Light Dark
August 11, 2017 By Douglas Bonderud 3 min read
Cloud Security

Thirty years ago, the Cold War threatened to spill over from high-level espionage into full-blown warfare between the world’s two great superpowers. But there could be a new conflict on the horizon.

Nature recently highlighted “The Darkening Web,” a new book by Alexander Klimburg, program director at The Hague Centre for Strategic Studies, which argued there’s an impending clash between forces of the free internet and nation-states that prefer complete cyber control. This has resulted in new challenges for enterprises already tackling concerns over cloud security and data protection. How can companies win day-to-day digital battles and survive the war?

Cold Comfort

What does this new battlefield look like? In many respects the goals haven’t changed: Nations still want to uncover the potentially damaging secrets of other states, while hacktivist groups look to expose what they consider flaws in digital asset management or the oppression of digital freedoms.

What sets this new cold war apart is the sheer number of actors, with the democratization of technology making it possible for smaller nations, loosely associated groups and even individual cybercriminals to compromise critical data. Tactics have also evolved. The era of James Bond-like espionage and trickery has passed, replaced by reconnaissance at a distance and the use of open source code vulnerabilities to spy on corporate or countrywide activities.

The Innovation Issue

For enterprises, the conflux of emerging tensions and cloud security creates a tough-to-manage front line. How can corporations ensure that forward-facing cloud technology isn’t at risk of cybercrime, especially for companies acting as partner agencies or third-party providers for government organizations?

The nature of cloud and other emerging technologies creates a critical issue: innovation. Consider the rise of Internet of Things (IoT) devices. While always-connected cameras, printers and sensors offer massive business value, the drive for first-to-market status often means that basic security hygiene is overlooked in favor of speed and functionality.

Open source code is another growing problem, since companies don’t have the time or budget to create new code from scratch every time they design a new app or install a new device. This can result in vulnerabilities such as Devil’s Ivy, which stems from a flaw in the open source gSOAP code that is widely used in physical security products. A simple buffer overflow attack allows fraudsters to take total control of IoT devices.

The bottom line is that both malicious actors and corporate security professionals see the potential in cloud computing. Innovation at speed offers massive opportunities to streamline business, but it also leaves organizations exposed to threats.

A Helping Hack

The strategy for winning battles and beating the cyber cold war is two-fold: start hacking and start sharing.

The number of security experts pales in comparison to the number of cybercriminals worldwide. Add in the growing cybersecurity skills gap, and it’s no surprise that enterprises find it impossible to fully defend cloud-based architecture. Businesses need to invest in events, tools and training to break their own systems and discover vulnerabilities before they’re made public by hacktivists or quietly exploited by nation-state actors. This might take the form of a bug bounty program or hacking competition. Companies could also leverage a third-party agency to kick down digital doors and see where corporate defenses are weak.

The other half of the strategy is talking the talk. Too many companies prefer to keep possible hacks, cloud concerns and open source vulnerabilities a secret for fear of accidentally leaking critical information. The problem with this approach is that purposeful exploitation of these weaknesses puts enterprises in a far worse position than the controlled release of information with the intention of finding actionable results.

Consider the current situation in Europe: The Independent noted that losing access to European Union (EU) intelligence data thanks to Brexit will make U.K. citizens “less safe.” Cybersecurity sharing alliances are beginning to emerge and government agencies recognize the need to protect companies that are willing to share this information — but it’s slow going.

The Battle for Cloud Security

There’s a new cold war brewing. Threat actors are using digital disinformation and corporate vulnerabilities to collect valuable data and put critical services at risk. Made bolder by the changing nature of cloud security, cybercriminals are no longer tied to nations, creeds or even high-minded ideals — some are simply interested in testing their skills or demonstrating the flaws of new technologies.

While it’s not possible for enterprises to triumph in every digital dust-up, long-term success is on the table with a focus on discovering inherent flaws and sharing data with like-minded allies.

 |  |  |  |  |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from Cloud Security
November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 3, 2023

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature