Cyber and Cloud Security:
The term cyber security has developed as parallel to the cybercrime which has become more sophisticated with the time. In these days the cyber crime has become more stronger and the need to tackle such crimes has also became a daunting task for the security professionals.
So, are there possible ways to protect our assets on Cloud ?
The latest buzz word in the market is Cloud, where all the services can be tailor made for an organizations requirement downsizing the costs of maintaining a costly infrastructure. In the cloud architecture, the machines (mostly)are not owned or maintained by the organization using the service. They are provided and maintained by the service providers, third parties, like Amazon Web Services, Microsoft Azure or Google Cloud for a fee.
There are myths that cloud computing is inherently less secure than traditional approaches. The fear is due largely to the fact that the approach itself seems insecure, with your data stored on servers and systems you don’t own or control.
However, control doesn’t mean security, it is access to that data which matters the most. The companies that provide cloud services typically focuses on security and governing them than those who build systems that will exist inside firewalls.
So, where are few points which are to be maintained when using your application on cloud platform:
- Put a plan in place even before migrating your application on the the cloud. This should address cloud security challenges and risks. Check the Cloud provider certifications, make sure you have tools necessary to address vulnerabilities.
- Make sure the application that is hosted on Cloud is Bug free. The attacker cannot attack the entire cloud architecture of the service provider but he can always target a specific application that can be vulnerable and compromise it.
- Make sure that only the employees who are authorized to work with your cloud application are given the access. Securing an internal threat is as important as securing incoming threats from out side. So, always make sure access is given to only employees who require them.
- Monitor the suspicious activities in the logs and rectify them. If you are hosting a website and other Internet facing application, do check the logs, as they give information on possible attack going to happen in the future. All the trial and errors done by the attacker will definitely leave a trace in log file.
Even these are few basic things that are need to be taken care of to defend attacks, with developing infrastructure and computing power there can be major threats in the furture. So to avoid getting to clutches of cyber crime a continuous monitoring and testing system should be setup in place.
Secure.. securing.. secured .. :
Cybersecurity Ventures, a research firm based in Menlo Park, California, predicted cyber crime will continue to rise and cost businesses more than $6 trillion annually by 2021. While some hacked systems are “cloud-related,” they aren’t necessarily in an Amazon Web Services (AWS) or Azure environment. Often, data breaches on hosted IT systems come from poor networking practices or human error.
So, it is clear that even if the applications are hosted on the cloud, where the best efforts are made to secure the infrastructure and data centers, poor planning and poor application design can also risk you to an attack.
To suppress these kind of attacks, one should continuously monitor the activity on these systems and find out any suspecting this behaviours. We can use tools like Apache Scalp or WebLog Expert to monitor the logs for any breaches.
This is where the new era of cyber security need to begin, harnessing the power of Artificial Intelligence.
AI and Security:
Efforts are already in place to help Cyber security professionals in identifying the threats using tools which are helped by AI in the background. AI square* is an AI algorithm, the monitors these threats by analyzing the data.
This software goes through the data from the logs and detects all the suspicious activity. This activity is then passed to the cyber security expert/analyst for confirmation on acutal attacks.This feedback is incorporated back to the supervised model which is nothing but in AI terms is called as Supervised Learning.
The next day, the program uses this supervised model in conjunction to the unsupervised model, then sends these again to the cyber security expert/analyst and gets a feedback, which is updated back to the supervised model and this process goes on.
This AI driven predictive cybersecurity platfom claims to have detected 85% of attacks while reducing the false positives to 5%, which is a great feat.
Adding such a cloud software as a service could be a great boost to the organizations that have their data on the cloud. This services reduces the burden on cyber sercurity professionals hence increasing their efficiency.
(*created by Mr.Kalyan at MIT and now co-founder of Patternex)
Adding to this super AI technology, there is a super advance technology, which can change the computing platform forever, The Quantum computing. The Internet as we know today uses an encryption technology called RSA behind the scenes to secure our data. This encryption in simple way is a multiplication of prime numbers which gives a semi-prime as the result.
The numbers from which this semi prime number is obtained from is very hard to identify, thus creating a encryption technique. So, to encrypt the computer uses a very large such prime number which takes many years for a computer to decrypt. This is because a computer of this time is not able to calculate such many possibilities.
But this can be possible for a Quantum Computer, which uses its quantum computing capabilities to calculate the precise factors which made the semi prime number in the encryption in few minutes. That’s shocking !! Which means the highly secure Internet as we know will be vulnerable for a quantum computers!!!
At the same time we can make super secured computers by using the same computing power. This is still in the earlier stages so yet a huge way for this secure system to make an entry to public domains.
So, in the future, the security of our machines and networks are to be handled by higly intelligent machines with super computing powers which may thrash the cyber crimes.