Clouds are full of cybersecurity vulnerabilities. If you’re trusting your data, applications, and other business assets to any of the public cloud providers, you want them to provide strong assurance that all of that intellectual property is safe and that hackers won’t exploit them to crash your operations or bankrupt your business.
How secure are the public cloud providers? In a few weeks, we will be receiving an update from Amazon Web Services (AWS) at their annual re:Invent conference, and Wikibon will be interrogating them both on their cloud’s cybersecurity safeguards and on what their broad ecosystem of cybersecurity partners bring to the table.
In a recent Wikibon Action Item crowdchat, I asked the invited subject matter experts and other participants a question that probably crosses an enterprise security specialist’s mind on any given day. I asked: “Who are the leaders in cloud cybersecurity and why?” Here are the responses we received:
- Tim Crawford: “Each of the core public #cloud providers are doing a great job for their part. However, #cybersecurity is fought with more than just #cloud.”
- Maish Saidel-Keesing: “ This market has a huge influx of new small startups who are trying to provide a solution for this new world. All the ‘traditional’ vendors would love us to think that they are right there with all the answers – but they are far from it….@maishskI dont think that there is a single leader here – it is still too early to say.”
- Craig Milroy: “[The onus is on the customer as well.. how many times has a customer left a S3 bucket exposed to the internet. Shared responsibility. #cybersecurity#datasecurity #aws#reInvent”
- Bobby Allen: Security still feels fluffy and intangible right now. Most business leaders are just doing their own thing and not engaging security experts. You also have the sacred cow of resource security vs. app security. It’s a civil war in most enterprises.”
- Andrew Miller: “honestly don’t think there is one – it’s just too fragmented a market that is changing too quickly.”
To be quite frank, none of that inspires a ton of confidence if I were an IT professional who’s still unsure whether to dip my companies’ toes into the public cloud or wade halfway in with a hybrid cloud deployment. In addition, advances in AI seem to be proliferating the botnets that are taking root in cloud environments everywhere and creating advanced persistent threats with devastating power.
An AI bot is nothing if not advanced and persistent. It’s advanced in that that it uses machine learning to target coordinated and purposeful actions and persistent in ability to operate, in a distributed and elusive fashion, 24×7, month after month, year after year. Not only that, but it has the adaptive, self-learning, probing intelligence to multiply its cybersecurity threat potential on every level encompassed in Lockheed Martin’s Cyber-Kill Chain framework:
- Reconnaissance: An AI bot can constantly harvest identities, application data, credentials, email addresses, behavioral patterns, and other assets necessary to train its AI to make it more adapt, effective, and devastating.
- Weaponization: An AI bot can impersonate any person, place, thing, or other bot in order to exploit backdoor system vulnerabilities in order deliver damaging payloads.
- Delivery: An AI bot can deliver weaponized payloads through any crack in a cloud, server, application, device, or other system attack surface.
- Exploitation: An AI bot can explore vulnerabilities through continuous real-world experimentation in order to fine-tune its attack on the target.
- Installation: An AI bot can learn how to surreptitiously install malware and other damaging assets on target while covering its tracks.
- Command and control: An AI bot can establish an untraceable command channel for remotely manipulating the target.
Your AI assets themselves can present a huge vulnerability for AI-powered attack bots. As I noted in this recent SiliconANGLE article, the attack surface of an enterprise AI model can be vast and mysterious. Vulnerabilities in your deep neural networks can expose your company to considerable risk if they are discovered and exploited by third-parties—perhaps surreptitiously through botnets–before you even realize or have implemented defenses. The potential for adversarial attacks against deep neural networks — such as those behind computer vision, speech recognition and natural language processing — are an increasing cause for concern within the data science profession. The research literature is full of documented instances where deep neural networks have been fooled by adversarial attacks.
Your Internet of Things deployments will exacerbate those vulnerabilities, especially as AI-powered apps are pushed all the way to edge devices. As I discussed in this article, defending the IoT against cyberattacks will be the mother of all security challenges. One of the most dreaded IoT security scenarios is the zero-day attack, under which hackers—or perhaps automated bots put in motion ages ago by hackers–exploit vulnerabilities for which there are no prebuilt defenses. The IoT presents a potentially unlimited attack surface for such assaults in the form of exploitable entry points for malware, intrusions and advanced persistent threats.
Going into re:Invent 2018, I want to hear how AWS is battening down the hatches against cybersecurity threats from within and against every last facet of its cloud, AI, and IoT infrastructure.
