Small and medium businesses (SMB) need innovative, complex, layered security in depth at the application level for their cloud-based applications and services in an emerging world of significantly ramped up global, and sophisticated distributed denial of service (DDoS) cyber-attacks.
The major stumbling block, however, is that SMBs don’t have the technical, personnel, or time resources to effectively administer such an environment.
The insight emerged from a panel discussion at the XON and NEC fifth annual summit hosted in Limpopo Province in August, which included Thomas Lee, GM of Wingu, Africa’s first Ubuntu-certified public cloud computing platform.
There has been a 150% growth in DDoS attacks this year with as many as 124 000 reported globally in a single week. That presents enormous risk in the context of many SMBs being application-based businesses – consider Airbnb, Uber and the like, says Lee – which demands secure protection at the application layer instead of traditional perimeter firewalling at the network layer.
The complexity of these attacks has also increased significantly and many originate inside companies, brought in knowingly or unknowingly as malware on flash drives and via e-mail by employees. Since those companies operate as a result of the applications, any interruption of service or corruption of the application or its data, represents a cataclysmic threat to the business itself.
In some cases it’s been found that DDoS attacks are also a diversion while the real attack is performed to steal data. In one case 435GB of data was culled from a company’s servers using a DDoS attack as a diversion.
“The major challenge SMBs face is that they don’t have the resources to counter the threat. Even if some do have the complex web of technical skills required to effect proper security the people often don’t have the time to execute – they’re busy running their business,” says Lee.
Military personnel, the panellists discussed, will tell you that the only effective security is security in depth. Traditional firewalling, therefore, is no longer effective because it is simple perimeter security. What SMBs, and even their larger cousins, require is everything from anti-virus to malware, URL, Web filtering, and intrusion-detection protection.
“The complexity of provisioning that level of service is beyond the vast majority of SMBs. The trick is giving them the complexity of security they require to keep operating safely and securely while making it simple for them to get and maintain,” says Lee.
These and other security threats constitute some of the major reasons for slow uptake of cloud services among businesses. They cannot secure servers themselves, they are unsure about traffic flows to and from servers, and in some cases don’t know where the physical servers reside. Yet, it is, perhaps ironically, because of these threats that in future businesses will seek cloud service providers.
The cloud service providers are spending a lot of money to ensure that they offer secure, reliable services, spending that far outstrips what the average SMB is able to spend (even if they had the expertise to ensure every cent was spent effectively in pursuit of their goal for security).
“In future we expect businesses to seek out cloud service providers who will be the best placed and most experienced to offer the security that emerging and future threats represent,” says Lee.