“The biggest cloud security problems are not with the data center – they’re with the cloud in our pocket.”
On every device we carry, from home to work to Starbucks, we’re glued to social media apps.
As he explained, “The enterprise private cloud, which we believe to be more secure, is unwittingly made less secure by us – the enterprise employees.”
It is attacks on the client — the “poison email” or false link we access — that invites “the bad guys” into the data center and proliferates widespread damage. And “the bad guys” will get in no matter what.
Breakthrough thinking is what we need to solve the problem – on both the technology side and the policy side.
One of the greatest challenges to strengthening cyber security is that new technology has been reactive rather than preventive. We build new solutions to fix problems that have already occurred.
Think how often we download security “updates” to our PCs and other devices to prevent a previous problem from recurring.
But malware is constantly morphing and metastasizing like cancer. Old threats are easily replaced by new ones even more damaging. It’s a catch-22.
On the policy side of cyber security, legislation has been written around legacy technologies that are no longer relevant. That is slowly catching up as well – and just in time.
An early call to arms to make cyber security a national priority was made by former U.S. Senator Robert Bennett (R-UT) during Y2K. That’s over a decade ago, before US start-ups sparked today’s cloud phenomenon.
It was Senator Bennett’s foresight that if a global disaster could result from an unintended computer glitch, then the results could be hugely catastrophic if something similar were executed intentionally.
The prospects perceived back then are a reality today, in that some data breaches are too sophisticated to not be state-sponsored with malicious intent against the United States and other nations.
So how are we addressing both the technology and policy sides of cyber security to advance the global cloud computing opportunity?
Simon Crosby gave an enthusiastic sneak preview into Bromium’s open source approach to anticipate and prevent future occurrence of data breaches, not just react to them.
Since Moore’s Law advances technology at a staggering pace, keeping up with Moore’s Law is not enough. New security solutions need to anticipate and leap beyond malware that is also advancing with Moore’s Law.
What Byzantine fault tolerance refers to is designing “failure-tolerant software algorithms” so that networked computer systems can cope, self-correct and keep working during hardware failures, network congestion or malicious attacks.
Bromium promises a solution that anticipates attacks and shrugs them off – delivering security by design rather than detection.
Software threats of any kind will be terminated before they can do damage – and it will not matter how they might have morphed in form and function.
Since Bromium is in stealth mode, we are anxious to hear more details about how the new hypervisor will work and its potential to dramatically reduce or eliminate threats to cloud security.
That’s the technology side of the story.
For the policy side, cyber security is a hot topic in Congress as well.
Last week’s “Cyber Week” in the House of Representatives resulted in passage of 4 bills on cyber security, including the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA) to enhance information sharing between government and industry about cyber threats and eliminate legal barriers that might interfere.
In the Senate, the Cyber Security Act of 2012 proposed a process for Homeland Security to assess cyber risks to critical infrastructure, including proactive plans around notification, response and restoration.
All eyes are on the cloud in Silicon Valley and Washington DC.
And they need to be, because when we consider the scope of how cloud computing can
the possibilities for new business creation are limitless.
We need side-by-side advancements in technology and policy to further unify and transform our world.
As we await exciting news from Bromium, what uniquely captures their passion to transform computing permanently is what Simon Crosby shared with me at the end of our talk – that for him,
“XenSource was fun. But Bromium? It’s personal.”
Follow Jacqueline and Cloud at Twitter @JacquelnVanacek
NOTE – republished from Forbes.com
In order to dispel myths about engagement between industry and Government, OMB included point 24 in the 25 Point Plan to Improve Federal IT. The project, called “Mythbusters,” charged the Office of Federal Procurement Policy (OFPP) to promote better interaction between industry and government to improve acquisition planning, requirements development and execution. OFPP produced two…