Looking Back at Security Attacks in 2016
The threats that were prominent in 2016 were definitely noteworthy. I say this because this year brought out the full range of attack types and attacker motivations including financial data collection, PII harvesting, politically driven theft and disclosure and most recently, an IoT-based distributed denial of service attack, which targeted a critical part of the Internet and crippled Amazon, Netflix and Twitter. Attackers apparently included state-funded groups and very low budget script kiddies. In 2016, we had it all.
2016 was mainly notable for one other reason in my opinion. I think organizations and individuals are starting to become desensitized to cyber attack publicity and as a consequence, the eye-watering numbers of compromised accounts and amounts of data being lost aren’t having the impact they once had. That would be fine if there was truly nothing to worry about, because who needs more bad news to process and the related anxiety? Unfortunately, we need alarm and consequences to drive improvement and we’re nowhere near ready to claim we’ve achieved “good enough” when it comes to cybersecurity.
Looking Forward to 2017 – Security in the Cloud
On tap for 2017, among other topics, is an increased focus on cloud security. Why? IT departments have developed an increased reliance on services consumption, delivery models and use of cloud-based apps will continue to drive public cloud adoption. As more applications are realized in the cloud, the value of the data located there and the impact of a disruption will also increase as these infrastructures will become targets. As a result, more attention will be paid to the ways in which cloud security can be improved.
First up on this journey will be fully understanding the responsibilities assigned to each party in the cloud ecosystem. Let’s focus on the two primary participants – the cloud provider and the cloud user. The cloud provider is responsible for providing a security cloud foundation. With a public cloud infrastructure, you have a great foundation for security – both in process and technology maturity in the operation of the cloud and in the services that providers offer to help their customers. Our founder has written a whitepaper pointing out how the services and logs offered by public cloud providers start the security discussion at a head start when compared to most homegrown infrastructure. The cloud user’s responsibility is to leverage these services to create and operate a secure application “in” the public cloud.
However, simply securing an application is not enough. Cloud infrastructures encourage rapid change. From inexpensive application experiments with short lifespans meant to flush out requirements to dynamic provisioning meant to provide fast response to changing loads in establish applications, the rate of change in the cloud far surpasses anything that existed for most companies operating their own infrastructure. Companies need to deal with this volatility and its impact on security. Old approaches to data security, especially processes and tools that explicitly or implicitly assume a predominantly static or slowly changing configuration will at best simply get in the way of cloud operations and at worst will provide a false sense of security. The only way to deal with this rate of change will be more process and tool automation – automation being applied to leveraging the security services available and the vast amounts of data provided to help improve security at machine scale rates.
Learn more and see us at AWS re:Invent
We will be exhibiting at this year’s AWS re:Invent booth #103. If you would like to set up a meeting with Observable Networks to see how we help companies protect their assets in the public cloud, please email email@example.com. To learn more about Observable networks, visit www.observable.net.
Protecting your public cloud infrastructure by identifying insider and external threats faster couldn't be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.
Detect Threats Faster – Start Your Free, No-Risk Trial