Vulnerable as a Service

Abstract

One of cloud computing’s benefits is that it is supposed to make infrastructure outsourcing both easier and less expensive compared to maintaining data centers. Likewise, many cloud providers offer much better security by providing outsourced systems maintenance and updates as well as creating a programmable infrastructure that, in principle, should be easier to secure in a systematic way. However, we are seeing the same old vulnerabilities compounded with cloud specific vulnerabilities. Perhaps it’s the complexity of the cloud offerings, the lack of experience operating cloud systems or perhaps just plain sloppiness on the part of the operational staff – the end result are unnecessarily exposed systems that inevitably get attacked.

Dr.Morton Swimmer

@SifuMoraga

Dr.Morton Swimmer is a manager in the Forward-Looking Threat Research (FTR) team at Trend Micro, Inc. where he peers into the future of computers and society to identify the risks and vulnerabilities of the future. His past in computer security stretches back 30 years and he has been involved in most of the innovations in security, first at the University of Hamburg, Germany, then IBM Research and now Trend Micro. While originally active in malware analysis and computer forensics, recently his team has been focussing on massive threat data analysis for spotting new types of attacks quantitatively and also on modelling future threats to society that will accompany its inevitable march towards tighter integration in smart cities, intelligent transportation, supply chains and manufacturing. Morton, a native of New York City, has a Computer Science PhD degree from the University of Hamburg, and currently resides in the Hamburg, Germany area.