5 Cloud Security Revelations From 2017

Larry Hughes

Cloud security has always been a hot-button topic among enterprises, and with over 90% of companies using some form of public cloud computing, it continues to be debated among security professionals. Private and public cloud security is an evolving technology, and we’d like to cover some of the major revelations that we’ve seen from the industry in 2017.

Revelation #1: The cloud is still more intelligent and safer than your data center.

Despite major enterprise cybersecurity breaches in 2017, top public cloud platforms showed a promising ability to keep business applications and data secure. Artificial intelligence (AI) and machine learning (ML) are at the core of many of the new capabilities that leading cloud service providers are using to deliver a more intuitive and dynamic security service to their customers. For example, at its latest AWS re:Invent conference, Amazon Web Services (AWS) announced security capabilities that leverage AI to identify malicious IP addresses and detect anomalies. It also uses ML to identify activity or behaviors indicating threats, such as a bad actor scanning web servers for known application vulnerabilities. We see AI and ML continuing to play a big role in proactively combating cybersecurity in the cloud, and we will be working with multiple cloud service providers (CSPs) to deploy direct and secure interconnection for machine-to-machine (M2M) communications and their interactions with security system users via our global ECX Fabric.

Revelation #2: There’s safety in numbers – identity key management across hybrid and multicloud.

Most CSPs offer identity key management solutions to their customers to help manage the access to applications and data within a single cloud platform solution. However, the increasing number of enterprise hybrid and multicloud infrastructures has created a requirement for key management solutions that provide coverage across multiple clouds and/or on-premises infrastructures. At Equinix, we recently announced a public beta to our SmartKey HSM-as-a-Service solution, a cloud-independent hardware security module (HSM) based on Intel® Software Guard Extensions (SGX). SmartKey provides secure and scalable key management services to address performance and governance, risk and compliance (GRC) requirements across multiple cloud providers and hybrid cloud infrastructures, such Azure Stack and NetApp private storage solutions.

Revelation #3: The security perimeter has moved to the edge and beyond – requiring security controls to be closer to the things you need to protect.

As the enterprise corporate IT perimeter blurs and becomes more distributed and far-reaching, companies need to modify their approach to implementing many security controls, and not just for the cloud. Having said that, a company’s digital edge, where commerce, population centers and digital ecosystems meet, must be prepared for multicloud application and data flows that service users and things across multiple global networks and cloud services. Placing cloud security policies at the edge and embracing a “trust no one” security strategy ensures that critical safeguards can be deployed where they are most effective and have no impact on performance or user quality of experience.

Revelation #4: GRC rules! – How governance, risk and compliance are driving cloud security strategies.

The term “governance, risk and compliance,” or GRC, describes a set of activities or a platform that runs across all of an organization’s departments and functions, enabling a company to achieve its business objectives, address uncertainty, and act with integrity. And GRC doesn’t stop there. It can also include assurance and performance management capabilities against those business goals as well. According to Scott Wisniewski, a managing director at the global consulting firm Protiviti, the extraordinary increase in the amount of data that organizations need to analyze, along with the widespread adoption of cloud and mobile technologies, means that increased information collection, sharing and collaboration are driving organizations to “rethink their entire GRC infrastructure.” Equinix customer, ServiceNow, is one example of a company that provides a cloud-based IT automation platform that leverages dynamic, predictive analytics to monitor and manage governance, risk and compliance across its business, as well as its customers’ businesses, including Equinix’s.

Revelation #5: A data breach is a question of when, not if.

This year has brought on painful security lessons of unprecedented scale. Literally billions of online accounts were hacked, and sensitive personal data for hundreds of millions of people were exposed. Even cute and cuddly “smart” stuffed animals were complicit in leaking millions of audio recordings between children and parents. People and companies alike need to be aware that any online technology is subject to compromise. Applying what we’ve learned from revelations #1 through #4 will prove more crucial than ever in 2018.

For more information on how to deploy a private, secure interconnected fabric to support your cloud security strategies, read our ECX Fabric data sheet.

Larry Hughes
Larry Hughes Business Information Security Officer (BISO)