An article came out today about the long-standing lack of protection found in most cloud servers. The issue is not the operating systems, virtualization layers or applications – rather this issue is due to the motherboards not being protected. This flaw allows remote access and complete control over fleets of servers and, most likely, your formerly-secure cloud operations. This issue is just the latest exploit in a long list of exploits (remember Spectre) and they are not getting any better. It is clear that components cannot be trusted and cybersecurity has to evolve in order to protect devices from themselves…
Not More Products…PLEASE
If you are a sane person in cybersecurity then you are most likely either a) groaning or b) screaming (depending on how long you have been in security) at the idea of yet another security product. Never fear, as adding another product is NOT the solution… Disjointed security products never work – EVER. The biggest challenge in cybersecurity are the products themselves – how they disrupt enterprises, how complicated they are to use and how many of them only do one thing. Security has to be unified, cohesive and made for mainstream operators and not dungeon coders. Component security has to be part of a larger plan and streamlined into efforts that work above a base physical layer. If a hardware component malfunctions or is exploited, any viable security needs to isolate that issue and then run corrective measures within the context of overall operations. Taking down a core server during a critical data run just for a possible issue is not a good plan whereas immediately shutting down a core server in the middle of the night might be the best plan. Without unified integration across multiple tiers of an enterprise, these decisions are just not possible. In security, complexity equals vulnerabilities and running a large number of products that focus on isolated issues is certain to lead to disaster. Cybersecurity will only truly evolve by moving away from narrowly-focused, static products into unified, proactive, services. Piecemeal protection breaks everything.