Light Dark
August 11, 2017 By Douglas Bonderud 3 min read
Cloud Security

Thirty years ago, the Cold War threatened to spill over from high-level espionage into full-blown warfare between the world’s two great superpowers. But there could be a new conflict on the horizon.

Nature recently highlighted “The Darkening Web,” a new book by Alexander Klimburg, program director at The Hague Centre for Strategic Studies, which argued there’s an impending clash between forces of the free internet and nation-states that prefer complete cyber control. This has resulted in new challenges for enterprises already tackling concerns over cloud security and data protection. How can companies win day-to-day digital battles and survive the war?

Cold Comfort

What does this new battlefield look like? In many respects the goals haven’t changed: Nations still want to uncover the potentially damaging secrets of other states, while hacktivist groups look to expose what they consider flaws in digital asset management or the oppression of digital freedoms.

What sets this new cold war apart is the sheer number of actors, with the democratization of technology making it possible for smaller nations, loosely associated groups and even individual cybercriminals to compromise critical data. Tactics have also evolved. The era of James Bond-like espionage and trickery has passed, replaced by reconnaissance at a distance and the use of open source code vulnerabilities to spy on corporate or countrywide activities.

The Innovation Issue

For enterprises, the conflux of emerging tensions and cloud security creates a tough-to-manage front line. How can corporations ensure that forward-facing cloud technology isn’t at risk of cybercrime, especially for companies acting as partner agencies or third-party providers for government organizations?

The nature of cloud and other emerging technologies creates a critical issue: innovation. Consider the rise of Internet of Things (IoT) devices. While always-connected cameras, printers and sensors offer massive business value, the drive for first-to-market status often means that basic security hygiene is overlooked in favor of speed and functionality.

Open source code is another growing problem, since companies don’t have the time or budget to create new code from scratch every time they design a new app or install a new device. This can result in vulnerabilities such as Devil’s Ivy, which stems from a flaw in the open source gSOAP code that is widely used in physical security products. A simple buffer overflow attack allows fraudsters to take total control of IoT devices.

The bottom line is that both malicious actors and corporate security professionals see the potential in cloud computing. Innovation at speed offers massive opportunities to streamline business, but it also leaves organizations exposed to threats.

A Helping Hack

The strategy for winning battles and beating the cyber cold war is two-fold: start hacking and start sharing.

The number of security experts pales in comparison to the number of cybercriminals worldwide. Add in the growing cybersecurity skills gap, and it’s no surprise that enterprises find it impossible to fully defend cloud-based architecture. Businesses need to invest in events, tools and training to break their own systems and discover vulnerabilities before they’re made public by hacktivists or quietly exploited by nation-state actors. This might take the form of a bug bounty program or hacking competition. Companies could also leverage a third-party agency to kick down digital doors and see where corporate defenses are weak.

The other half of the strategy is talking the talk. Too many companies prefer to keep possible hacks, cloud concerns and open source vulnerabilities a secret for fear of accidentally leaking critical information. The problem with this approach is that purposeful exploitation of these weaknesses puts enterprises in a far worse position than the controlled release of information with the intention of finding actionable results.

Consider the current situation in Europe: The Independent noted that losing access to European Union (EU) intelligence data thanks to Brexit will make U.K. citizens “less safe.” Cybersecurity sharing alliances are beginning to emerge and government agencies recognize the need to protect companies that are willing to share this information — but it’s slow going.

The Battle for Cloud Security

There’s a new cold war brewing. Threat actors are using digital disinformation and corporate vulnerabilities to collect valuable data and put critical services at risk. Made bolder by the changing nature of cloud security, cybercriminals are no longer tied to nations, creeds or even high-minded ideals — some are simply interested in testing their skills or demonstrating the flaws of new technologies.

While it’s not possible for enterprises to triumph in every digital dust-up, long-term success is on the table with a focus on discovering inherent flaws and sharing data with like-minded allies.

 |  |  |  |  |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature