A Vision for Cloud Security

No Gravatar

“Rainwater straight from the clouds is distilled water, as safe to drink as tap water. Can you say the same about data from the Cloud?” asks Dr Hongwen Zhang, CEO of Wedge Networks. “How would you react to a water company that sold water as polluted as the typical spam and malware riddled Internet connection?”  This also raises serious concerns for the Internet’s long-term survival.

By Dr. Hongwen Zhang, Wedge Networks CEO

Water is the stuff of life: nearly 60% of our bodyweight is made of water and the presence of water is the first thing astronomers look for when considering a habitable planet. Find a good source of clean water and you are established for life: ancient trade routes went from water source to water source, and cities grew up around those precious assets.

In cyberspace it is not water but information that flows to those nodes. But the same rule applies: deliver good information and business will flourish. For the service provider the information comes from the Cloud, just as water ultimately comes from the clouds, but is it as clean? How might a service provider benefit if it could promise not just data, but pure data for its customers?

What’s in it for the Service Provider?

Customer churn is one of service providers’ biggest headaches. The annual churn rate in global mobile telecommunications service companies ranges from 20% to 40% and it gets worse as the market matures. It’s common knowledge that the cost of acquiring a new customer is way over the cost of retaining an existing one – it reduces profits as well as the referral benefits of continuing service customers.

So consider my question: “how would you react if your water supply was as polluted as a typical Internet connection?” You would be forced to spend money on your own filter systems or water sterilizing tablets, bottled water from other suppliers, and would be constantly looking for better ways to buy water.

This is just how it is for Internet users: they are expected to invest in third party anti-virus and security systems, so they have less to spend on services. Then they get angry at the daily floods of spam and keep looking for better, or at least cheaper, services and providers.

This is the very engine of churn. A constant pressure from unwanted spam mail – carefully engineered with every psychological ploy to attract your attention and distract you – and you are forced to trawl through your in-tray in order not to miss a few vital e-mails that might also be there. More than 97% of all emails sent over the net are unwanted, according to a Microsoft security report – and the daily count of spam messages passed the 200 billion mark in 2010. There’s also the money and time spent on third party Internet protection software to keep out malware… Then you hear about a different provider that seems to be offering a good deal, maybe start with a clean new e-mail account? For the customer it’s just scratching at an itch – for the provider it’s churn.

Now change the scenario: you have a provider who, for the last year, has provided good service with guaranteed levels of spam reduction and malware protection that match your need without any extra effort on your behalf. Why bother to change? We are back to the more usual business situation here, where it is far easier to sell to an existing customer than to woo a new one.

20 to 40% churn is not normal behavior, it’s a symptom of frustration. Reduce that frustration by delivering clean data, and you reduce churn

The bigger issue

I’ve argued so far that any company that finds a way to deliver unpolluted Internet access will gain an immediate advantage from slashing customer churn. Good for them – but what about the benefits to business, the economy and society?

This would not make much difference to the large enterprise or public organization that has already invested heavily in security solutions. Such groups have their own well-defined requirements which vary from the military’s bomb-proof security, through the high speed needs of financial traders, the personal data protection of healthcare and government and so on. They will have their own security systems in place and a specialist team to administer them.

The real beneficiaries will be the individuals, home users and smaller businesses that don’t want to be vulnerable but resent the time and resources needed to provide their own protection. This is a large sector of the population, but is it as economically significant as the larger enterprises?

Taking Europe as an example, the EU website defines SME as having less than 250 employees, of which “small” means less than 50 employees and “micro” means less than ten employees. In these terms SMEs “provide two out of three of the private sector jobs and contribute to more than half of the total value-added created by businesses in the EU. Moreover, SMEs are the true back-bone of the European economy, being primarily responsible for wealth and economic growth, next to their key role in innovation and R&D” according to the EU website. Canadian figures rate “small” as less than 99 employees, “medium” as less than 500, while “large” 500 or more employees: in these terms “Small businesses make up 98.2% of employer businesses, medium-sized businesses make up 1.6% of employer businesses and large businesses make up 0.1% of employer businesses.”

If these figures are at all typical – and there are around 220 million companies worldwide with less than 250 employees – then the economic benefits of cleaner Internet connectivity to any country will be enormous. And this is simply in terms of the time and cost savings to smaller businesses that do not have the resources to protect themselves from malicious and time wasting traffic.

Add to that the benefits to home users, for whom the Internet is largely a provider of recreation and social contact. A society where people can interact, share experiences and freely discuss ideas is potentially a very healthy society. But when the medium of communication becomes polluted with phishing probes, spam contacts, “grooming” and other forms of malicious traffic, then the medium that once united society becomes the very means to fragment it and spread distrust and anger.

To take a specific example: there are already more than 2.1 billion mobile web users amongst a total world population of 7 billion, and the 2013Q2 China Mobile Security Market Quarterly Research Report includes a survey result suggesting that 53% of mobile data users do not want to install security software in their mobile devices. This might seem shocking news to an IT security professional, but it simply reflects human need and is an extension of the frustration that a home user would feel at having to take steps to secure home IT systems. For the fact is that much of the attraction of mobile web access lies in its immediacy, simplicity and directness – once you start complicating that with more passwords and levels of security that attraction goes.

So this is the bigger picture: a society that provides clean Internet access and does not leave the main burden of security to the individual user will not only gain economically but also benefit from better social cohesion and less discontent.

But is it possible?

The move to cloud computing has barely started, but it is another game-changer in terms of the need for better security in the Internet. With estimates around a trillion dollars per annum for the damage that is already being done by Internet pollution to the world economy – despite some $60+ billion being spent to resist it – it is clear that clean Internet would make a staggering contribution to global economic and social welfare. But is it a pipe dream? How would it be realized?

Another game changer has been the massive increase in content on the web, driven particularly by the popularity of video. With 90% of attacks being concealed within content – text, video and sound – any solution needs to involve real-time object level analysis of network traffic. This “Deep Content Inspection” not only analyses the bytes within the network packets, but also the digital objects that are carried over many network packets can also be recognized and handled. Clearly, inspection at this level is an enabler for any number of new network applications, and removing spam and malware is just the beginning.

I began by addressing the benefit to the service provider: deliver clean Internet to your customers and you have an immediate competitive advantage. OK, I also suggest that all SPs should do this, so the competitive advantage would be short lived, however the reduction in churn remains as an important bonus.

But there is another factor here: if the service provider has the means to clean up the traffic, including content, then there is also the potential to provide a range of security and other services. “Clean Internet”, like clean water, is of course by far the biggest draw overall, but there will also be some customers with special needs who would appreciate an SPs offer of “flavored water” with added levels or styles of filtering according to region of origin, language, date of origination or any number of special criteria. Deep Content Inspection offers unlimited potential for future services along these lines.

What is needed to achieve this must be an add-on “security layer” – for few providers would welcome a forklift upgrade of their immense and far flung infrastructure investment. It should be provided as software, running as a hardened, embedded operating system, that can be installed on ordinary off-the-shelf hardware appliances and servers, or else packaged as virtual machines.

The good news is that such software is already available and thousands instances of it are already deployed in service providers, enterprises, and small businesses worldwide, performing high performance deep content inspection for these organizations. Use it to “clean up their act”, and service providers now have a major opportunity to improve business and make a significant contribution to society.

The biggest issue

A cleaner Internet has enormous implications for business and society. It also raises important issues about the future of the Internet itself.

It has already been suggested that a very large network, by its very complexity, adaptability and organic growth, has many characteristics of a living organism. A living organism, however, consists of more than just flesh and bone, for it has systems that overlay that structure. The nervous system plays the role of a recognisably distinct “control plane” that receives data from every part of the body, in the form of senses and pain, and transmits back signals to control and manage that body.

Modern trends in networking recognise a similar need for a control plane to turn a static network into a dynamic “living” entity that can adapt to fast evolving business and regulatory demands. This is the essence of software-defined networking (SDN) and is now widely recognised as the future of networking.

All complex life has evolved such a nervous system, together with other systems that function in parallel. Wikipedia states that: “The immune system is a system of biological structures and processes within an organism that protects against disease. To function properly, an immune system must detect a wide variety of agents, from viruses to parasitic worms, and distinguish them from the organism’s own healthy tissue.” This is a very clear description of biological deep content inspection.

It goes on to describe the “layered response” of an immune system, beginning with innate immunity that provides an immediate, non-specific defence for all plants and animals from single cells upwards. Then there is the adaptive immunity that has been developed in vertebrates such as human beings: “Here, the immune system adapts its response during an infection to improve its recognition of the pathogen. This improved response is then retained after the pathogen has been eliminated, in the form of an immunological memory, and allows the adaptive immune system to mount faster and stronger attacks each time this pathogen is encountered”. As pathogens evolve and adapt, the immune system has evolved multiple defence mechanisms to keep pace.

The point is that ultimately no organism can survive without some form of immune system, just as it cannot move and adapt without a nervous system. So what is the long-term future of networking unless we can develop not only a software-defined nervous system but also a software-defined security system that is built into the structure itself?

The security layer I have described will provide an immune system for the organism we call the Internet. This software-defined security is as fundamental a development as SDN.

It could prove vital to the Internet itself, as well as to society and the economy.

This entry was posted in Industry News, Latest Security News, Wedge News. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Before you submit form:
Human test by Not Captcha