The IT Forecast: Partly Cloudy with a Chance of Cyber Attacks

Enrique Salem D’87, the CEO of Symantec, spoke to the Tuck community about security in cloud computing.

Before Enrique Salem D’87 joined Symantec and ultimately became its president and CEO, he led a company called Brightmail, whose mission was to eradicate spam from the face of the Earth. When he told strangers about his job, a typical response was “God bless you.” In these moments, Salem was reminded why he got into that business. “When you’re in this industry, you’re on the right side,” he said in a recent presentation at Tuck. “The hackers, the thieves, and the spies—they are very persistent.”

With the rise of cloud computing, which delivers IT services through web-based networks instead of boxed software, those hackers, thieves, and spies have more opportunities than ever to get at valuable, private information. How to take advantage of cloud-based services while keeping data safe is a major question for a range of users, from fans of Gmail and Dropbox to corporations and nation states looking to streamline their communication, processing, and data storage.

The contour of this new landscape was the topic of Salem’s recent presentation at Tuck, “The Fog of War: Security and Cloud Computing,” part of the Center for Digital Strategies’ Britt Technology Impact Series.

“Cloud computing,” Salem began, “is the biggest change in IT in the last 30 years, without a doubt.” He should know: Symantec is the world leader in information security, storage, and systems management. With a staff of 20,000 employees stationed around the globe, and $7 billion in revenues, the company reaches consumers through its Norton brand of software, and helps organizations with data loss prevention, encryption, authentication, and host of other services.

From his vantage point at the top of Symantec, Salem has noticed a few big trends in IT, all of which have bearing upon cloud computing. The most obvious is the popularity of social media. Facebook alone has more than 800 million active users, many of whom upload information and photos to the site, relying on distant data centers to store it and keep it sufficiently private. Connected to this is the ongoing explosion of data stored or transmitted across the Internet: 800,000 petabytes at last count, and it’s growing by 40 to 50 percent every year. And there are more ways to access this data through smartphones and tablets, which now outnumber PCs. A fourth trend is virtualization, which entails using networks to share hardware and software capacity and maximize IT resources. On top of all this is the ever-increasing threat of cyber attacks—about one million per day—mostly launched by people trying to make money, but sometimes used as forms of espionage and warfare between countries.

Clearly, the opportunities for commerce around cloud computing are numerous, but Salem asserted that the platform is not yet mature, which has led to the common assumption that cloud computing is automatically less secure than conventional computing. “That is absolutely not the case,” Salem said. The reason is that cloud-based services can and do focus on security, while individual users and businesses often don’t. Therefore, by using the right cloud services, some people can outsource their security concerns.

Still, Salem explained, the challenges to actually using cloud services efficiently and safely should not be discounted. First among them is misaligned expectations: people presume they can do things much more quickly with cloud computing. Not so. “Building out a cloud-based solution that integrates with your business still requires many of the same approaches you used before,” Salem said.

Also, as with anything new, some people will embrace it while others refuse to evolve. Salem likened it to “jumping into the deep end and swimming to the shallow end.” This is related to another challenge: “shadow IT,” the belief that an organization can move all of its information services to the cloud and get rid of their internal IT team. This is a mistake, Salem explained, because the cloud-based service may not be as secure as you need it to be.

The rapid growth of cloud computing has also led to some myths, Salem said. For example, it’s a myth that there will be a “big switch” to cloud computing. Even the most forward thinking companies, such as Facebook, keep no more than 70 percent of their infrastructure in the cloud, and the rest of us are likely to be much lower. “This is not going to be an A or a B thing,” Salem said, “but a combination.”

Another myth is that cloud computing will come in a box. The beauty of cloud computing, however, is that you need nothing more than your current components to use it. “The idea is not to buy some expensive piece of hardware,” said Salem.

Toward the end of his presentation, Salem gave the audience a broad way to think about when it’s appropriate to use cloud computing. What’s valuable to most of us is the information we store and share on computers. That’s why it makes sense to take an information-centric approach: which data are we willing to store in some server farm thousands of miles away, and which data do we want to keep in our own possession? Symantec takes this approach to security in cloud computing, but Salem acknowledges that it’s not as easy as it sounds. “The reason it’s hard is that categorizing information is very difficult,” he said. Why? It’s still something computers can’t do well.