Our world’s growing dependence upon computers is stunning. Today, the Internet is the circulatory system of the global economy. It is increasingly apparent that Internet-enabled cloud computing is the Information Technology system of the future, the focal point for our data and applications. The stakes have never been higher to keep the cloud operating efficiently and securely 24x7x365.
As modern information dependence increases, so does the risk posed by hackers. Hackers can do more than ruin your day, they can threaten an organization’s very existence, and over time their capabilities and impacts have grown. In part, they’ve created an asymmetric advantage through sharing information about exploits and vulnerabilities.
Now, we’re fighting back. Members of the Cloud Security Alliance (CSA), the global not-for-profit organization that sets the standards for security and trust of cloud computing, are standing up a Cloud Cyber Incident Sharing Center (Cloud CISC) as part of an effort to counter that advantage.
The driving concept behind Cloud CISC is that by sharing and making effective use of information about attacker tactics, techniques and procedures, we reduce our collective attack surface and drive up hacker costs while simultaneously reducing their gains. As defenders ramp up sharing through partnerships like the Cloud CISC, they can drive the usability of new TTPs and zero days down towards single use. This makes it less likely hackers will share because of increased likelihood of shared attack capabilities being burned before they want to use them. When this succeeds, we will have created a significant, lasting advantage in the defense’s favor.
Businesses that use the cloud have an opportunity to shape the initial stages of the Cloud CISC at the upcoming CSA Working Group Meeting in Las Vegas. It’s next week during the Privacy. Security. Risk. 2015 conference, on Sept. 28 and you can register now.
Having a sound strategy for keeping an organization secure and combatting hackers has always required a holistic approach. Effective management systems, highly skilled professionals and robust technology are all important components of the secure business. Historically, a security strategy has contained multiple layers of protection, including both proactive security capabilities, aimed at preventing security breaches, and reactive security capabilities, which try to detect security attacks and minimize their damage.
In the world we live in, many organizations emphasizing a greater investment in reactive security capabilities. The massive expansion of computing, from cloud to mobile to Internet of Things has expanded the attack surface and given the hackers a target rich environment. The good guy has to lock every door, the bad guy need only find one opening. Because of this imbalance in favor of the attackers, the reality is that good, well run companies will be hacked. It becomes not a question of if, but when you will have a security incident. The ability to react as quickly and intelligently as possible are becoming the most desired security capabilities.
When we analyze state-of-the-art computer incident response teams (CIRTs), the glaring weakness is our inability to share information about security incidents in a timely manner across different organizations. Many companies have erected barriers to incident sharing. Numerous high profile security incidents and costly data breaches have only happened because the breached company was not aware that the same attack was previously used at a different company.
Our information security teams act as private fire departments, putting out our fires but watching the neighbor’s house burn down. Ultimately this makes the job easier for the hackers, who share information freely and are able to target the good guys one by one. The good guys must collaborate for the greater good of the community.
As a leader in the cloud computing industry, Rackspace is determined to aggressively promote community-based security incident sharing. Rackspace and its competitors must all commit to doing more to raise the bar of our own security programs, and we must commit to cooperating fully with each other to share security incident information. Rackspace is taking a leadership role to assure that the data breaches that have plagued legacy IT do not repeat themselves in the cloud.
One of the actions we are taking is a leadership role within the CSA and the Cloud CISC, which will be hosted at Rackspace. The goal of Cloud CISC is to have a vetted community of participating cloud providers. These organizations can then communicate either with attribution, or anonymously, to prevent attribution. Then information that can prevent future attacks can be rapidly shared by default, rather than after a tortuous internal analysis.
Rackspace is actively engaging the leaders within cloud computing as well as the industry leaders that provide the enabling technology for cloud data centers. One of the key areas we are exploring is the instrumentation of all major cloud systems with technology to automate incident sharing. Being able to capture malicious payloads and indicators of compromise and rapidly share this information with all vetted parties will be a powerful tool for accelerating incident response times and providing greater contextual information. This collection capability will play an important role to feed threats to the Cloud CISC.
Rackspace is also spending much time briefing our customers about these plans for collaboration with other cloud providers on security incident sharing as well as the increased security operations capabilities we are rolling out to our customers.
Customers, many of whom use all of the major clouds, play a key advocacy role in assuring that the highly competitive cloud industry does not lose sight of the shared responsibility that we have to collaborate for the greater good. As Benjamin Franklin once said, “We must indeed, all hang together, or assuredly we shall all hang separately.”
As I mentioned earlier, The CSA is hosting a workshop on this topic at PSR15. You can register for the session here. Let’s hang together there, and seize another advantage back from the hackers.