthought as it has been traditionally.
The saving grace for the digital economy and our national security lies in securing the cloud. Our best and brightest must step up to cyber criminals, syndicates, hacktivists and nation states to secure our future online. Better to engage in select locations than diluting effort across millions of breach points. The cloud is for security.