Big Data/Cloud & Cyber Security
By Roland Cloutier, Staff VP and Chief Security Officer, ADP
As technologies and business platforms shift, the impact to cyber security and defensive programs are often felt long after decisions are made, technology is deployed and end users and consumers have adopted the technology change. The combination of big data and cloud is a change agent that have altered the approach that cyber professionals evaluate, defend, and manage risks to these integrated business ecosystems. The complexity of protecting this environment should not cloud the practitioner’s view of the potential for truly advancing their business operations and protection programs through the use of these services as a force multiplier to their existing efforts.
"One of the greatest advancements in utilizing cloud and big data as components of your operational security, risk, or privacy operations platform is the incredible speed to deployment"
Keeping aside the incredible efforts and protection models that are being developed for enterprise enablement of cloud/big data―like the Cloud Access Security Broker(CASB) vertical, platform virtualization, object-based on demand encryption, and entitlement management in the cloud―the basics for what security technologists need are already formed and waiting to be exploited in a way that guarantees the acceleration of your businesses protection capabilities through the shifting of operating platforms and resource alignment.
One of the simplest ways to embrace cloud is by enabling an alternate path for your operations to quickly utilize platform and technology on and as needed during critical operations. For instance, you find yourself in response mode, need to dump millions of logs from multiple geographic localities and run advanced analytics or correlations against that data with multiple tools, but you do not have the horsepower or storage to accomplish this internally. The use of third party IaaS and SaaS services could enable you to securely surge quickly and then contract as needed without the full investment into capital or leased equipment with higher maintenance and operation costs being unnecessarily added to your budget. When your network or enterprise is having a bad day, often critical operating elements like the network or internal hosted computer are too. The ability to redirect critical incident response and management functions out of the impacted environments extends your business continuity and resilience.
Extending Defense in Depth (Obfuscation)
Another key concept in the use of third party technology ecosystems which will have the ability to deepen your defense in depth strategy and strengthen core operating elements by shifting to cloud-based protection capabilities with upstream risk remediation capabilities. One of the best demonstrated uses today is the migration of primary controls to protect against Distributed Denial of Service (DDOS) attacks to cloud-based DDOS vendors that monitor for and treat suspect traffic long before getting to your environment. Any company is responsible for basic DDOS prevention at their edges and hosting environments, but the majority of scrubbing, black holing, and traffic bifurcation can be accomplished in the cloud at the time of the attack reducing equipment and resource costs specific to a singular technology issue. The same argument can be made for distributed web tiers, decryption layers, and other layers of operations or defense that can be pushed further out from our core operating environments and leverage the power of the greater cloud ecosystem.
Cost & Cost Modeling
This all leads to cost and cost modeling, and what it takes to protect your business (transparency of business protection financials), how you become more effective and efficient as a business protection executive (deliberate cost leveraging for protection enhancement), and the enablement of actuated risk-based cost informed decision analysis specific to the threats, risks, and position of your company. The use of cloud services is a competitive option for many historical controls and operations. The reduction in some areas of FTE, long tailed capital costs, and operating locations enable you to reinvest in necessary program upgrades, R&D, new technology, and in some cases support the business costs basis. The use of big data platforms that provide new cyber incident management and operational technology support drive transparency and risk reduction through reduced time to discovery, open gap exposure, and time to remediate. Further, the use of advanced cloud-based risk technology puts real risk modeling at our fingertips through high-powered modeling software enhanced through the collective use of our peers and multiple industries around the globe.
Time to Deployment
When bad things happen, they happen fast. You no longer have months or years to roll out critical gap technologies when a new zero day threat has been discovered. One of the greatest advancements in utilizing cloud and big data as components of your operational security, risk, or privacy operations platform is the incredible speed to deployment. When aligned with the right partners, pre-vetted and pre-designed, your ability to execute a deployment often goes from months to weeks or days. Through segmenting portions of the operations, such as analytics to cloud partners, you can focus on deployment and post-process output for faster response and less operational management overhead impact from a technology perspective.
Cyber Security R&D Agenda
Focus needs to be here, now and on the future. Though financial re-alignment is possible through cloud and big data investments, focus on R&D as a core strategic pillar of your security, risk, and privacy operating unit is needed.
• Extensibility of Current Investments & Gaps – know your risks, discover your gaps, and squeeze new functionality to reduce those risks with your existing technology along with defense stack and partners.
• Strategic Business Enablement – know your next set of business go-to-market requirements, evaluate your readiness to support those technologies or operations and create a roadmap to get there before your business does.
• Over the Horizon Threat Defense –make threat intelligence and broad industry information a part of your risk readiness evaluations and utilize R&D resources to account for the reality of handling probable impact areas that are 3-5 years out.
It is your job to ensure your business can do its business when and where it needs to, without negatively impacting the company’s financial model. The onset of cloud service and big data platforms geared for security, risk, and privacy operations has matured significantly in recent years and represents an incredible opportunity for a new financial model for the services you deliver to your business.