Cyber warfare against enterprises grows more brutal by the year, but now carriers are getting caught in the crossfire as more organizations move sensitive data into operators' clouds, according to a survey sponsored by telecom network security vendor Arbor Networks. Cloud security is a telecom issue as much as it is an enterprise issue.
"The attacks are following the engineering. It's a continual war of escalation. Bandwidth used to be more of an issue when everything was localized -- when everything was in one data center behind one firewall," said Craig Labovitz, chief scientist at Arbor Networks. "Now that more and more enterprises and Fortune 500s are distributing everything to the cloud, it's less about bandwidth and more about picking off cloud services."
The cloud security trend was one of five key findings in Arbor's fifth annual Worldwide Infrastructure Security Report, which surveyed 132 telecom network security professionals at Tier 1, Tier 2 and other IP network operators across the globe about attacks on their Internet backbones in 2009.
By attacking carrier infrastructure in the service layer -- such as DNS servers, load balancers and caches -- hackers can achieve much more "distributed" attacks across enterprises and applications, Labovitz said.
"It's not [against] a single target anymore," he said. "If you can't resolve a DNS server, it doesn't matter if you can't reach [one] HTTP address."
Privacy anxieties
Combating attacks against cloud-based infrastructure presents tricky privacy challenges, according to Steve Hurst, product director of managed security services at AT&T. Carriers walk a fine line when it comes to cloud security, he said, balancing the policies of one customer with carrier's duty to protect thousands of others.
"You don't necessarily want your carrier, without explicit permission, looking at packets," Hurst said. "[But] we do feel it's a responsibility of ours to protect the infrastructure and protect the applications so all users have access to them as needed."
AT&T's cloud security experts spend time with customers discussing proactive steps, such as content filtering and application controls, to protect their data or applications against attacks on the AT&T cloud, he said.