On-Premise IT Targeted More Than Cloud
February 27, 2012
It’s that time of the year again, the RSA Conference – the granddaddy of security events where anyone who’s anyone in security is in attendance. This year’s gathering will likely be dominated by next-generation firewalls, the anticipated IPO of Palo Alto Networks and mobile security. Still, cloud computing will remain a hot topic, and among the many reports that will come out of this conference, Alert Logic’s State of Cloud Security is worth a look.
Security has been the Achilles heel of cloud computing from its inception. The issue remains whether a business can truly trust a service provider with their data and applications – the crown jewels of their operations. Security history is replete with examples of businesses that had to shut down after losing their operating data or having their trade secrets compromised…
Alert Logic, a company that provides managed security services to cloud environments, conducted its study to better understand the prevailing threats and prevalence of compromises against cloud service providers. The idea was to qualify the level of security (or insecurity) of the cloud. And, as a control measure, it studied the same variables of on-premise, enterprise controlled IT environments.
As expected, Alert Logic found what many enterprises and service providers experience on a daily basis – a high and nearly continuous volume of daily attacks. What may be surprising to many is the types of attacks facing these respective environments.
Service providers are more likely to be the targets of Web application attacks (65 percent), brute force attacks (44 percent) and reconnaissance probes (44 percent). These are serious threats, as they target the very elements of what makes up the cloud.
Conversely, on-premise environments suffer from many of the same types of attacks. The difference: they are far more prevalent. On-premise infrastructure suffers brute force attacks 83 percent of the time, followed by Web application attacks 71 percent of the time and vulnerability scans – a different type of reconnaissance – 54 percent of the time.
According to the Alert Logic analysis, the probes and attacks against on-premise environments are more frequent and more severe than their cloud service provider counterparts.
The data makes perfect sense, logically speaking.
A brute-force attack is like kicking down a door. The hacker breaks through the defenses and goes directly to its target. The process of enumeration – surveying a domain for vulnerabilities and targets – helps hackers find the specific resources they’re trying to exploit, such as an enterprise email system. While large domains are complex, they are logically organized, and that helps hackers find and compromise their targets.
Cloud environments are far more complex, given their virtualized state. Resources are not just hosted on virtualized servers, but those servers don’t necessarily require logical organization the same way as a conventional data center. There’s a fair amount of obscurity involved in service providers environments, making them more difficult to target and exploit.
Security by obscurity is never a primary defense. The size and complexity of cloud service environments just might lend a little benefit in that directly. The true value, Alert Logic and other service providers say, is their ability to monitor multiple attacks and aggregate response resources, ensuring a higher degree of security. There’s logic to that sentiment, too, although it hasn’t always proven correct.
“While security can never be taken for granted, decisions around where and how to deploy IT infrastructure should be based on fact not fear,” said Marty McGuffin, vice president of operations at Alert Logic. “Our research suggests that a well managed service provider can not only match the level of security found inside an enterprise’s four walls, but actually exceed it.”
Cloud performance history is still a relatively new science. While security breaches do happen and they can be catastrophic, the real threat is often a lack of availability. Cloud services and individual hosted servers failing pose a greater disruptive threat in the cloud than hackers. What the Alert Logic study indicates is security is a concern, but it’s only one of many factors in determining the viability of a cloud service.