How Secure is the “Cloud in Your Pocket?” Someone is Making It Bulletproof.

“The biggest cloud security problems are not with the data center – they’re with the cloud in our pocket.”

On every device we carry, from home to work to Starbucks, we’re glued to social media apps.

And that’s part of the problem, according to Simon Crosby, founder of XenSource and now Bromium, a stealth start-up seeking to fix the cloud security problem once and for all.

As he explained, “The enterprise private cloud, which we believe to be more secure, is unwittingly made less secure by us – the enterprise employees.”

It is attacks on the client — the “poison email” or false link we access — that invites “the bad guys” into the data center and proliferates widespread damage. And “the bad guys” will get in no matter what.

Breakthrough thinking is what we need to solve the problem – on both the technology side and the policy side.

One of the greatest challenges to strengthening cyber security is that new technology has been reactive rather than preventive. We build new solutions to fix problems that have already occurred.

Think how often we download security “updates” to our PCs and other devices to prevent a previous problem from recurring.

But malware is constantly morphing and metastasizing like cancer. Old threats are easily replaced by new ones even more damaging. It’s a catch-22.

On the policy side of cyber security, legislation has been written around legacy technologies that are no longer relevant.  That is slowly catching up as well – and just in time.

An early call to arms to make cyber security a national priority was made by former U.S. Senator Robert Bennett (R-UT) during Y2K. That’s over a decade ago, before US start-ups sparked today’s cloud phenomenon.

It was Senator Bennett’s foresight that if a global disaster could result from an unintended computer glitch, then the results could be hugely catastrophic if something similar were executed intentionally.

The prospects perceived back then are a reality today, in that some data breaches are too sophisticated to not be state-sponsored with malicious intent against the United States and other nations.

So how are we addressing both the technology and policy sides of cyber security to advance the global cloud computing opportunity?

Simon Crosby gave an enthusiastic sneak preview into Bromium’s open source approach to anticipate and prevent future occurrence of data breaches, not just react to them.

Since Moore’s Law advances technology at a staggering pace, keeping up with Moore’s Law is not enough. New security solutions need to anticipate and leap beyond malware that is also advancing with Moore’s Law.

Bromium is shoring up enterprise security via new hypervisor software that creatively expands the concept of Byzantine fault tolerance software design principles.

What Byzantine fault tolerance refers to is designing “failure-tolerant software algorithms” so that networked computer systems can cope, self-correct and keep working during hardware failures, network congestion or malicious attacks.

Bromium promises a solution that anticipates attacks and shrugs them off – delivering security by design rather than detection.

Software threats of any kind will be terminated before they can do damage – and it will not matter how they might have morphed in form and function.

Since Bromium is in stealth mode, we are anxious to hear more details about how the new hypervisor will work and its potential to dramatically reduce or eliminate threats to cloud security.

That’s the technology side of the story.

For the policy side, cyber security is a hot topic in Congress as well.

Last week’s “Cyber Week” in the House of Representatives resulted in passage of 4 bills on cyber security, including the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA) to enhance information sharing between government and industry about cyber threats and eliminate legal barriers that might interfere.

In the Senate, the Cyber Security Act of 2012 proposed a process for Homeland Security to assess cyber risks to critical infrastructure, including proactive plans around notification, response and restoration.

Finally, this week launches the Congressional Cloud Task Force to spearhead advancement of cloud policy issues by members of the Congressional High Tech Caucus.

All eyes are on the cloud in Silicon Valley and Washington DC.

And they need to be, because when we consider the scope of how cloud computing can

the possibilities for new business creation are limitless.

We need side-by-side advancements in technology and policy to further unify and transform our world.

As we await exciting news from Bromium, what uniquely captures their passion to transform computing permanently is what Simon Crosby shared with me at the end of our talk – that for him,

“XenSource was fun.  But Bromium?  It’s personal.”