Just putting your app into a public cloud without rethinking how it works can open chief information officers up to disastrous consequences, according to
Trend Micro Inc. chief technology officer Raimund Genes.
Speaking at a Trend Micro cloud security awareness event in Toronto, the company's technology leader said that turning over control to a third-party vendor for your cloud infrastructure should compel you to rethink -- and maybe even redesign -- your applications.
“You have to design your applications so that they’re more reliant to these outages in the public cloud,” Genes said. “When you design it well, it doesn’t matter if the data centre goes down.”
He added that the companies that simply mirrored their apps and put them into Amazon’s cloud can attest to the outages and data losses they experienced recently.
But the one high-profile company that didn’t fall to the wrath to the massive outage, Genes said, was
NetFlix Inc. Last December, the movie streaming giant published a tech-related blog about what it had learned while using
Amazon Web Services as its computing platform.
The best way to avoid failure, the company said, is to plan to fail constantly. Internally, NetFlix refers to its software architecture in AWS as its “Rambo Architecture.”
“Each system has to be able to succeed, no matter what, even all on its own,” wrote blogger John Ciancutti, who works as a vice-president of personalization technology at NetFlix. “We’re designing each distributed system to expect and tolerate failure from other systems on which it depends.”
“If our recommendations system is down, we degrade the quality of our responses to our customers, but we still respond.”
David Aspey, vice-president of cloud security for Trend Micro, said that NetFlix came out of the Amazon outage with flying colours because they paid for dedicated servers to run a virtual private cloud in addition to a public cloud.
“The outage had nearly no effect on them,” he added.
At Trend Micro, its team of architects have designed its private cloud to actually sustain outages at two of its five worldwide data centres.
Another headline grabbing security disaster in the world of cloud computing occurred at
Sony Corp., after the company’s PlayStation Network was hacked in mid-April. The personally identifiable information of 77 million PSN accounts were exposed in the data breach.
This breach, Genes said, garnered Trend Micro’s attention far more than the Amazon outage because it involves cloud data security as opposed to backup and storage policies. He said that with Trend Micro’s SecureCloud technology, which allows enterprises to encrypt data on private and public clouds, organizations can ensure that they encrypt different portions of their cloud-based data with different encryption keys.
Genes said the PlayStation breach turned into such a large-scale problem for Sony because the company only used one encryption key for all its data as opposed to a variety of different keys.
Genes said that because cloud computing is not cost effective without virtualization, Trend Micro will be investing heavily into the protection of virtualized machines and cloud-based servers in the future. The company’s Deep Security product line, which covers that functionality, is being developed at the recently acquired Third Brigade Inc. offices (now Trend Micro Canada) in Ottawa.
Other priorities for Genes include developing better patch capabilities for virtual servers and tackling the growing “AV storm” issue.
In an anti-virus storm, thousands of virtual machines start their manual scanning cycle at the same time, consume too many resources and bring down the network. Genes said Trend Micro is working with VMware’s vShield technology to enable one scan on the hypervisor level and have all the virtual machines communicate back for their update.
“You only have one scan and you don’t have to load AV technology on every virtual machine,” he said.
To round out his views on cloud security, Genes also talked about mobile devices and the rise of multiple operating systems like Apple’s iOS4, RIM’s BlackBerry OS and Google’s Android. He also predicted that the decline of Microsoft Windows as a dominant desktop OS, plus the shift of Web users to mobile devices, will force hackers to broaden their targets over the next five years.
“We’re seeing a diversity of devices that will make it more difficult for the attacker, which has been focused on Windows,” Genes said.
For CIOs and security vendors, that means the focus will have to shift away from whether the device will be hacked to how to track and manage the devices.
“What happens if an employee loses a device and leaves it in a cab?” Genes said. “How can I ensure that no third-party can use it?”