If you watch documentaries about the natural world, do you ever find yourself wondering how the way that great numbers of creatures (that pretty much all look, and probably taste, the same) gathering together in a big herd, flock or shoal can be an effective strategy to avoid getting eaten?
To me it looks like nature’s answer to the buffet bar. If you’re a predator, how could you say no? Yet the evidence seems to suggest that this sort of collective behaviour is possibly an evolutionary response to being hunted (cf “Flocking Under Predation” by Dan Sayers 2009) which actually increases survival rates.
There have always been all kinds of predators in the business world. It’s not a positive word and they rarely exist for the betterment of the businesses they target. In recent years the apex list has been joined by a new breed; the cyber criminal. The hacker.
With corporate digitization increasing almost exponentially, cyber attacks have become more prevalent. Symantec’s 2015 Internet Security Threat Report is a worrying read – cyber attackers are moving faster, defences are not. Attackers are streamlining and upgrading their techniques while companies struggle to fight old tactics.
In the data center, we’ve tended to practice a code of silence; if we don’t say anything about potential vulnerabilities perhaps hackers will simply maintain their traditional focus. But it’s a doomed strategy. The more important data networks become, the more the data, the IT and the underlying physical infrastructure will all be targeted.
Rhonda Ascierto, an analyst for 451 Research who I like personally and whose views I respect, recently claimed that up to 50 percent of data center physical infrastructure devices with an IP connection are at risk of attack. I’m not trying to start a panic here – Rhonda’s numbers could be a little high and it might be only 30 percent in reality (!).
Here’s the thing; we can learn a lesson from nature. If data center and security managers make a collective response, we can possibly make it a lot less easy for those attacking corporate domains to bite off a nice juicy mouthful. Predators are adaptive and therefore threats will change. The question is, are we safer if we stick with the herd – or if we go it alone?
In my opinion, the adoption of cloud and other managed services could provide the trigger for beneficial mass behaviour. Most companies that outsourced their data center infrastructure in part or as a whole have quickly recognized their service provider can be trusted to deliver predictable and cost-effective levels of uptime, power and cooling. They’ll write SLAs to guarantee their claims and produce the testimonials of high profile customers to build confidence.
As more and businesses turn to internet clouds to ensure that their IT services can keep pace with the speed of business, at Schneider Electric we’re increasingly of the opinion that trust is also the answer to security concerns. In this case though, trust is placed in the service provider to fully protect the internet gateway and all information passing that way.
What cloud users will exchange for their trust is moot. I’ll give you my thoughts about that in another blog. One thing is for sure though, they’ll almost certainly drive a harder bargain than those network users who famously exchanged computer passwords for candy in a security survey. It will mean a somewhat counter-intuitive paradigm shift as they move away from trusted old patterns of behaviour to outsource protection.
My old friend Wikipedia says safety in numbers is the hypothesis that by being part of a larger physical group, an individual is less likely to be victim to a mishap, accident, attack or other bad event. If we all go our own way on security matters, we’ll be easy meat. What’s more, if more of us persist in doing things our own way, then more points of weakness are created which in turn can only encourage more attacks. And that’s just not social!