Security in the cloud. This is the re-occurring theme when the technology conversation turns to cloud computing. Usually that's followed by "Where's my data?" or "Who can get access to my data?" or "Do I have complete control of my own data?" Security in the last twelve months has become the real deal breaker, & issues experienced by a high profile name in the technology world like Sony really made alot of people who have been on the fence about whether to take some of their business critical systems into the Cloud.
Recently, the Ponenmon institute conducted a study that revealed that 67% of the IT professionals questioned admitted that their respective organisations were vulnerable to hackers due to lax firewall security. Scarier was that 42% of those surveyed said that were they breached or attacked, they'd have no way of knowing what was compromised. And it got worse with over half saying they were of the opinion that their staff had no knowledge about the potential risks of open firewall ports.
The full insights of that study would appear shocking to those outside the Cloud Computing industry, but to those in it, it's not, but it also isn't the full story. The study neglects the real root of the issue; good security governance from the desktop upwards in any infrastructure. The truth is, there seems to be a general lack of knowledge about security & the implications of security issues from the receptionist to the CEO, with no-one seemingly taking full responsibility for it. No-one drawing a line in the sand about where the buck truly stops.
People leaving their screens unlocked, downloading software, or opening e-mail attachments without care, providing the opportunity for those out there to re-enact a digital version of the siege of Troy. There's even less of a responsibility taken by those who code websites, or are designers-for-hire. Many don't seem to understand the platforms they are building for, or understand how the applications they design & build for clients work in the cloud.
The issue really comes down to one single fundamental questions; would any of us leave our wallet down for anyone to peruse at will or take? The answer is no, we wouldn't. Data in any business IS the wallet of the company. It has to be given the same reverence, respect & care. Sure, the questions about where your data is, or who has access to it are valid, but the real question any organisation must ask is simple & stark; do WE ourselves treat our data the way we expect our service providers to treat it?
As sure as you could establish a cloud solution with a cloud service provider, then pen test that to within an inch of its life, the more important pen tests need to be done within your own organisation. One of the continually growing areas of access compromise is people taking advantage of social engineering; the process of obtaining information and or access through deceit.
People are still taking calls from people claiming to be from well known technology companies to run pieces of software on their machines, only to later find themselves compromised, exploited and or defrauded. People are still clicking on links in e-mails telling them to log on & confirm passwords. Ask any online gamer how often they've heard of someone getting compromised.
The simple truth of this is, no matter how good the hardware platform is, how good the process is from the service provider, & how good you think your staff is, the real threat to the security of your business comes from within. Your service provider is only as good as your own instructions, your own knowledge & understanding, & your own ideals, & those ideals being kept rigidly.
A degree of suspiciousness, caution & paranoia is not only healthy, but acceptable as well as needed in today's Digital Age. The level of concern about security in the cloud is really to do with business' own insecurity over its own processes, data handling ideals than what the service provider's level of security offers. If you can sleep well at night knowing your wallet is safe, shouldn’t your data in your business be able to feel the same?
Wednesday, November 16, 2011
Monday, November 14, 2011
Episode 15: The one where Ireland leaves the front door unlocked
Ireland is at an incredible juncture in its history. Our national debt is of gargantuan proportions, we're in a harsh period of austerity, & the real economy is on the verge of complete collapse with barely any growth, & things are looking to only get worse for the citizens. Our exports however are the only thing that's saving our bacon. Richard Bruton, the Minister for Jobs, Enterprise & Innovation stated last month in the Dail that "Ireland is well placed to exploit opportunities in new sectors such as Cloud Computing & Digital Gaming, Life Sciences & Clean-tech". He went further to state that "Ireland’s services sector continues to grow & in 2010 accounted for 45.3 per cent of total exports."
One of the growing areas of concern in the tech sector continues to be security. Major gaming hubs from Sony, Nintendo, Enix, Sega Pass, Nintendo & Steam have in recent months come under attack to be compromised, as have Nokia, The Sun, CitiBank to name but a few. When you look through the major gaming names previously mentioned, you realise that these guys are in the top tier of that sector, & with their millions, they got their security totally wrong.
If we're going to engage digital gaming as a means to increase our exports alongside cloud computing, we must place an incredible amount of attention on us having a strategy for cyber security in Ireland. In the area of cloud computing, as each market around the world begins the embrace, the first question is always around security, & it continues to be a question even in further developed cloud computing markets.
Ireland is one of the more mature markets for cloud. The sales penetration levels wouldn't tell you that, but it is much further along over four years later from when Ireland's first indigenous cloud computing provider entered the market. Back then, security was a huge issue, & there was alot of scaremongering about the security of the cloud versus traditional managed or collocated I.T. infrastructure services. So, with the market being more mature & over a hundred cloud computing services providers in Ireland, the tech exports market being so crucial to our economy you'd assume Ireland had a cyber security strategy already in place.
You'd be wrong. According to a question posed by Clare Daly last week to Pat Rabbitte, our Minister for Telecommunications, Energy & National Resources, that framework document doesn't yet even exist. His department are only in the process of developing it for publishing some time in 2012. We're hedging our survival as a country on I.T. services, & the digital economy & we have absolutely no framework as a country on the single biggest threat & concern to that sector?
Coincidentally, my collegue over at CloudBook, Thu Pham, wrote a great article about the concerns of security in the Cloud for SMB's (or, SME's to us in Ireland). While this article does discuss things from a US market standpoint, we're trying to attract US cloud market players to Ireland. So this does provide some viewpoint into what kind of market expectations these players have to work in back home.
Yes, you could revert to type & cast that off as a typically Irish response to a problem, & that it is the same slip-shod approach that was taken to our banking sector; "we'll worry about those problems after the fact." But that's not acceptable. It can't be. If we're spending huge resources on trying to attract direct foreign investment from technology based services companies, positioning Ireland to take advantage of cloud & digital gaming opportunities, this legislation must be of absolute priority.
Four years ago under the previous government, the question was asked about the Irish Governments shift to cloud computing, & the then-Minister for Communications, Eamon Ryan stated that only one department had engaged in looking at a virtualisation or cloud computing strategy so far, & that was his own department. It may be of interest to know that Cloud Computing has been part of Dail discussion 37 times since this present administration has come to power. In seven months, that is approximately five times a month without an exclusion on parliamentary breaks. Thirty seven discussions, with no sign or mention of a government strategy for Cloud Computing to address the costs & inefficiencies of the Government I.T. infrastructure.
There has also been no real approach made to the Cloud Computing industry in Ireland by Government. Discussions behind closed doors with the big five about direct foreign investment don't count. They're not the real players. Had the Government made approaches to companies like Hibernia-Evros, Network Recovery (who recently achieved ISO certification on their cloud), SunGard AS Ireland, DigiWeb, DediServe, DEG-Telecity-Redbus (recent merger of Telecity Redbus & DEG), Eircom, or the any of the other players, any of these players would have made alot of PR hay from the opportunity without any hesitation.
There needs to a proper industry working group, which would help understand the size of the Irish Cloud Computing market, its potential value to the Irish economy from service exports, & its potential for growth, market penetration & adoption throughout the business chain. This group needs to work with the department of trade, the department for public finance & expenditure, as well as the department of communications to help it understand what is needed from a national cyber strategy.
Ireland asked & got its change of leadership earlier this year, it is now time that changed leadership acted like leaders, instead of dithering like a deer in the headlights, reach out to those in the Irish Cloud market, reach out to those in the Digital arts markets (gaming/entertainment etc.), form some proper advisory working groups, & get on with helping to make the push behind a group of industries that form the tech sector that helps support our exports to allow us to fix our real economy, or are they going to continue to bet the farm on those who will move at a moments notice for tax & cost sakes premiums?
One of the growing areas of concern in the tech sector continues to be security. Major gaming hubs from Sony, Nintendo, Enix, Sega Pass, Nintendo & Steam have in recent months come under attack to be compromised, as have Nokia, The Sun, CitiBank to name but a few. When you look through the major gaming names previously mentioned, you realise that these guys are in the top tier of that sector, & with their millions, they got their security totally wrong.
If we're going to engage digital gaming as a means to increase our exports alongside cloud computing, we must place an incredible amount of attention on us having a strategy for cyber security in Ireland. In the area of cloud computing, as each market around the world begins the embrace, the first question is always around security, & it continues to be a question even in further developed cloud computing markets.
Ireland is one of the more mature markets for cloud. The sales penetration levels wouldn't tell you that, but it is much further along over four years later from when Ireland's first indigenous cloud computing provider entered the market. Back then, security was a huge issue, & there was alot of scaremongering about the security of the cloud versus traditional managed or collocated I.T. infrastructure services. So, with the market being more mature & over a hundred cloud computing services providers in Ireland, the tech exports market being so crucial to our economy you'd assume Ireland had a cyber security strategy already in place.
You'd be wrong. According to a question posed by Clare Daly last week to Pat Rabbitte, our Minister for Telecommunications, Energy & National Resources, that framework document doesn't yet even exist. His department are only in the process of developing it for publishing some time in 2012. We're hedging our survival as a country on I.T. services, & the digital economy & we have absolutely no framework as a country on the single biggest threat & concern to that sector?
Coincidentally, my collegue over at CloudBook, Thu Pham, wrote a great article about the concerns of security in the Cloud for SMB's (or, SME's to us in Ireland). While this article does discuss things from a US market standpoint, we're trying to attract US cloud market players to Ireland. So this does provide some viewpoint into what kind of market expectations these players have to work in back home.
Yes, you could revert to type & cast that off as a typically Irish response to a problem, & that it is the same slip-shod approach that was taken to our banking sector; "we'll worry about those problems after the fact." But that's not acceptable. It can't be. If we're spending huge resources on trying to attract direct foreign investment from technology based services companies, positioning Ireland to take advantage of cloud & digital gaming opportunities, this legislation must be of absolute priority.
Four years ago under the previous government, the question was asked about the Irish Governments shift to cloud computing, & the then-Minister for Communications, Eamon Ryan stated that only one department had engaged in looking at a virtualisation or cloud computing strategy so far, & that was his own department. It may be of interest to know that Cloud Computing has been part of Dail discussion 37 times since this present administration has come to power. In seven months, that is approximately five times a month without an exclusion on parliamentary breaks. Thirty seven discussions, with no sign or mention of a government strategy for Cloud Computing to address the costs & inefficiencies of the Government I.T. infrastructure.
There has also been no real approach made to the Cloud Computing industry in Ireland by Government. Discussions behind closed doors with the big five about direct foreign investment don't count. They're not the real players. Had the Government made approaches to companies like Hibernia-Evros, Network Recovery (who recently achieved ISO certification on their cloud), SunGard AS Ireland, DigiWeb, DediServe, DEG-Telecity-Redbus (recent merger of Telecity Redbus & DEG), Eircom, or the any of the other players, any of these players would have made alot of PR hay from the opportunity without any hesitation.
There needs to a proper industry working group, which would help understand the size of the Irish Cloud Computing market, its potential value to the Irish economy from service exports, & its potential for growth, market penetration & adoption throughout the business chain. This group needs to work with the department of trade, the department for public finance & expenditure, as well as the department of communications to help it understand what is needed from a national cyber strategy.
Ireland asked & got its change of leadership earlier this year, it is now time that changed leadership acted like leaders, instead of dithering like a deer in the headlights, reach out to those in the Irish Cloud market, reach out to those in the Digital arts markets (gaming/entertainment etc.), form some proper advisory working groups, & get on with helping to make the push behind a group of industries that form the tech sector that helps support our exports to allow us to fix our real economy, or are they going to continue to bet the farm on those who will move at a moments notice for tax & cost sakes premiums?
Subscribe to:
Posts (Atom)