Peter Cochrane's Blog: Protecting your bits in the cloud

The hacker is in a maze - and finding it hard to breathe...

Written on the Ipswich - London train and dispatched to via a free wi-fi service in The West End of London.

One of the biggest concerns with the cloud is security. It always comes up at national and international meetings and the cry is usually along the lines: 'I need to know where my bits are, and I need to know where the server is'. It pops up as regular as clockwork.

But when I ask people where their banking bits, health bits, insurance bits (and so on) are, then they are clueless!

Why should we know, and why should we be interested? That is someone else's job and responsibility - and that is what we pay them for! Better still their business stands or falls by our gift; if we are not satisfied we can just move on.

But security still remains a nagging doubt. So here is an analogy I use to explain the subtle depth of protection possible beyond the simple firewall.

Suppose a burglar is determined to break into a secure building by picking the lock. He gets out his tools and a few minutes later the last tumbler drops with click and he is in. But he finds himself in a room with little of real value, but with 10 identical doors with a different and brand of lock to the first door.


Is your cloud a hacker's maze?
(Photo credit: Shutterstock)

How does he choose the most productive door, and how can he be sure the door of his choice will lead somewhere profitable? He can't! So he picks a door at random and plies his well-practiced trade once more, but this new door has a tougher lock. He works away when suddenly door one closes with a bang and the lock switches to a new combination.

The burglar decides to press on, and eventually there is a click and he opens the door into a second room with a few more valuables and another 10 doors with even stronger locks. And on he goes… and the door behind him always goes bang - click.

Suddenly he is struck by the lack of ventilation and the worsening air quality, and before his eyes the walls spin and all the doors change position. Now he can't find his way back, and ahead of him lie increasingly difficult locks on ever more doors in ever more rooms. He is in a maze finding it hard to breathe…

What he doesn't know is that he has now been detected, located and identified, and his fate (life or death) rests with the owner of the network.

This translates to a viral security attack on a multi-cloud system, with intruder detection, isolation and destruction.

In contrast, conventional networks present a much simpler target, and a model that is well understood. They may have a couple of security layers, or perhaps three, but they present a single identifiable target that is stable and well behaved.

It is neither complex nor confusing! This gives the dark side of the force time to watch, probe, and learn. And as recent evidence suggests, eventually they break in!

To date, cloud security strategies have proven to be orders of magnitude more secure and difficult to hack. And of course, adopting a dynamic protocol where the network configuration and 'door locks' are changed irregularly adds another 'gotcha' layer that has not been defeated so far!