The cloud at the gates of the enterprise

The cloud at the gates of the enterprise

Summary: Recent possible security breaches at Lockheed Martin have highlighted how connected even the most security conscious enterprises have to be. You can't isolate your business from the cloud, you have to co-exist with it

SHARE:
8

Recent reports that hackers have breached the network security of US defense contractors including Lockheed Martin is a salutory reminder of the risks to enterprise information. The source of the breaches appear to have been the electronic fobs used in two-factor authentication when users log in from outside the enterprise network.

Even in such a security-conscious enterprise as Lockheed Martin, remote access from outside the firewall is a regular part of the day-to-day working routine. There's a telling quote in the Reuters report from Loren Thompson, COO of Lexington Institute and a consultant to Lockheed: "the incident underscored massive challenges faced by corporate and government computer networks in 'an age where everybody has access to ubiquitous digital communications'."

No modern enterprise can function, it seems, without allowing employees and contractors to bring the cloud to its gates. In response to the breach, Robert X Cringely, the blogger who first broke news of the breach, reports that Lockheed Martin had to:

  • Immediately disable all remote access
  • Ask those who telecommute from home "to come into nearby offices to work"
  • Ask over 100,000 network users to reset their passwords — including Pentagon staff who collaborate on projects, some sources added.

Some say that the right response to cloud threats is to completely isolate the corporate network from the cloud. But that's not realistic in today's connected world. Fact is, any enterprise network today, however private it attempts to be, cannot isolate itself from the Internet and all the threats that exist on the Web, if the business it serves is to remain competitive and effective. Productivity demands that workers be able to access corporate data from home and on the road. Effective partnering with customers and suppliers means giving their employees and systems access to certain applications and data.

'Cloud' is not just the technology, it's also the model of real-time collaboration and go-anywhere information access that we've got used to in today's hyper-connected world. You can't cut yourself off from it. Dealing with the security threats that exist in the cloud is just part of what you have to do to participate in the modern economy.

Topics: Networking, Security, Telcos

Phil Wainewright

About Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Message has been deleted.

    X41
  • How is this a "cloud" failing?

    From every detail that I can find, physical key fobs were used to allow access through their perimter network. This breach does not just affect companies in the cloud, but any company with a perimeter network that allows telecommuters.
    Your Non Advocate
    • HUGE difference

      @facebook@... On private networks, companies have full control on who the hire and can have access to the data on the network. And even with admin powers, there are ways to log who access what, when and from where.

      On the cloud, there ZERO control on who is hired and has access to private/proprietary corporate data. In fact, on the could there is ZERO control on what country the data is stored.
      wackoae
      • OK, But that is not this

        @wackoae

        And again, this is someone accessing a private network using a key fob. Unless we are redefining the "cloud" to also include VPN devices and any other form of remote access, the headline is extremely misleading.
        Your Non Advocate
  • RE: The cloud at the gates of the enterprise

    I think we have confused cloud with remote access. They are different. This aside, the point and intent of the article is valid. The real issue is not however simply the failure of the authentication mechanism but also the failure to ensure that the degree of access to internal systems remotely was controlled to minimise damage from breaches such as these or compromise by hostile contractors
    lucius_lobo@...
  • RE: The cloud at the gates of the enterprise

    You actually say (again..:) )that the only real cloud solution is the public one when you take in mind also the security matters. I totally agree on that and want to strengthen that by adding the economies of scale in the public cloud allows the IaaS vendor to induce specialization which allows the dedicated security team to concentrate exclusively on the security issues. There is of course the consideration that, from an attackers perspective, cloud providers aggregate access to many victims data into a single point of entry, and again - this one is only a technical problem.

    Ofir.
    I Am OnDemand . com
    ofirn76
  • RE: The cloud at the gates of the enterprise

    More computer and software nonsense. Computers are a waste of time and money. Maybe the Cloud will rain and short circuit all the computers out of existence.
    X41
  • RE: The cloud at the gates of the enterprise

    Whatever.
    james347