October 24, 2016
Ethical Hacker's Notebook, Part 1: Smart FAQs for Securing Data in the Cloud
With our launch of new managed-security services, I was interviewed recently about the XO security story relative to recent industry trends and hacks.
Why ask me? Because I'm a hacker. My bosses know this. In fact, they encourage me to apply my passion for cyber security to help our customers and partners sharpen their defenses. I'm a certified ethical hacker, or CEH (better known as a "whitehat" to some). As a CEH, I use tools and strategies to locate network weaknesses so they can be corrected before cyber-criminals exploit them.
Here are a few of topics, in two parts, that we covered during the interview. I believe they deserve special attention, particularly when companies are prioritizing options for moving data through the cloud. A logical starting point is a look at cloud-specific risks that pose the greatest danger to enterprises.
What trends are you seeing in enterprise cyber-security programs?
Companies dependent on regulatory compliance or online purchasing platforms, or both, are particularly at risk should their data be compromised or stolen. These companies are escalating adoption of “defense-in-depth” cyber strategies where layers of security are applied to protect data and systems.
These layers consist of firewalls, staff training, access control, intrusion-detection systems, policies that are constantly enforced and updated, strong physical and perimeter security, and more.
A deeply-layered approach to security helps enterprises prevent, limit and more quickly recover from the most common breaches.
The cloud seems pretty dangerous; what types of threats should enterprises guard against?
The cloud can be dangerous but it is often a necessary complement to a business's IT infrastructure. This is why we need to defend, rather than abandon, it. Dominant threats include ransomware and spear-phishing schemes, as well as DDoS (distributed denial of service), Trojans, worms, APTs (advanced persistent threats), brute-force and zero-day attacks. All of them are explained in depth online.
Mobile endpoints, like smart phones, become most vulnerable to attack when they're used outside the business's private network. In the case of smart phones, this will be frequently. Malware that is most likely to succeed thrives with an expanding Internet of Things (IoT) that boosts productivity and profitability through policies like BYOD (bring your own device) and telework.
IoT and BYOD are driving enterprises to the cloud where the greatest advantages can be realized in productivity. Tasks and roles can be handled by employees working anywhere to keep operations running, 24/7, for lower overhead. This trend is pushing an increase in the number of mobile devices. More smart phones and tablets mean a greater need for redundancy, continuous up-time and unbroken communication. The more of these a company depends on, the greater the chances that it will fall victim to overlooked, unpatched, exploitable vulnerabilities.
Security in the cloud hinges on two key decision areas: 1) a defense-in-depth strategy (no enterprise is safe without one), and 2) outsourcing aspects of the layered defense to experts with resources to guard cyber-assets 24/7. Part 2 of this blog will consider what's involved.
Scotty Webb, XO Senior Manager, Sales Engineering, specializes in applying advanced technology to complex Intelligent WAN solutions for enterprises. A certified ethical hacker (CEH), Scotty is XO's regional expert in hosted security and unified threat management. He is passionate about all things cyber-security related.
Enter your email address below to receive updates each time we publish new content.