Cyber Attacks in the Cloud How Do You Know Your Data is Safe Intel Technology

Show video

(soft music) - [Announcer] Welcome to What That Means with Camille, where we take the confusion out of tech jargon and encourage more meaningful conversation about cybersecurity. Here is your host, Camille Morhardt. - Hi, and welcome to today's episode of cybersecurity inside what that means the cloud. I'm really looking forward to this conversation today with Monica Ene-Pietrosanu. She's director of software for cloud and enterprise solutions at Intel. And welcome to the show, Monica.

- Hey Camille, thank you. Thank you for having me today. - So I'm really looking forward to this conversation because the word cloud is so incredibly broad. And I think that we'll probably start broad and then kind of narrow in on some stuff as we start hitting on the intersection with security and acceleration and whatnot.

But I do wanna start with, you know, what is the cloud? I still think that, you know, a lot of people go around saying cloud and maybe just don't really know what it means. Could you just define it for us briefly? - Yeah, absolutely. Simply put, cloud computing is the delivery of computing services over the internet. Without the user needing to know the physical location or configuration of the hardware that delivers your applications for email or storage servers or databases. And I agree with you, Camille, cloud is everywhere today. It's an undisputed reality and we've seen it growing at an exponential rate.

- Do you know how it got the name cloud? - It's pretty much the change of the computing model from the mainframes in a room to our PCs on every desk in every house like Bill Gates vision was to actually moving the compute capabilities in a centralized location and abstracting that as a cloud. You don't see what's there. You don't know the physical location, you don't know the configuration, you just enjoy the services. - So what, like where are clouds and what are they? I mean, I think of them as just a whole bunch of servers sitting somewhere together in some possibly remote location where energy is cheap because they cost a lot of money to cool. - And that's a good way to start thinking about it. Many people are using cloud because it provides as you said, cost savings, agility, efficiency.

It also enables something very important for the business. Getting to market faster. If you imagine a business, in the past it took six months to deploy new services from proposal to hardware and software ordering to deploying the services, developing the software and actually getting them online. Today with so much competition, competition is fierce and the same company is able to get up and running in less than a week with a new service due to the cloud.

So it's all about getting to market faster. In the United States companies like Microsoft, Amazon, Google, Facebook, IBM Oracle, Apple have moved into what we call hyperscale data centers and across the world, specifically in the popular Republic of China, companies like Alibaba, Baidu, Tencent have done the same. And what does it mean at hyperscaler? According to the market intelligence company called the International Data Corporation or IDC a data center is generally defined as hyperscale when it exceeds 5,000 servers and 10,000 feet. So that is a huge scale. It definitely brings a significant amount of control, huge efficiencies, and also huge responsibilities.

- And so these data centers, they're all over the world because it reduces latency. We still have this problem, if every data center were in one location, but the closer the data center is to you, the faster you are able to get your data, is that correct? - Absolutely latency is an important aspect and that's why all of these data centers are geo distributed. Each of the hyperscalers offers multiple zones of accessing the resources.

And that's what also drives the emergence of what we call the edge where we are bringing compute closer to the user. There are servers, mini data centers being set up closer to the users, whether it's your car, your phone, your mobile, your device considered to be as a user but you don't need to go back to the cloud. And many computations can happen closer to the edge. So this cloud computing moving closer to the user is another trend that is complimentary to all the move to the cloud. - You're saying actually creating mini servers that are then closer rather than moving the compute to the device necessarily, you're saying the compute will be on a server that's closer to you at your local intersection or on your block or in your parking garage or at your factory or something. - So the edge, the cloud moving to the edge means smaller data centers are being built closer to the users.

And if it's about your car, you probably have a data center that's closer to the neighborhood or the city you are in. If it's about your phone, mobile device, pretty much the same. So smaller data centers placed closer to the users. - Interesting. It's like distributed cloud or something. - Yes. Yeah. - Okay. - That's pretty exciting.

- So let's say you take a picture, you put it on one of the many public clouds offered in the United States and now you want to access your picture. What exactly is happening? What is actually happening behind the scenes to get that to you? - Lots of things happening behind the scenes for you. And it's so cool that you have huge amount of storage right? This massive amount of data that can be stored, that's one of the advantages of the cloud. Because the cloud enables you to scale up, scale down.

So what's happening you store your picture with one of the cloud service providers that offers that type of storage service. And when you wanna look at it, you bring it down on your mobile phone or your laptop. And then that means it's coming down the wire to your computer.

There is an address, an IP address, it's basic concept of client and server, right? So if you consider the server being in the cloud, now you don't see, you don't know what it is, you don't have the hardware capability of it. It's coming from the server to the client which is your local machine or your mobile phone. And then you can have a subset of the services run on your mobile phone.

And then you can send it over to either another user and that has to go through another cloud service. So everything happens through the cloud and the amount of processing that happens on your devices is quite limited. - You know, one of the interesting things since you're in software, maybe you can help us understand how we made better use, we as in, you know, industry in the world figured out how to make better use of servers and allowing multiple people or multiple organizations to exist on a single server rather than have a dedicated, like this is my PC, nobody else gets to touch it.

Can you help us explain how those resources are sort of optimized and shared? - Absolutely and that comes, and I wanted to say that in addition to the large cloud service providers, we have others that are, even if they are not called hyperscalers, they are still very relevant. So we are using cloud services from a multitude of providers and for them being able to efficiently run the infrastructure is an important factor. Today in the cloud, everything runs virtualized whether it's in a virtual machine or whether it's a container or a microservice. There are some new concepts that are changing the deployment model today that are actually driving efficiency. And maybe you've heard already about function as a service where I don't rent a full machine in the cloud.

I only need a specific type of function to be executed. And then I'm paying as much as I need for that function to be up for me. And then when I don't need it, I don't pay anymore. It's very cost efficient to use function as a service.

Back to the cloud service providers, their main job is to extract efficiency from the infrastructure, whether it is to also run with sustainable energy, because hey, that's definitely an important aspect or to ensure security. And security in the cloud is paramount. The responsibilities that cloud service providers and the challenges that they are facing are huge. And let me just give you some examples.

I mentioned 5,000 servers for hyperscalers. So that actually brings increasingly complex problems that these hyperscalers need to solve. Even a statistically small incidence rate can manifest very meaningfully at hyperscale. As the core count, memory capacity, number of server scale so does the impact of problems that we may consider negligible when we talk about our laptop. Every failure is gonna be augmented at scale.

Then the other aspect is that we cannot have downtime. So cloud service providers need to provide updates without the downtime. Rebooting the system to fix issues and enable post-deployment features is no longer an option. This platform's update ensuring reliable platforms update is a big deal for cloud service providers.

And also effectively root causing issues. The goal of the cloud service providers is to bring to their users the benefits of the latest hardware and software while minimizing the disruptions and downtime. So there is a lot of responsibility. We know cloud is always on and an hour of downtime from Amazon or Google, not only- - All over the news. Front page news. - Not only becomes worldwide news, but also has a huge impact on businesses.

Because this pervasive adoption of the cloud architecture has transformed the business and how our society functions today. And that's why people around organizations count on cloud to deliver the services and experiences that they trust and that they need. - Okay, so let's talk about security and I'm also quite interested in the privacy aspect.

I don't know if you wanna mesh these answers together. I think they maybe are different. On the security front, of course, I'm interested in how cloud service providers and clouds are protected and how they detect potential attacks. On the privacy front, I'm very interested in you are sending some personal information or some important IP from your company to a cloud.

Who could potentially see that information and at what point could they see it? Is it when you're sending the data there, when you're storing the data, when the data's being processed? - Security is something that is in the top three CIO challenges when moving to cloud. And the chief information officers have a lot of things to worry. 60% of the developers today deem security to be extremely important for their applications that target cloud environments. As a result, there are many new developments to advanced security in cloud but there are also a number, a growing number of increasingly sophisticated threats are being faced by the cloud service providers. And let me give you three examples and I will include privacy is definitely part of security.

It's an important aspect. But just to to give you an example of what's going on. Security budgets have constantly been increased by IT execs worldwide. And even that happens software only based security measures or isolated solutions can still fall short. For example, 75% of the companies attacked by ransomware run up to date endpoint protection software.

And then there are this high profile breaches that we keep hearing that highlight the risk even more. Last year in March, suspected Russian hackers stole thousands of emails after breaching the email server of US state department. And then in August last year, hacker attacked an unprotected router in the T-Mobile Network to access, I think they got access to over 50 million people personal details. So the costs are massive. $10.5 trillion is what's the projected annual cyber crime cost worldwide by 2025.

That's huge. And at the same time back to your privacy question, cloud companies have to navigate a growing set of data protection and cybersecurity regulations from the global data protection regulation, GDPR in Europe to the executive order on cybersecurity in the US. And if a cloud company doesn't meet the security requirements, they can face legal risks. So it's a huge amount of responsibility and as you said, data needs to be protected everywhere when it is in use, when it is in flight and when it is at rest.

Over the past decade, there's been significant progress safeguarding data that is in flight, when it's traveling over the network or at at rest, being stored. But that means that data is often most vulnerable when it's actually in use. And this risk has emerged as the one of the most pressing security challenge that we face.

The threats have increased and are many times internal. So even if you are inside of your company's firewall, the attack can come from internal actors that are not trusted. And that's why all this discussion about protecting the data news as well as a zero trust approach are super important. Let me say a few words about zero trust approach.

This is a layered, a defense in depth strategy to protect against what we call insider threats. - So the public cloud companies are running often operating systems, as well as applications on top of the operating systems, like an email application, let's say, or photo editing application. They're also owning and running the actual servers, the hardware, that the operating system is that the virtual machine monitors and the operating system and the applications are on and they're storing all of the data, your data or your IP.

Do they have access to what's being stored on top of because they have the hardware and the operating system and the application, can they access the data itself? - They can access several layers of the data. There is a lot of control that they have, but also a lot of responsibility. And that's what's generating legislation that comes to clarify that as well as technologies who is encrypting data in action, as well as other technologies who encrypt data who is stored on various servers. So obviously, if the data is encrypted on a storage server, the public cloud provider will not be able to access it. And also there is a lot of encryption that happens when the data is traveling through the network in between the servers. So today, the data is being secured at every point and at every moment.

And that gives, let's say limited ability to what the cloud service provider is able to access. However, we also need to understand that they assume a huge responsibility in delivering the services. So they need to be able to ensure monitoring of various events. If something goes wrong so that they are able to root cause as well as the ability to stand up new services without downtime. So there is access for auditing as well as let's say, setting up new services - Is the access for auditing access to private data or is it access to some kind of event history of like what's being done or run? - It's access to event history so that they see what's happening. And that history is definitely including information that helps them troubleshoot the situations.

- Hmm. Okay. What else should we be addressing in this conversation so that people can come away with, like I really have an understanding of cloud, I haven't missed some big aspect of it? - My angle has been a lot on the security side. I mentioned how to protect the data in use, how to enable a zero trust approach, also making sure that security is going down on the software stack and we secure the base layer. Another thing is around developers.

The world is changing for developers as well. Cloud has become a very powerful trend for them to deliver their applications. But developers themselves are operating differently because of the cloud. They are working in a way that's more agile, complex, sophisticated.

And today over half of the developers state that they save more than 20% of their development time by using a cloud platform. So we have a shifting model here, the software development is shifting by adopting DevOps, merging the continuous integration with continuous deployment. Development resources are available on demand on cloud. You don't need to wait to buy your server. And there are deployment models that evolve because of the cloud architecture like containers, serverless microservices. And another aspect for developers is that more and more applications and services are being developed now through high level programming languages like Python, JavaScript, Node.js, Golang.

Some of these languages didn't even exist 10 or 15 years ago. And the idea over runtime is that, it's not compiled at the development time, statically. It is compiled and executed really at the execution time. So we are seeing this shift to new languages and we are also seeing developers taking cloud very seriously and designing for failure. Netflix, for example pioneer this approach called chaos engineering where they are deliberately introducing chaos testing into their software to find issues that could lead to outages. And if the code is written, assuming that the system would fail it also results in proactively building resilience.

Last but not least, the tools development is changing. As I mentioned, tools that require reboot have little utility on a cloud instance where multiple workloads are running and most of the tools today evolve to the software as a service model. So it's an entire shift to new models and new paradigms in the developers world as well. - You mentioned how the cloud's gonna look really different because we're adding a bunch of micro clouds, you know, closer to the edge or closer to where, you know, people are requesting information on their devices or cars or homes.

How is that relationship going to exist with the like giant centralized server firms? Like how is data gonna move differently than it does today? And how is the protection of that data gonna look different? - All the technologies that have emerged in the public cloud the large data centers is being transferred to the edge. And that's benefiting the edge in a huge way. They will continue to coexist and there are performance implications but there are also operations that will happen in the large data center, in the public cloud. Because of security because of performance aspects and so on. So I think it's a diversification and they will continue to coexist. And I'm seeing developers actually taking advantage of both models.

- Do you think that sort of increase in artificial intelligence and machine learning with all of the different, you know models that it's using, everything from federated learning which is distributed to convolution neural networks and all different kinds of things, is that going to change how the cloud is structured? Will there be different kinds of new server farms that are specifically set up for AI or different kinds of workloads? Will it change anything or is it rolling right in? - We are seeing a broad variety of workloads running in the cloud. We are working with cloud service providers to determine what are the types of instances that are best serving various categories of workloads like AI, what's the best type of instance that runs databases, what configuration they should have. So it is a lot of focus on optimizing workloads for specific hardware and also making the deployment of such workloads not only faster but enabling it to happen more efficiently. - Can you tell us a little bit more about the sky you alluded to it earlier? - What I've seen emerging lately is this multi-cloud concept. There are independent software vendors who develop and deploy their services across more than one cloud. The need for interoperability is big.

And if you look at cloud being like one of the like, computation being one of the utilities in the future, same like we get electricity, same like we get gas from various providers, if cloud is to become the same way, then this focus on interoperability will become even bigger. And we already see, for example, Amazon web services providing services that work not only on Amazon web services that work across Azure and Google cloud platform. Same from Microsoft. Microsoft is providing Microsoft Arc who's working across multiple cloud service providers. And then there are the software companies who are producing on top of this. So I'm seeing this trend to prevent one business for example, from being locked into one cloud and that's gonna lead to very interesting developments in the future and this is very exciting.

I'm actually looking forward to see how they are gonna evolve. - Great, I can't wait for what's after that. We're going to inner orbit and then out space. - Oh yes, more layers coming.

- Thank you very much Monica Ene-Pietrosanu. You are fascinating person to discuss the cloud with, thank you for taking us through all levels cloud, actually, and edge and sky and beyond. - Thank you Camille.

Really enjoyed the discussion and yes, to the sky and beyond - [Announcer] Never miss an episode of What That Means with Camille by following us here on YouTube. You can also find episodes wherever you get your podcasts. - [Narrator] The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation. (soft music)

2022-08-03

Show video