Subscribe

Security, a problem of scale

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
London, 10 Oct 2012

Big data is everywhere; it is being fuelled by cloud computing, apps, divides, connecting people. It is estimated that over 25 million Google apps have been downloaded, and Facebook now has over a million users.

So said Philippe Courtot, chairman of Qualys, during his keynote address at RSA Conference 2012, in London this morning. "We now see hidden cameras, silently monitoring motorists, capturing number plates, weeding out stolen cars, paedophiles and suchlike. Businesses, too, are using this technology, looking for those who have defaulted on their car payments, to repossess the vehicles."

It's a fact that most organisations have to deal with big data to understand their systems, their customers and their users.

He said there are still negative perceptions around cloud computing. It's not safe; mission-critical information should not be stored there; it's a marketing gimmick. Courtot believes this is not the case. It's here to stay, and largely fuelled by the pressure on business to be agile.

"Think of cloud infrastructure. How can we harness that to add value? Cloud brings a major change in scale and therefore new challenges."

Courtot said there are four major components of cloud. Data centres, Web applications, Internet and Internet devices. "When thinking of securing a cloud environment, think of these four components. Build security into the infrastructure. The key point of contention is the new perimeter, which are the Web app and browser layers. Build security into the fabric of these key layers, not after the fact."

He added that hardening the new perimeter is key. "The speed of cloud in itself creates a problem. Within any organisation, there are thousands of Web apps. Now to authenticate, analyse vulnerabilities, analyse traffic, correlate, mitigate - all of these stages have to happen fast. The cost and complexity of having to create new rules constantly is staggering."

There is a need for new tools to remediate these apps. It's a significant challenge, he says.

Businesses running Web apps need to understand how many they have, what they are for, how they are used. This perimeter must be hardened to correlate logs across these environments.

Things to be taken into account, says Courtot, include understanding potential exploits, managing code issues and the different methods of authentication.

Another issue, he explained, is the BYOD trend, which is here to stay. "What is needed here is a single sign-on, and good privacy and corporate policies. All the analysis must be done in the cloud to be effective. We're talking hundreds of millions of devices."

Security in the hybrid IT cloud is front and centre. Security has become a problem of scale. "We need to build a new security intelligence platform.

"Bring awareness of threats, awareness of what your assets are, of what you are trying to protect. Bring all this information into one place."

Share