Security keep up with cyberattacks

Can information security spending keep up with cyberattacks?

deepak munjal / 11.21.17

Over the past few years, we’ve seen organizations ramp up their security spending to combat the numerous and seemingly never ending threats that continue to plague the industry. The amount of money poured into information security worldwide is up to nearly $85 billion this year and is expected to hit $93 billion in 2018.

Despite this increase in attention and resources, the amount of money lost to cybercrime is climbing at an even faster rate, with estimates showing that damages will top $6 trillion a year by 2020. It doesn’t take a CS major to calculate that this number is 60 times the amount put up against it.

This is happening at least partially because the cybersecurity industry can’t find enough talent to fill all available openings. 780,000 people work in information security today, but there are still 350,000 jobs waiting to be filled. A 31% vacancy rate is awfully high, and if that doesn’t drop then the number of unfilled positions is likely to triple by 2020.

What’s the point of saying all this? Is it to declare doom and gloom across the industry, encouraging everyone to just give up? Obviously not. We think there are better ways to approach security than just to throw money at it. Security is not something you tack on top of an app when it’s done – security is something that should be baked into every aspect of the deployment process.

We see three trends that can help organizations make better use of their security dollar:

Moving applications to the cloud

The cloud sounds so ephemeral that considering it a more secure place to store data almost sounds counterintuitive, especially when compared to server racks that are kept behind lock and key. But, of course, no physical lock or key can protect data from attack. Just because something feels more or less secure doesn’t make it so.

There are several reasons that moving to the cloud provides an extra layer of security:

Cloud providers like Amazon and Google each host data for thousands of companies. This means they can learn from the mistakes of each individual customer and apply those lessons across the board. You can only learn from your own mistakes.

It presents a smaller attack surface. When your company is growing fast, you’re likely adding servers with only one idea in mind: managing rapidly increasing traffic. This can lead to a haphazardly laid out infrastructure that by nature is harder to defend. A cloud provider does nothing but provide compute and storage. In addition, they can harden their network across fewer larger data centers and they’re far less likely to have accidental design weaknesses in the system.

It can be quickly patched or locked down. Patches can be applied quickly and consistently, cutting many attacks off at the pass. Should a problem present itself, you can very quickly disassemble and rebuild any environment allowing for an almost instantaneous purging of threats.

Moving applications to containers

As with the cloud, the way Docker containers are structured and managed presents built-in security benefits. Like these:

You can’t SSH into a container. This kills a very common avenue of attack.

There’s usually no user access. That means no hackable credentials to manage.

They’re modular. Security problems can be linked to individual microservices without needing to dig around in the entire app. That means faster fixes and faster updates. It also makes it harder to inject malware since file systems aren’t persisted across containers.

There’s a smaller attack surface. In a VM you’ve got to secure host servers, virtual servers, the hypervisor, and the app. With a container you have to secure the host, the daemon, and the app, all of which cover less ground in the modularized container world.

Environment parity. A container provides the same application environment regardless of whether it’s running in a test or production. If it’s secure in pre-production then it’ll still be secure in production.

They’re short-lived. It’s hard to attack something that may not even exist in a few hours.

Open source. Nearly all Docker code is open source, allowing anyone to poke around and find problems with it.

Automating security with CloudPassage Halo and Puppet

Removing manual processes from security operations and replacing them with automated ones is the best way to improve efficiencies with your existing assets. Moving to a DevOps model and leveraging orchestration tools like Chef and Puppet allow organizations to do just this.

Our Puppet-approved (meaning we meet Puppet’s own rigorous standards) module for CloudPassage Halo automates deployment, configuration, and management of the Halo agent, making it that much easier to integrate Halo into your own processes. This makes it significantly easier to ensure every release is up to code with internal security policies within your org and that security compliance is continually enforced.

There’s no need to worry that something is being done properly when it’s done automatically. Removing avenues for human error enables IT security professionals to focus on what they do best instead of constantly worrying that they’re on the verge of falling behind. This allows for a leaner, more effective team that can get more done for less money, something that is always better than the alternative: getting less done for more money.

To learn more about CloudPassage + Puppet, click here.