Sharing attack data is critical to protecting cloud computing systems

In the face of growing information storage and cloud computing services that complicate security technology deployments, individual businesses need to use new ways to share anonymous attack data, says Dave Cullinane, chief executive officer and Cloud Security Starfish LLC. Otherwise, it will face serious consequences.

At the opening keynote address of the Tuesday Cloud Security Union Congress, Cullinane tried to motivate a roomful of IT security experts to change their security plans: implementing an intelligence based security strategy. The goal, Cullinane says, is to understand future threats to the system based on operational intelligence, thereby allocating resources more efficiently. He warns that many companies spend millions of of billions of dollars on security technology, while protecting the wrong resources.

"An attacker may, by some means, destroy our basic trust in the things we depend on every day, this is one of the major threats we face, and we must act on it," Cullinane said. "We must be able to provide everyone with important information that they need to know so that we don't have to run after the enemy. "In recent years, many security experts and government officials have advocated an internet-based approach to information security, urging individual companies to share attack data, but to a large extent the related responsibilities and legal issues impede this information-sharing process."

Cullinane called on security experts to communicate with their public relations and legal teams to negotiate ways to remove legal obstacles. Cullinane said that the operational intelligence information needed to provide how the enterprise was attacked, when the attack occurred, and where the attack originated, so that other companies could determine whether they had also been attacked and find ways to control the development of the situation or solve the vulnerability problem in order to avoid another similar attack. "Our opponents are more professional than ever, they are sharing information," Cullinane says, "They are working together in madness, which is one of the reasons they are so successful." ”

Cullinane the impact of mobile technology and the growing number of smartphones, both of which are driving the deployment of cloud services. Cloud services providers are investing billions of of dollars to build huge data centers to handle peak capacity, but the impact on security is dire, Cullinane says: "This is purely economic, but it means my data center will be in your datacenter." ”

Cullinane, who once served as chief information security officer at ebay, says his previous company's billions of dollars in revenue comes from users who use mobile apps to buy and sell their products. By next year, ebay estimates that 95% of the items on its auction platform will be bought and sold via smartphones and tablets. "The economy is driving change and we need to figure out how to address the impact on security," says Cullinane. ”

There are signs that cloud security is improving, Cullinane said, and emerging technologies solve the problem of log correlation and analysis in cloud computing. And vendors are developing virtualization technologies that enable organizations to capture and save the virtual machines that are being attacked, so that the forensics team can understand how the system was attacked.

But there are serious problems to be solved. Cullinane says that through platforms, services and software as services, the enterprise security team's responsiveness to events is highly dependent on the enterprise's cloud service providers, and roles and responsibilities are often not explicitly defined, and Web applications that use cloud computing data are often not tested in an application-run environment, This causes unforeseen vulnerabilities to be exposed in the production process.

These problems, like a snowball, will eventually create a complex set of problems that companies can solve only by trying to share threat information with data that is relevant and operable. He added that the situation would be completely out of control if security experts failed to act. With relatively low costs, organized cyber criminals can create incredibly complex functions that may come from anywhere in the world and can cause havoc, with disastrous consequences that could disrupt economic infrastructure. "Global sharing is vital to our future," Cullinane said. "If we don't share information, we will be defeated by our opponents." ”