Cloud computing: the new monoculture

Raimund Genes Trend MicroVANCOUVER — As the war on rages on, IT administrators and business leaders would do well to consider cloud computing the new monoculture which in turn paints a massive bull’s eye on it from a perspective.

But this is the reality businesses must face, explained , Chief Technology Officer, Trend Micro.

“Monoculture makes it easy for the attacker to attack since he only needs to focus on one platform or operating system. per se isn’t an unsafe operating system but we see about 65,000 new per day for because attackers are focused on it,” he said.

“As virtualization enables cloud computing, you then have three main players: the dominant player, Microsoft’s Hyper-V, and Systems which is more .

“If I’m an attacker and I can’t focus on the desktop monoculture anymore, I will focus on cloud infrastructure. VMware has done a good job of creating security APIs to protect the hypervisor . . . unfortunately other virtualization players haven’t done this yet.”

Genes is responsible for introducing new methods to detect and eradicate online threats. He oversees a team of developers and researchers around the globe that develops new technology components to protect against email, Web and file-based threats under ’s Smart Protection Network umbrella.

“Everyone talks about moving into the cloud but most companies still struggle with it. Should they choose a private or ? How secure is the cloud? It brings new challenges (for IT security admins),” he said. “To enable cloud computing, one should think of how to create private clouds, encrypt everything within a and protect through the hypervisor.”

On the final stop of a five-city tour of Canada for Trend Micro’s second annual Canada Cloud Security Awareness Week, Genes gave a presentation to gathered business leaders and InfoSec administrators that detailed everything from the current online threat landscape and how campaigns are launched to advanced industrial espionage techniques.

“In industrial espionage we’ve clearly hit a new plateau,” he said. “We’ve seen data breaches coming from the European Union, the Canadian government, and companies like Exxon and BP. It’s relatively easy to do by sending a piece of malware into a company, convincing a victim to execute it, and then the data is harvested.”

With respect to Canada, Genes noted malicious URLs rose in this country from 67,720 in 2010 to 95,466 in 2011 but that has much to do with cybercriminals targeting French-speaking Quebeckers. More alarmingly, Genes mentioned online banking in North America lags European and Japanese online banking security measures.

“The default here is just a username and password which is definitely not good enough for online banking,” he said. “European and Japanese banks use a two-factor . Without this smart token . . . online banking is not possible. So they always have an additional security protocol not just a username, password and a stupid question.”

Like other InfoSec thought leaders, Genes too warned of the risks associated with using social tools. Though he admittedly uses select social networks, he recommended limiting the personal data one shares on the whole thereby reducing one’s online footprint.

tools are certainly useful. I too am aware of the risks so I don’t share too much on my LinkedIn profile,” he added. “This is also why I don’t use and other more risky social networks.”

Another key takeaway: Genes recommends InfoSec admins make an effort to ‘understand the enemy’. A daunting task surely.

“Understand these are professionals we’re fighting, not amateurs. Read as many security blogs as possible and try to figure out what happened with (publicly exposed) data breaches,” he advised. “Also, in terms of cloud computing, how can we avoid outages such as what we saw recently with Amazon? In security and in the usage of cloud computing we have to rethink our current approaches.”

Cloud computing itself isn’t more or less secure than traditional computing he added. However the cloud will make the desktop environment more secure over time.

“You will only need to use a browser (to access data and applications in the cloud). So you could have a stripped down operating system with a sandboxed browser which resets itself after every session,” he said. “With this we could create safe desktops . . . with the and with cloud computing you have to rethink your security strategy and redesign it from scratch.”

Liam Lahey is a Vancouver, B.C.-based writer and an Online Community Manager for Follow him on Twitter: @LiamLahey

Related Posts Plugin for WordPress, Blogger...

Leave a Reply

Your email address will not be published. Required fields are marked *