Recent reports that hackers have breached the network security of US defense contractors including Lockheed Martin is a salutory reminder of the risks to enterprise information. The source of the breaches appear to have been the electronic fobs used in two-factor authentication when users log in from outside the enterprise network.
Even in such a security-conscious enterprise as Lockheed Martin, remote access from outside the firewall is a regular part of the day-to-day working routine. There's a telling quote in the Reuters report from Loren Thompson, COO of Lexington Institute and a consultant to Lockheed: "the incident underscored massive challenges faced by corporate and government computer networks in 'an age where everybody has access to ubiquitous digital communications'."
No modern enterprise can function, it seems, without allowing employees and contractors to bring the cloud to its gates. In response to the breach, Robert X Cringely, the blogger who first broke news of the breach, reports that Lockheed Martin had to:
- Immediately disable all remote access
- Ask those who telecommute from home "to come into nearby offices to work"
- Ask over 100,000 network users to reset their passwords — including Pentagon staff who collaborate on projects, some sources added.
Some say that the right response to cloud threats is to completely isolate the corporate network from the cloud. But that's not realistic in today's connected world. Fact is, any enterprise network today, however private it attempts to be, cannot isolate itself from the Internet and all the threats that exist on the Web, if the business it serves is to remain competitive and effective. Productivity demands that workers be able to access corporate data from home and on the road. Effective partnering with customers and suppliers means giving their employees and systems access to certain applications and data.
'Cloud' is not just the technology, it's also the model of real-time collaboration and go-anywhere information access that we've got used to in today's hyper-connected world. You can't cut yourself off from it. Dealing with the security threats that exist in the cloud is just part of what you have to do to participate in the modern economy.