Talking cloud: Building an application immune system for the cloud (part four in a series)

Posted by on August 28, 2014 3:58pm

A look at five key trends I see driving the industry over the next 12 months.

See my earlier posts here, here and here.

Cloud SecuritySecurity is always a favorite topic for the cloud skeptics, and following a year of Snowden, Target and Heartbleed, it was a prominent theme at GigaOm Structure. In an environment where people increasingly don’t control the infrastructure or the network and where there are millions of endpoints, security is understandably a top concern. And when you add to cloud security concerns additional application security concerns, it’s easy to perceive holes in Internet security.

These security concerns — real or perceived — are standing in the way of us feeling comfortable enjoying all that the Internet of Things (IoT) has to offer. The way the industry addresses security concerns today is with security patches that are released regularly, or when a new threat appears, sometimes as often as once a week. But this system has its limits. As Dan Kaufman, Director of Information Innovation at DARPA, pointed out, there can’t be a Patch Tuesday for your thermostat. And, if we truly expect the Internet of things to take hold, it means that it will cover ‘things’ a lot bigger than household appliances. How do we prevent a hacker from taking control of our cars, our medical equipment, our businesses or the billions of devices that will eventually be connected?

The patching strategy can’t work anymore, and this level of real-time response and complexity can’t be left to humans. We need a different security model.

Applications come under attack because they are predictable. To avoid that, applications need to change on the fly and recompile on the fly, with a sort of a built-in “immune system.

Dan Kaufman has $530 million to spend on new stack encryptions and operating systems for a new cloud that has a built in immune system, and is able to respond rapidly to cyber-security dangers. The immune system response is not limited to a single company, but could apply to an entire industry: one institution comes under attack, other institutions and potential targets would be informed instantly and automatically activate their defenses.

This approach represents a fundamental and dramatic change from the security model that has worked for years, and it doesn’t come without challenges. First and foremost, the challenge of supporting new encryption models like homomorphic encryption, which requires computational models 10 times faster than what we are using today to achieve similar application performance. Nevertheless, it’s one of the most promising approaches I’ve seen to date and it could work if the whole industry moves in this direction.

So the real question is: can a system exist that can automatically defend your cloud by generating a set of security patches in real time and plug the holes? Or, to say it differently, can a computer cluster win against the most skilled and determined hackers?

Considering that computers have been successfully programmed to win a chess game against an expert chess player, it’s not so inconceivable to think that the cloud can build its own immune system to resist intrusions and respond to advanced cyber-threats. It’s a massive challenge, but one that has a lot of talent behind it. This is an exciting time not only for the cloud but for cloud security.

Don’t hesitate to contact me directly with your comments and inputs via paola dot moretto at nouvola dot com. You can find me on Twitter at @paolamoretto3 or @nouvolatech.

  Request Your Free Concierge Session