Story image

The perimeter is everywhere - so where is your data really?

02 May 16

It’s hard to protect what you don’t understand. It’s also hard to protect data if you don’t know where it is. If your data has silently been mirrored to a data center overseas while migrating its way around the cloud, how would you know? How would you really be able either to protect it or know with certainty how secure it is? This is the problem with converging data – assuming it will work and be secure, and still interoperate and behave.

If you don’t know where your data is, you may not have much luck protecting it legally, or really knowing how that might happen across different overseas jurisdictions if you run into trouble. In that sense, it’s very hard nowadays to understand what’s really happening in the cloud; you just hope for the best – security-wise.

Not that you can’t know, but there are increasingly layers of abstraction – for market and technical reasons (high percentage marketing-related) – between you and where your data lives. If the markets dictate discount data storage overseas, you can bet some large portion of data will silently ooze there over time. If they dictate that everything should include “Cloud” in the title (rather than the underlying technology – typically a bunch of virtual machines that still need to be secured), then that’s what the brochures will say.

Combine that with multiple endpoints that are increasingly likely to be found in your pocket, purse or backpack, and the perimeter becomes very hard to understand, and harder to protect.

For years, interoperability across platforms has been the bane of technologists. They even have a show about it – Interop – where techies can vent and share stories, bad experiences, and (hopefully) fixes.

But there’s a converging trend towards simplify everything, very likely because managing many nodes instead of one or two is really hard, so it has to be made simple. The problem is, security is still hard. So if you put more big shiny “secure” buttons on your swarm of mobile/cloud/IoT devices, it doesn’t necessarily make it secure. If that were true, no one would be getting hacked now, right?

Sure, the vendors are trying to make security easier by default, but if all you want to see is a big shiny button and you’re not interested in what’s behind that button, it doesn’t make you more secure. It makes you more dependent on your vendors’ ethics.

Some companies that place a high focus on security can succeed if they are able to justify it to investors who typically view security as a money pit. But if market pressures prevail, all you’re left with is a shiny button you hope works.

If that company with the strong security ethics gets silently sold, who can say what the new landlord might dictate? Last year at Interop we watched lots of tech companies going on buying sprees, gobbling up solid tiny tech companies to add to their swelling portfolios. But who’s to say the new umbrella company will have the same sensibilities as the tiny startup that lived, ate and breathed security?

So now security is just as hard, but you have to have high confidence in your staff’s ability to sort through the hype and figure out the real fundamentals of security, and whether a vendor’s doing it well, or just has more shiny buttons than last year. Not even real buttons, but a button likeness on your mobile device.

By Cameron Camp, malware researcher, ESET

How mass data fragmentation impacts business growth and compliance readiness
"About 44% of Australian businesses use six or more solutions to try to manage fragmented data sources and repositories."
LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.
InfluxData aims to accelerate growth with new sales executives
As time-based data is generated at exponential rates from increased use of DevOps and IoT sensors, companies are requiring more advanced performance tools to analyze their complex environments. 
Commvault fully integrates backup with Cisco Hyperflex
Its IntelliSnap technology has been validated to work with Cisco HyperFlex hyper-converged systems without the need for third-party tools.
Slashing commute time could save NZ from 900,000 tonnes of C02
In New Zealand, workers could save between 7.7 and 8.8 million hours of commuting time every year.
Huawei continues 5G trails despite interational concern
Huawei completed the 5G NR test at 2.6GHz spectrum in the 5G trial organised by the IMT-2020 (5G) Promotion Group. 
Experts comment on record 772mil-user data breach
Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.
McAfee Gartner Customers’ Choice for Secure Web Gateway
“We take great pride in being recognised by our customers on Gartner Peer Insights, and their willingness to recommend McAfee Web Gateway technology”