How Cloud Shifts Security Balance of Power to the Good Guys

Cloud providers have the resources to fortify their data centers and hire armies of security pros, but they wield other powerful weapons to protect customer data.

Anyone who has followed tech trends over the past few years probably can recite a litany of reasons companies should turn to cloud computing instead of running their own data centers.

That list includes the intertwined notions that cloud computing can be significantly cheaper and much more flexible than the traditional company-run data center model.

The biggest cloud counterargument posed by many IT pros — sometimes known as “server huggers” — is that companies are better able to secure their own gear and data than any third-party provider.

That is not turning out to be the case. Aside from the generally accepted idea that cloud providers can offer better physical security for data centers and hire more security specialists than even their largest Fortune 500 customers, there is now considerable evidence of what cloud providers offer in terms of security. Because a large cloud provider sees a ton of traffic and data usage patterns, it is better able to detect anomalies than any one of its customers could on its own. This is true even though cloud providers do not actually “see” customers’ encrypted data itself.

Cloud players may now have advantage in hacker wars

Many people see the black hat/white hat struggle to break into or protect data as never-ending spy vs. spy one-upmanship. In their view, the bad guys and good guys take turns using the same increasingly smarter tools to attack and defend data stores.

But others now argue that cloud changes that equation drastically and shifts the power balance in favor of good guys.

At a recent Center for Strategic and International Studies event in Washington D.C., Edward Screven, Chief Corporate Architect at Oracle, said the idea that there is rough parity between attackers and defenders is no longer accurate.

Companies that handle troves of customer data and traffic have aggregate knowledge of usage patterns that no hackers can replicate, he argued. To attain the same level of detail across customers, bad guys would have to access myriad customer data centers.

 “We can learn from the legitimate behavior of our users, and that gives us an advantage,” Screven said.

Nor is it easy for companies that run their own data centers using diverse hardware and software to keep all that gear updated and patched. That means hackers can roam from company to company in search of vulnerabilities to exploit, and all too often, find them.

Last year research found that 60% of companies that suffered a breach attributed it to the use of unpatched software. “It is very difficult for most organizations to apply updates and patches as quickly as attackers can turn them around for exploits,” James Lewis, senior vice president of CSIS and director of its technology program said after the event. “It’s a race that large enterprises can almost never win.”

Thus, anything that can ease and speed patching and updates will shift the balance of power in favor of data defenders over attackers.

Investment and stakes in cybersecurity are sky high

An executive with a major IT services company agreed that cloud has changed the game in data security.

“There is a combination of scale and a level of importance to the business that prompts cloud providers to create security teams that rival the Pentagon’s,” he said. If these providers screw up on security, their businesses will suffer. This executive requested anonymity because he is not authorized to talk on this subject.

“Cloud providers are collecting [digital signatures], and applying pattern recognition on types of traffic,” he said. “Their ability to isolate traffic based on time of day, type of customer, geography and other factors, will all come in handy in keeping data secure,” he said.

Bill Kleyman, executive vice president of Digital Solutions for Las Vegas-based Switch, a large data center operator, agreed that large cloud providers can aggregate data, which gives them enhanced visibility into what’s going on in the network, and thus potentially be better able to counteract cybercrime.

The downside to all that aggregation, he said, is it “paints a big target on your back.”

Kleyman believes the pendulum will continue to swing between centralization and decentralization, which means businesses must prepare for a hybrid world.

Barbara Darrow, who has reported on business technology for more than 20 years, is now a senior director of communications for Oracle Corp.