Story image

The perimeter is everywhere - so where is your data really?

02 May 2016

It’s hard to protect what you don’t understand. It’s also hard to protect data if you don’t know where it is. If your data has silently been mirrored to a data center overseas while migrating its way around the cloud, how would you know? How would you really be able either to protect it or know with certainty how secure it is? This is the problem with converging data – assuming it will work and be secure, and still interoperate and behave.

If you don’t know where your data is, you may not have much luck protecting it legally, or really knowing how that might happen across different overseas jurisdictions if you run into trouble. In that sense, it’s very hard nowadays to understand what’s really happening in the cloud; you just hope for the best – security-wise.

Not that you can’t know, but there are increasingly layers of abstraction – for market and technical reasons (high percentage marketing-related) – between you and where your data lives. If the markets dictate discount data storage overseas, you can bet some large portion of data will silently ooze there over time. If they dictate that everything should include “Cloud” in the title (rather than the underlying technology – typically a bunch of virtual machines that still need to be secured), then that’s what the brochures will say.

Combine that with multiple endpoints that are increasingly likely to be found in your pocket, purse or backpack, and the perimeter becomes very hard to understand, and harder to protect.

For years, interoperability across platforms has been the bane of technologists. They even have a show about it – Interop – where techies can vent and share stories, bad experiences, and (hopefully) fixes.

But there’s a converging trend towards simplify everything, very likely because managing many nodes instead of one or two is really hard, so it has to be made simple. The problem is, security is still hard. So if you put more big shiny “secure” buttons on your swarm of mobile/cloud/IoT devices, it doesn’t necessarily make it secure. If that were true, no one would be getting hacked now, right?

Sure, the vendors are trying to make security easier by default, but if all you want to see is a big shiny button and you’re not interested in what’s behind that button, it doesn’t make you more secure. It makes you more dependent on your vendors’ ethics.

Some companies that place a high focus on security can succeed if they are able to justify it to investors who typically view security as a money pit. But if market pressures prevail, all you’re left with is a shiny button you hope works.

If that company with the strong security ethics gets silently sold, who can say what the new landlord might dictate? Last year at Interop we watched lots of tech companies going on buying sprees, gobbling up solid tiny tech companies to add to their swelling portfolios. But who’s to say the new umbrella company will have the same sensibilities as the tiny startup that lived, ate and breathed security?

So now security is just as hard, but you have to have high confidence in your staff’s ability to sort through the hype and figure out the real fundamentals of security, and whether a vendor’s doing it well, or just has more shiny buttons than last year. Not even real buttons, but a button likeness on your mobile device.

By Cameron Camp, malware researcher, ESET

ABS and Google Cloud partner to demonstrate the feasibility of AI-enabled corrosion detection
The project successfully demonstrated the accuracy of AI in detecting and assessing structural anomalies commonly found during visual inspection.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
IDC: APeJ blockchain spending to grow over 80%
Blockchain spending is forecast to grow by 83.9% year over year in 2019, and 77.5% by 2022.
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
Why an IT resilient strategy needs to be in the modern CIO’s toolkit
"Having an IT resilience strategy in place allows an organisation to smoothly adjust to change."
Intel announces “most powerful mobile processors ever”
Improvements in performance, responsiveness and Wi-Fi connectivity will be rolling out for gamers and creators alike.
Software AG launches new cloud-based IT portfolio management tool
“Alfabet FastLane’s out-of-the-box approach absolutely addresses the needs of smaller IT teams."
Slack's 2019 feature roadmap unveiled
Including shared channels across organisations, workflow automation, greater email and calendar integration, and streamlined search.