December 7, 2011 By Johnell Johnson
The cloud is the next big thing for technology and hackers will likely capitalize on that in the coming year. Researchers expect the cloud to be a major target for cyber crooks and they are working to stop the criminals before they reach the cloud.
According to security industry experts, a large number of hackers have been cloud pioneers, using public infrastructure to instill fear in companies that often start ambitious but poorly constructed cloud-computing strategies.
Too many companies are just moving their security and reliability problems from one infrastructure to another, experts add. They note the growing reliance on virtualization and the increasing trend towards pushing virtual machines into public cloud services to cut infrastructure.
Experts warn that redundancy must be catered for while cloud services from Amazon, Microsoft and others allow servers to be spread across servers in multiple geographies to lower downtime. They feel many companies just move their existing systems into cloud-hosted virtual machines. That can leave them vulnerable to data and systems loss in the even of a partial cloud collapse.
Yet supporting such devices brings its own risks: the reported explosion in Android malware, for example, opens up the very real possibility that users could inadvertently bring malware into the enterprise, from which it can work to its nefarious ends under cover of the network. With new app stores blossoming and offering customers direct access to potentially malware-ridden apps, companies must be particularly vigilant in monitoring mobile devices.
Without taking a broad-brush approach to security and business availability, this is likely to spell disaster for more than a few companies that fail to devote enough thought and resources to security.
If something happens they have unlimited budget to fix it, but by then it’s too late. Think about what happened to RSA, the hacked two-factor authentication provider. Security experts say because of hackers, it makes them wonder would they ever buy a token from RSA again?
Avoiding hacks, and the reputational damage they can cause in an instant, requires rejection of the idea that it’s possible to get 100 percent security protection just through software. Conventional malware filtering approaches are just not working anymore, and we have to accept that experts believe.
Even when companies install strong border-protection systems and they repeatedly pass proactive pen testing, some are finding that installed spyware or other malware is sending data out from the company. Many firms, however, spend all their effort monitoring incoming traffic and have no way to notice large volumes of data leaving their company — which a classic hallmark of a data breach.
It’s all been outside-in protection, but nobody ever thought of inside-out protection experts note. They also feel that the signatures are often quite obvious to those who are looking for them.
A prime example is Sony, whose online gaming services were hacked and 100 million user identities stolen earlier this year. That attack would have taken a significant amount of time, but no one at Sony notice the flood of outgoing data.
View full post on National Cyber Security