CloudFest 2018 – The Security Panel
Attending at Cloudfest (formerly known as WHD.Global) is always the highlight of the year event-wise. Catching up with our partners, having lively debates about new technologies and learning from industry leaders are things we always go for.
As our ninjas attended in incognito this time – only as attendees, not exhibitors– they had time to crawl around the different vendors and visit some great presentations. – Should I even say this? - Security-themed speeches were our favourite.
As most of the presentations are published at Cloudfest’s website/Youtube channel , now we only share our experiences about the security panel („Will our toys break us?”), where we agreed on several points of view we heard of.
Cyber(in)security in 2018 and beyond
The panel’s main topic was IT security connected to IoT devices. No wonder, as the more than 8.4 billlion IoT devices are often caught on carrying out DoS attacks by botnets worldwide. Here at BitNinja, the 2 main attacks types, originated from IoT devices are DoS attacks and malicious port scans, which prepare heavier attacks for later.
But it shortly turned out that IoT security cannot be handled separately from server security or personal data safety. The panelists perfectly described security as a hard-to-limit area, where „there’s no really boarders on wheter one country’s security regulation ends and where the other’s starts” (Ashley Stephenson – CEO at Corero).
Not to mention sharing responsibility on the users’, providers’ and developers’ side. Security is a joint responsibility, as Romco Hobo (Infradata) suggested, „any software and devices should be deployed safely just like electrical things shouldn’t shock anybody in use.”.
Along this thought, security focus isn’t exactly concentrated at IoT, however they attacking is an existing issue. And if that’s bad now, just think how bad it’s going to get by 31% increase of IoT devices per year.
Who's to blame?
Considering responsibility questions, we heard different opinions on this matter.
Igor Seletsky (Cloudlinux) emphasized the need for changing the aspect of security, and not applying the same old rules to billions of devices. He also added, we need to keep focus and decide what is important to secure and what is not – this change of attitude won’t be solved by $10 thermostats – or the only way left is network security.
Thomas Hiermayer (Myra) settled our differences and told „people don’t pay for security, they pay for features”. He still finds the importance of security by design an important thing in terms of responsibility and suggested OWASP as a great standard to start with.
Security suggestions for providers
However, the topic was IoT security, the conclusion of the panel was rather „we don't have to worry about badly secured devices but the poorly configured servers they’re connecting behind them" . Cyber outages rose above natural disasters, so we cannot ignore the commercial drivers behind the threat growth and we cannot rely on luck to avoid breaches and server attacks anymore.
So when panelists were asked about their suggestions to SMB owners and providers on the battlefield, they mentioned the followings:
- Segmentation is key to eliminate risks and damages, so do it! Containerization is great stuff – said Ashley (Corero).
- ’Keep your friends close, but your enemies closer’ is a thing that everyone should consider. So spread the word, train, raise awareness to security issues. – suggested Thomas from Myra. From his aspect, emergency scenarios for security issues should be as widespread in companies as fire alarm drills.
- Igor also joined to this last tought by telling, you cannot secure servers […], some things are totally unpredictable, so we should accept being vulnerable’. So the most important thing he suggests to do is to train your people, ’cuz they think they know how to secure their servers but in fact they don’t.
- As most companies have to fight day by day with hackers (it takes 20% of the time of an IT team every day), Romco suggested to keep logging everything on your servers in real-time to find the source of attacks. Most attacks are traceable so it’s a waste of resources not to do proper logging.
Automate server security
That’s true, it’s just the matter of time when hackers step up to the next level and hack traffic lights, airplanes or whole cities, instead of termostats. IoT security is definitely a hot topic today.
But what we really agree with here at BitNinja , is that protecting networks and servers behind these devices is much more important. So go find the best solutions available for you, boost up your server security with customizable, automatized solutions. Spare some time and effort to your team and keep that in mind when choosing the right tools.
Here at BitNinja we have a 7-day free trial for Linux servers to experience life without constant hacker attacks. See with your own eyes, how a modular server security system can power-up your security and performance – even if you think it’s maxed up by your existing tools already. You’ll be surprised.