Can the cloud be more secure than your network? Yes, thanks to the hackers.
September 30, 2015
When people think of hackers, they typically imagine shady characters wreaking havoc while lurking in dingy basements. But there’s another side of hacking. While some are trying to scam people and phish passwords, steal documents or money or IP, others are doing the same, but with a different purpose—to protect the world’s data.
To people working in software security, it doesn’t sound odd at all to know that you’re employing someone whose job it is to hack into your system. Netflix has a dedicated squad within their security team, whose sole purpose is to try to disable various pieces of Netflix’s architecture to see where it can be improved and how quickly the security team can respond.
Security concerns are spreading beyond the world of pixels to the world of atoms. With more and more objects and devices connected to the Internet, machine-to-machine security is a fast-growing, and crucial, practice. In July, two security researchers remotely crashed a Jeep on the highway—for demonstrational purposes, of course—by hacking into the car’s dashboard computer and wirelessly taking over dashboard functions, steering, transmission, and breaks. Chrysler promptly recalled 1.4 million vehicles in order to fix the bug. And just a few weeks ago, a team of hackers in San Francisco exposed a vulnerability in an electric skateboard that could let anyone take control of the ride. Rather than sitting by the Golden Gate Bridge and sabotaging eco-friendly commuters, the team presented its findings at a security conference called Def Con.
Yes, like any other “nerd” culture, hacking has its own Con, and this one is quite major. Def Con is an annual security conference that brings hackers together to geek out about the year’s most evil (but sometimes fascinating) attacks, to show off their abilities and skills, and to share new trends and best practices. And it’s not just for hobbyists. Def Con is where the U.S. government goes to find new talent—ethical hackers who are using their knowledge to make the online world safer and more secure. Just like national security agencies and local law enforcement organizations are struggling to find proactive ways to combat new methods of terrorism, ethical hackers have to keep their brains on the criminal side while acting on behalf of their employers.
At Infor, we have our own team of ethical hackers and I am repeatedly amazed by their brilliant work. My gratitude goes out to everyone on the team. They spend day after day getting into the minds and imaginations of criminal hackers, all to keep Infor customers secure.
As we transition our mission-critical applications to the cloud, we’ve made security a priority here at Infor. We understand that when our customers allow us to put their data in the cloud, they’re trusting us to protect it. And so we are absolutely paranoid about providing all of the best protections possible. These include giving our developers the tools to assist them in producing the most secure code, working with independent third-party auditors like WhiteHat and Leviathan to provide our customers with an unbiased review of our security controls, and of course building our own global team of ethical hackers, who tirelessly test every application at every stage of their lifecycles.
Historically, software security was treated as an add-on at the end of the development cycle. Security analysts wouldn’t review a program until it was almost ready to go live. But now the security development lifecycle is a critical piece of the process that starts from the very beginning—Infor security leads are embedded in our development teams from design through prototyping through architecture through development through staging through release and, of course, through maintenance, which is the real game-changer. On-premise customers are, by and large, responsible for monitoring their own apps, but with cloud, our security experts can continuously test and monitor our applications to ensure that new threats are analyzed and protected against. When they spot a vulnerability or a bug, they can seamlessly send a patch or update to everyone.
And when one of our customers spots a problem first, our security team doesn’t say “thanks but no thanks” and send them on their merry way—as quickly as they can, they deliver a fix to everyone. And, of course, our ethical hackers will be back at work trying to compromise that fix—and every other piece of software that Infor puts into market. You have to think like the enemy to beat them.
— Pam Murphy, Infor chief operating officer