„It’s not usually the cloud where security is compromised“
Whether for online banking or to back up files on a smartphone, many people consider it quite normal to use the cloud. How secure is it, though? Carsten Fischer, Deputy Head of Cybersecurity at Deutsche Bank, has a clear opinion.
Carsten, why are so many companies turning to the cloud today?
It’s because the cloud has enormous transformation potential. Its advantage is scalability. This means that the cloud gives companies access to vast computing power whenever they need it. Especially when companies are growing strongly, this allows them to increase capacities virtually in real time. This is indispensable in the digital economy, where data processing plays a major role. In addition, using the cloud saves costs; you don't need as much computing power on stand-by for peak times.
What is the biggest weakness of cloud technology?
Think of it like this: on the one hand, there's the traditional network world, and on the other hand, there's the cloud. When a company uses the cloud, there is a connection in between. And it's here that you have to pay attention. This connection must be encrypted and secured in exactly the same way as data is encrypted in the cloud and on the conventional network. It's not usually the cloud where security is compromised.
Either in the connection to the cloud or directly in the cloud service customers’ conventional network. The cloud provider protects about 80 percent of the entire system and primarily offers encryption of the data stored in the cloud. The customer, on the other hand, is responsible for keeping data secure in the part of the system that is stored on its own network and also for the connection between the company’s traditional network and the cloud. This is where most attacks are observed.
The cloud comes across as more secure than traditional applications
Is that because the cloud is more secure than the customer’s own network?
The cloud comes across as more secure than traditional applications. There are several reasons for this. Cloud service providers specialise in security and have correspondingly qualified people. In addition, their budgets far exceed those of conventional companies. Providing a secure cloud is their business model. If they failed to do so, they would quickly disappear from the market. That's why they have such good standards.
So who poses the biggest threat to the systems?
There are several threats: hackers working for nations such as North Korea or similar are the most dangerous. Other hacker groups – black hat hackers – are out to maliciously attack companies for their own monetary gain or, for example, to disrupt payment systems. There are even green hat hackers – new to the game and keen to hone their skills. White hat hackers are ethical hackers, often hired by a company to identify vulnerabilities in their systems.
Hackers working for nations (…) are the most dangerous
Users are reluctant to store data in clouds outside Europe. Is that justified?
There is a difference between private individuals and companies using the cloud. While for many private individuals cloud services are free, in exchange for which they agree to the use of their data, companies pay for the service and retain data sovereignty. They get a kind of dedicated environment in the cloud. There, they can exert much more influence on the protection of their data. Incidentally, companies can contractually agree that the European customers’ data remain in Europe.
What will be the biggest risks to cloud security in the future?
I see two main risks: one is quantum computers, which could crack existing encryption methods in one fell swoop and make them obsolete. However, I am confident that today's cloud providers will keep pace here and are already developing suitable defence mechanisms. The second risk results from the increasing interconnection we are experiencing via the Internet of Things.
Companies pay for the cloud service and retain data sovereignty
What is the threat there?
When hackers want to break into a company's network, they look for the weakest point. That could be a coffee machine connected to the network, which is fairly common nowadays. Once the hackers are in the network, they look for other vulnerabilities. Again, cloud technology itself is very secure. It facilitates the use of interconnected devices, and companies must pay attention to their security so as not to create a weak spot.
What other practical tips do you have for us?
Just like with companies: don't create any weakness. Use a virtual private network (VPN) when you connected to public Wi-Fi, don't let yourself be spied on when you use other people's devices, and make sure you have a secure password! It should be so strong that it is not easy to crack, but so simple that you can still remember it. One of the things I use for this is a password app, and, for me, when it comes to the access code, every digit counts.
About Carsten Fischer
Carsten Fischer is Deputy Chief Security Officer at Deutsche Bank and Regional Lead for TDI Germany. He has been with the bank for almost 25 years, with a wide range of roles in IT, Risk and, for the last ten years, in Cyber Security.
In the Chief Security Office he is currently driving the new Threat-Driven Strategy which will play an important part in ensuring the successful execution of the bank’s strategy over the next three to four years.
… is interested in how cloud technology can change business models. At the same time, he wonders what gateways it creates for hackers and how best to protect against this.
Digital Disruption | Video Story
"It’s not usually the cloud where security is compromised" "It’s not usually the cloud where security is compromised"
Whether for online banking or to back up files on a smartphone, many people consider it quite normal to use the cloud. How secure is it, though?