Cloudy insider threat confounded

Posted by Peter Cochrane on May 16, 2011

While Sony have now begun work reinstating their PlayStation network following last month’s hack, a number of recent press reports have debated the ramifications the event could have on the cloud computing industry. However, as former chief technologist for BT, Peter Cochrane explains, its ability to complicate ‘insider hacks’ could yet be cloud computing's saving grace.

Cloudy insider threat confounded
by Peter Cochrane

At every security conference I attend there seems to be a consensus that the insider threat is the primary problem, but all the time and energy is then focused on encryption, password protection, protocols and the good old firewall problem.  But hey, in a dynamic world of outsourcing and transitory employment, the insider threat problem ‘really is’ the bigger threat!

In the non-cloud world of static servers and networks, any malevolent on-site guests, contractors and workers have really got it made.  Gaining access to almost anything is child’s play.  A combination of empty offices, unattended desks and machines, unsecured ports and loose talk, are just the tip of the exposure iceberg.  By being opportunistic, making a few random and focused observations, leveraging social engineering, and perhaps applying some specialised software, the malevolence wins out every time.

So what of the cloud environment – why should it be any better? Here is an analogy I use to explain the subtle depth of protection possible inside, and outside a firewall, or indeed within a cloud with a non-conventional protection strategy with no firewall.

Suppose a burglar is determined to break into a secure building by picking the lock. He gets out his tools and a few minutes later the last tumbler drops with a click and he’s in. But he finds himself in a room with little of real value, and is faced with a further 10 identical doors, but each has a different brand of lock that is grossly different to the first door.
 
How does he choose the most productive door, and how can he be sure the door of his choice will lead somewhere profitable? He can't! So he picks a door at random and plies his well-practiced trade once more, but this new door has a different, and even tougher lock. He works away when suddenly the door behind him closes with a bang and the lock switches to a new combination.

The burglar decides to press on, and eventually there is a click and he opens the door into a second room with a few more valuables and another 10 doors with different and even stronger locks. And on he goes...and the door behind him always goes bang - click.

Suddenly he is struck by the lack of ventilation and the worsening air quality, and before his eyes the walls spin and all the doors change position. Now he can't find his way back, and ahead of him lie increasingly difficult locks on ever more doors in ever more rooms. He is in a maze finding it hard to breathe...

What he doesn't know is that he has now been detected, located and identified, and his fate (life or death) rests with the owner of the network.

This translates to a human or viral security attack on a multi-cloud system, with intruder detection, isolation and destruction.

In contrast, conventional networks present a much simpler target, and a model that is well understood. They may have a couple of security layers, or perhaps three, but they present a single identifiable target that is stable and well behaved.

So what else can we do to spot an intruder?  For sure the network knows the good guys, and it knows their work patterns, range of log-on, log-out times, locations, week and weekend habits, travel patterns and resources consumed.  It turns out that by merely monitoring ports, machines, connections and activity it is relatively easy to spot a rogue activity and the person responsibility.

Paradoxically, our habitually as good or bad guys differentiates us and make it easy to identify the real risks.  In the cloud environment security is no longer a static or isolated activity of limited richness, quite the reverse!  Even better, every cloud is different and continually changing. So companies no longer look big, fat, dumb and static. In fact, it can be quite difficult to find many elements of a company if you are an insider, unless you’re given the keys to the right sequence of doors!

Dr Peter Cochrane is the former Chief Technologist for BT and a seasoned IT professional with over 40 years of hands-on management, technology and operational experience across a number of industries. He has been involved in established companies at an operational level, as well as the creation and deployment of new technologies, products and management systems, plus the transformation of corporations, the starting of many new businesses and direct board responsibility in companies spanning from £bns to £ms.

For more on Peter’s current business activities, visit
www.ca-global.org