Even before the pandemic, cloud computing had been recording major growth – in 2019, despite slowing, the biggest cloud providers still grew 31% year on year.
As the industry matured, it was expected the rate of growth would slow towards a plateau. Instead, the pandemic made the cloud an attractive alternative to storing data locally to ensure business continuity for remote workers.
According to Deloitte, the sector grew steadily despite a general economic contraction.
This cloud migration is likely to continue – research from IDC predicted that by the end of this year, 80% of enterprises will be looking to shift operations in the cloud twice as fast as before the pandemic.
Ultimately, the cloud migration has broken down traditional boundaries for network security – the use of personal devices, public and home WiFi and access points no longer bound to one secure location have all contributed to creating a perimeter-less security environment.
This requires a new cybersecurity paradigm, as sensitive data is potentially vulnerable when stored on public clouds.
To understand more about building cybersecurity in a perimeter-less world, DIGIT spoke with Dr David Lanc, CEO and Founder of Edinburgh-based data protection company, Ionburst.
Under the old on-premises model, the perimeter was simple; everything within an office or building was safe, and everything outside was suspect. With digital operations moving to the cloud, the result is a system with billions of endpoints.
“The cloud is designed to be open,” Lanc says. “The problem is most organisations that want to go there still want all the security and still have everything locked down as they did in their organisational fiefdoms.
“So that becomes a problem, and security that was moved from the on-premises world to the cloud world needs to keep up.”
A New Paradigm
With cloud migration, keeping data protected has become trickier. Lanc identified three key elements to the new cloud security paradigm.
“The first is security,” he explains. “That must be non-deterministic – can I make it more unpredictable for the hacker and turn that asymmetric benefit they have on us against them.”
The second element is privacy. Meeting data protection requirements can prove difficult on a public cloud. For example, if something fails on a cloud provider’s server, they switch over to a duplicate of the data on another server.
This brings up privacy issues – what happens to the copy when it is no longer needed; how many parties are involved; and even where is the data now located?
In an age of data protection legislation, being able to ensure the data is stored securely on an opaque public cloud can be difficult.
“You have to think about privacy – can I make sure that wherever that data is stored, nobody else can survey it?” Lanc says.
“The third point is resiliency. Today, if you lose your data, you’re almost automatically going to a backup.”
However, depending on the organisation’s backup culture, restoring data can be difficult. On the one hand, if data is not stored often enough, a day, a week, or even a month’s worth of data could be lost. But, if backups are done too often, any unwanted data, such as ransomware, could be saved to the backup, and the data corrupted.
Furthermore, incidents like the OVH data centre fire remind us that the cloud is still rooted firmly on Earth. Should the servers and data centres be compromised, the data can become irretrievable.
“Cloud providers can put their hands up and say go to your backup systems, and of course, their customers say, don’t you do that? That’s the challenge with the cloud shared responsibility model,” Lanc says.
“The future has to have this concept of data security, data privacy and resilience, so any data can be recovered, on demand, anytime.”
“With the cyber perimeter, today it’s in our homes – it could also be in hospitals, or it could be on an IoT device,” Lanc says. “So how do you protect that all those billion endpoints? Because when you have the cloud and everyone can access it, any weakness is then exposed.
“You have to start thinking about protecting data as an asset rather than protecting the people that need to access it.”
Quantum resilience is a method put forward by Lanc to ensure data is not only protected, but increases security and compliance with critical data protection legislation.
In essence, quantum resilience fragments data into multiple redundant shards. These fragments are then stored in multiple locations – public and private clouds, or locally across multiple devices, such as phones or computers. When data needs to be retrieved, the data is re-assembled from the multiple shards.
This helps mitigate some of the issues that arise from relying on third parties to store and protect data. For organisations, despite their data being stored on public clouds, they are still responsible for access and identity management.
“The fragmented data is stored in different places, so even if something happens to a cloud store or your own systems internally, the data is still safe,” Lanc explains.
“It can’t be surveyed by anybody because the data has been anonymised and encrypted. It’s had the ownership classifications taken away from it – It’s what we call zero data. If a state actor says to a company like Google, Microsoft, or AWS that it wants to look at that data, they can’t because they don’t even know who the data belongs to or where it comes from.”
Leader Insights | How essential is data literacy to business leaders?
International Women in Engineering Day: Inspiration, challenges and future opportunities
Turing Fest set to return as hybrid conference in November
By making the fragments anonymous, quantum resilience makes the data secure against GDPR. Even if a data breach should occur, the data cannot be traced back to the company, and its fragmented nature means anyone accessing it cannot use it.
“And, in the instance where I do lose a cloud connectivity, I can spread my data more, so I take away the concentration risk for a cloud,” Lanc explains. “Instead of having to buy a private cloud service, you can actually use low-cost public cloud to store data, more privately, and more resiliently.”
Furthermore, Lanc explains: “The data will be much more non-deterministic, much more fluid, and the data will move with you.
“Any person can move around and their data will effectively move with them, but within a security and privacy and resiliency mechanism to suit that person.”
Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on Reddit (Opens in new window)MoreClick to share on Tumblr (Opens in new window)Click to share on Pinterest (Opens in new window)Click to share on Pocket (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on WhatsApp (Opens in new window)Click to share on Skype (Opens in new window)Like Loading…