While the adoption of cloud computing continues to be the fastest growing area of IT spending, there are a number of security-related concerns that have not been sufficiently addressed to unlock the advantages of cloud to public and highly regulated sectors.
Guardtime – the company behind the pioneering KSI Blockchain, which is deployed in most Estonian government networks – helps enterprises and governments to regain the control and oversight of their virtualised infrastructure. While also mitigating the related threats and fears that still hold back many organisations from realising the huge potential of the cloud, 5G and everything else virtualised and outsourced in their infrastructure.
We caught up with Luukas Ilves, Head of Strategy at Guardtime, to better understand the essence of cloud vulnerabilities and shed light on the value that Guardtime’s new cloud security solution MIDA provides in combating this challenge.
To set the scene, could you briefly explain, what is the essence of the security risk when it comes to cloud adoption?
The fundamental problem is that the cloud is someone else’s computer. On the one hand, that is why the cloud is great – it provides an opportunity to outsource complexity. But this also means that you have taken an internal operation, which is essentially your core business process, and put it in the cloud. You therefore have a new trust problem, because in a way, now someone else owns your core business process.
Adding on to that, cloud has become increasingly more virtualised. Everything is a configuration. And too much harm can be done by misconfigurations – accidental or malicious.
If you move away from the cloud’s most basic function of storage, you get into further layers of complexity. Detecting and reacting to misconfigurations is becoming increasingly more difficult for cybersecurity teams.
Or as we have put it – you are looking for a needle in a haystack, that is in someone else’s barn, that you can inspect only on weekends. This is of course an oversimplification, but helps illustrate the gap between the owner of the process and what is actually happening to the bits and bytes in the cloud.
That space between how you see your process and what is happening physically, is being run by the cloud service provider. You don’t have full insight into what is going on there. Today, you just need to trust them and your own system administrators. And your auditors, your partners, your clients – they all must trust you. This creates space for all sorts of security problems to arise, often strong enough to block great cloud aspirations for many organisations.
As the cloud hides the complexity of running a very complex computing infrastructure, it also hides a lot of the security information. And that is where the trust problem arises.
Guardtime’s offering for cloud security (as well as other cutting-edge technology from 5G to IoT) is MIDA. What is the background of this product?
MIDA came into the picture when we saw some of the difficulties our customers were having with deploying traditional cybersecurity solutions for protecting their ever-virtualising digital infrastructures and assets. Such tools excelled well in complicated systems – i.e. linearly growing scale of processes and data that were supported by on-premise infrastructure. But today, the cloud-based world needs tools that are fit for complex systems. Tools that operate on new principles and more efficiently. Tools that seek and find new patterns and stay on top of ever-changing systems in real-time.
Solving “complex” challenges with tools built for the “complicated” era just means an endless increase of required resources, costs and problems for organisations. Through this, we realised that Guardtime’s core technology actually gives us a way to solve this “cloud is someone else’s computer” problem in a fairly new and creative way.
The underlying foundation of MIDA is the following: everything happening in a cloud that you care about, is a state. Whether that is the configuration of a machine or the actual physical state of a drive within a server, etc. The way that cloud security works now, is you receive logs, provided by the cloud service provider, and they tell you what those states are. You (selectively) analyse those logs by looking for discrepancies and security flaws. Once you discover something, you can react to it. (This is a solution from the time when systems were complicated).
We understood that using our very scalable data integrity architecture, we could actually do that state monitoring in the cloud more efficiently and productively than current methods. Therefore, instead of waiting for me to get those logs out of the cloud and then doing the assessment – this allows you to have an automated machine to sit in the cloud, do the monitoring for you (for everything, not selectively), and tell you if things have changed. (This is a solution for the time when things have gotten complex).
Once you have this ongoing stream of updates about the state of information in the cloud, it makes it a lot easier to do the type of security monitoring that tells you what is actually going on in the cloud. And all those state captures that MIDA makes are signed immediately with KSI Blockchain, you know that the information coming out of the cloud is the immutable truth and it is an immediate reflection of what the physical machines are doing.
You can therefore paint a picture of your cloud deployment and its current state, which is a lot richer than what the cloud service itself would tell you. And that starts closing this gap of the cloud being someone else’s computer.
But, what sets Guardtime’s MIDA apart from other similar solutions?
Of course, we are not the only people that let you monitor your cloud and provide insight into what is going on. What is unique about Guardtime is that we can manage the ever-increasing scale while maintaining a reasonable cost level.
The cloud is producing huge amounts of information and to know everything that is going on, your monitoring solution should be as complex and as big as your cloud. Right now, if you look at traditional log analysis, people set up massive cloud deployments just to hold the logs of their cloud. These are essentially just a bunch of data sitting, waiting to be analysed. And the more you analyse, the more you pay.
What Guardtime does in the cloud deployment is ask if the state has changed and run that check once a second or at any other defined interval. Because the running of that check is secured on our integrity layer, and it is thereby provable, we only need to export information when something changes.
The amount of information that your cloud is monitoring therefore becomes a lot more manageable. And when you do get an alert out of it, you know it is something you really need to act on. Finding those needles in that haystack, at the right time, becomes much easier, faster and cost-efficient with MIDA.
In building MIDA, you did a lot of work with Verizon, one of the largest management security providers in the world. What did this collaboration entail?
With Verizon we built out a deployment of certain components of MIDA for cloud, called the MSI – Machine State Integrity. We started our partnership a couple of years ago and they really helped us understand the business requirements that large corporations have around the cloud.
Verizon has also been one of the early adopters of 5G and has deployed a fairly big footprint in 5G infrastructure in the US. They have had to work through the specifics of how to apply this state awareness and ongoing monitoring to 5G.
Speaking of 5G, how can Guardtime’s MIDA then address some of the 5G security concerns?
For a little bit of background on 5G. What cloud has allowed you to do is transition from needing specialised hardware to now having general cloud hardware. So, in the past, if you built a 4G network, you needed very specific, unique 4G equipment. Whereas now if you are building a 5G network, a lot more of what you are actually doing to run the network, just looks like the general cloud.
Historically, providers of networking equipment, (such as Ericsson, Nokia, etc) have also had specialised hardware security. You would purchase the equipment, it would be yours and you could do whatever you need from certification to penetration testing. Now we’re in an era where 5G itself is almost run as a cloud service and the manufacturer of the equipment is to some extent involved in running that. So, a lot of 5G networks actually provide not just the physical hardware but also the software solution of a service on top of that.
This means that there is suddenly a new trust dependency. As a telecoms operator, for example, I do not just have to trust the physical equipment provider once to give me secure equipment that does not have a backdoor. I actually have to have an ongoing trust relationship, where I trust them to properly run the security, to update and patch things and to ultimately not, at a future point in time, introduce a backdoor.
That is the reason why suddenly with 5G we have this question of Huawei equipment, that we did not have with 4G or 3G. Theoretically, Huawei – or any other provider for that matter – could open a backdoor at some point in the future, use that to run an attack and then close it again and leave no trace of what has happened.
You need a new and different way of doing security. This paradigm of having an ongoing awareness and knowing the truth of what’s going on with your machines also becomes important for 5G.
And Guardtime’s MIDA is up for the challenge.
Today, e-governance and e-services have become a necessity in every country. e-Estonia Briefing Centre – the gateway to Estonian expertise in e-governance, invites you to connect with the Estonian IT companies directly responsible for the successful functioning of the e-state even during a pandemic. Get in touch with us to set up your custom virtual programme with the best partners you could get:
Photo by Johannes Plenio from Pexels