Cloud Security for Everyone
Thirty years ago, a little wooden hut sat in the parking lot of my local Jersey strip mall. I would drive up to the hut, pay a few bucks, and a teenager would hand over a packet of developed photos, including a nice shot taken of some Bulls rookie named Michael Jordan. After glancing through these photos once or twice, I would toss them into a shoebox for storage, along with dozens of other packets. That box still sits up in the closet somewhere – I think.
Twenty years ago, a clunky PC sat on the desk of my Jersey office. I would log into the PC, click on the HP icon, and then digitally scan my printed photos into local memory. This including a nice shot taken of some Yankee rookie named Derek Jeter. The scans would be arranged into a folder on my Windows system, and before long, I had hundreds of photos stored on this PC which I looked at occasionally. I have no idea where these photos are today. Not a clue.
Ten years ago, a cool iPhone found its way into my pocket. Soon, I was using this iPhone to take literally zillions of pictures, including one of a promising young college basketball player named Stephen Curry. The best part of all this was that you could click on this and that, and the iPhone would then shove all these zillions of pictures up into something called the cloud. With so many cloud-accessible photos, I began to illustrate my conversations (annoyingly) with photos.
With this progression to cloud comes a couple of security considerations – but they might not be what you think. First, it should be clear that moving from printed photos in a shoebox to iPhone images in the cloud greatly reduces the likelihood of a hacker intentionally destroying precious sports photos. This implies that with the progression to cloud, the risk of lost data is reduced. Ransomware attacks, for example, are less dangerous when you use cloud.
But also with this progression to cloud comes the concern that with my photos sitting up in some Apple or Microsoft or Google data center (yes, the cloud is just an assortment of data centers), perhaps someone might gain unauthorized access to one of my embarrassing or private photos. This implies that we must trust the administrators at the cloud services companies to make sure this doesn’t happen. And that is not always so easy.
All of this implies that cloud security is a collage of different activities that are mostly the responsibility of the service provider to perform. They do this using advanced protection techniques, including creating zillions of little private virtual shoeboxes (ahem) that keep my photos separate from yours. Security geeks call this method segmentation, and the ability to run many operating systems on one machine (called virtualization) makes it efficient.
Businesses have been slow to fully embrace cloud and its security methods, simply because it involves a shift in protection control to the cloud provider. Some businesses are more comfortable recently, as cloud providers have increasingly allowed inspections and audits by experts who attest that everything is being done according to best practices. This is good news for all of us, because most cloud providers are quite capable when it comes to security.
If you ask where I’ll be storing my photos ten years from now, I guess my answer is that I don’t know. Perhaps some autonomous virtual robot will sense what I am thinking and snap the pictures for me – just in case I might want them. And if you ask me which sports stars in ten years will be the next Jordan, Jeter, or Curry – well, if I knew that answer, then I assure you I wouldn’t be spending my time writing articles about cloud security.
Edward Amoroso
Experienced Chief Executive Officer, Chief Security Officer, Chief Information Security Officer (second person to hold the CISO position in history), University Professor, Security Consultant, Keynote Speaker, Computer Science Researcher, and Prolific Author (six published books) with a demonstrated history of working in the telecommunications industry beginning at Bell Labs and leading to SVP/CSO position at AT&T. Skilled in Cyber Security, Network Architecture, Wide Area Network (WAN), Managed Services, and Network Design. Strong entrepreneurship professional with PhD in Computer Science from the Stevens Institute of Technology, and also a graduate of Columbia Business School. Directly served four Presidential Administrations in Cyber Security, and now serves as a Member of the M&T Bank Board of Directors, Senior Advisor for the Applied Physics Lab at Johns Hopkins University, Adjunct CS Professor at the Stevens Institute of Technology, CS Department Instructor at New York University, and Member of the NSA Advisory Board (NSAAB).