Want Security & Privacy? Treat Your Apps Like a Traveling Carnival
In the age of big data, privacy is arguably a more pressing issue than it’s ever been before.
As if losing confidential proprietary data isn’t enough, organizations who are hacked will likely incur significant penalties as well. Target, a victim of a major data breach in 2013, had to fork over $10 million to its customers whose information was compromised. It also agreed to pay financial institutions $39 million on top of that. And there’s was also the $67 million deal the mega-retailer reached with Visa.
Suffice it to say most companies are trying as hard as they can to learn from the misfortunes of others.
So how exactly can you ensure that your company’s apps and their associated data remain private? Instead of using more traditional methods, you may want to obscure the location of your app stack using the public cloud — or even public clouds, plural.
A Lesson from the CIA
This idea, believe it or not, is based on the first app the CIA built on public cloud infrastructure. Instead of adopting a traditional client-server approach with respect to privacy, they periodically moved the app from application zone to application zone, from region to region.
In doing so, they made it so that an attacker simply does not have enough time to complete an attack.
In most data breaches, attackers find your front door (i.e., your data center) and start knocking. They work hard to start wedging that door open. Once they get their foot in the door, so to speak, they wedge it open even more. Then they get an arm in the door, and can either grab a handful of data from where they stand or keep hacking and go for the motherload.
When an app is moving randomly and periodically, hackers have no idea where to knock in the first place. Even if they find you their efforts to hack you will be for not since you moved your front door. It becomes an exercise in futility for them, so they turn their attention toward other targets.
Privacy Starts During Development
The last thing any organization wants is to be the next company that’s in the news because they were hacked. By obscuring an app stack via the public cloud, you can rest comfortably knowing you’re likely to avoid that fate.
The good news is that this is a repeatable DevOps process. But it’s a process that must be embraced during the initial stages of app development if you want it to work.
A pro tip: You can obscure your app stack with a single public cloud. But if you really want to ensure your organization’s privacy, leverage more than one cloud. It’s privacy on steroids.
You Can’t Neglect Privacy
Privacy is certainly a scary issue. Many folks are nervous about the security inherent in the cloud, and for good reason — data is oil in today’s economy, as they say. Nobody wants to give up control of their information. The most pressing example is the disagreement over privacy between Apple and the FBI, in which Apple refuses to unlock an iPhone used by one of the attackers in the San Bernardino shooting.
But if the CIA is okay with using the public cloud to obscure their app stack, it should indicate that your organization would probably be just fine doing the same. When your apps are in the cloud, you can ensure everything is protected with end-to-end encryption.
It’s time to do everything within your power to protect your data. Moving your app stack to the public cloud is a great way to start. Think BIG. (pun intended)