Story image

The perimeter is everywhere - so where is your data really?

02 May 2016

It’s hard to protect what you don’t understand. It’s also hard to protect data if you don’t know where it is. If your data has silently been mirrored to a data center overseas while migrating its way around the cloud, how would you know? How would you really be able either to protect it or know with certainty how secure it is? This is the problem with converging data – assuming it will work and be secure, and still interoperate and behave.

If you don’t know where your data is, you may not have much luck protecting it legally, or really knowing how that might happen across different overseas jurisdictions if you run into trouble. In that sense, it’s very hard nowadays to understand what’s really happening in the cloud; you just hope for the best – security-wise.

Not that you can’t know, but there are increasingly layers of abstraction – for market and technical reasons (high percentage marketing-related) – between you and where your data lives. If the markets dictate discount data storage overseas, you can bet some large portion of data will silently ooze there over time. If they dictate that everything should include “Cloud” in the title (rather than the underlying technology – typically a bunch of virtual machines that still need to be secured), then that’s what the brochures will say.

Combine that with multiple endpoints that are increasingly likely to be found in your pocket, purse or backpack, and the perimeter becomes very hard to understand, and harder to protect.

For years, interoperability across platforms has been the bane of technologists. They even have a show about it – Interop – where techies can vent and share stories, bad experiences, and (hopefully) fixes.

But there’s a converging trend towards simplify everything, very likely because managing many nodes instead of one or two is really hard, so it has to be made simple. The problem is, security is still hard. So if you put more big shiny “secure” buttons on your swarm of mobile/cloud/IoT devices, it doesn’t necessarily make it secure. If that were true, no one would be getting hacked now, right?

Sure, the vendors are trying to make security easier by default, but if all you want to see is a big shiny button and you’re not interested in what’s behind that button, it doesn’t make you more secure. It makes you more dependent on your vendors’ ethics.

Some companies that place a high focus on security can succeed if they are able to justify it to investors who typically view security as a money pit. But if market pressures prevail, all you’re left with is a shiny button you hope works.

If that company with the strong security ethics gets silently sold, who can say what the new landlord might dictate? Last year at Interop we watched lots of tech companies going on buying sprees, gobbling up solid tiny tech companies to add to their swelling portfolios. But who’s to say the new umbrella company will have the same sensibilities as the tiny startup that lived, ate and breathed security?

So now security is just as hard, but you have to have high confidence in your staff’s ability to sort through the hype and figure out the real fundamentals of security, and whether a vendor’s doing it well, or just has more shiny buttons than last year. Not even real buttons, but a button likeness on your mobile device.

By Cameron Camp, malware researcher, ESET

Versent acquires AI specialist Contexti
Versent announced its acquisition of Sydney-based, actionable insights business, Contexti.
8x8 launches X series contact centre cloud solution in A/NZ
“With X Series, organisations throughout Australia and New Zealand can now integrate all of their employee communications and contact centre solutions on one cloud platform.”
Aerohive achieves ISO/IEC 27001 cloud platform certification
Aerohive is the first cloud-managed networking vendor recognized by a global standard for commitment to information security management systems.
Better data management: Whose job is it?
An Experian executive’s practical advice on how to structure data-management roles within a modern business environment.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
Platform9 and Intersect partner to bring unified cloud to A/NZ
“For Intersect, Platform9 represents the single most strategic solution to a set of challenges we see expanding across the board."
Gartner: AI to reduce project management workload
80% of the work performed project management teams will be taken over by AI by 2030, starting this year.