SAN FRANCISCO—Speaking at the Cloud Security Alliance (CSA) Summit that is co-located with the RSA Conference here, Gen. Keith Alexander detailed why he sees the cloud as the way to help secure organizations of all sizes.
Alexander, formerly head of the National Security Agency (NSA) until he retired from his post in 2014, is now the CEO of IronNet Cybersecurity.
Alexander has made notable speeches at big security events in the past, including a 2012 keynote at the Defcon security conference and a 2013 Black Hat keynote that was given in the direct aftermath of the Edward Snowden disclosures of mass surveillance by the NSA.
At this year's RSA conference, Alexander spent the first part of his talk going over some of the history of recent nation-state cyber-attacks, much as he did during his 2015 appearance at RSA. As the story goes, in 2009 the NSA discovered that there were more than 1,500 pieces of malware on the Department of Defense network, which then led to the creation of the U.S Cyber Command under Alexander's leadership.
"Cyber is an element of national power, and it will be used repeatedly," Alexander said.
While nation-states are actively using cyber weapons, he noted that many regular companies are left to simply fend for themselves, which is where Alexander sees the cloud as being a real benefit.
"For small and midsized companies, moving to the cloud makes the greatest sense in the world," Alexander said.
In his view, the cloud can provide significantly better security than what many organizations have today, where organizations often attempt to manage everything on their own. Among the big benefits of cloud security is the shared defensive posture that it can provide. Rather than every organization standing up its own infrastructure that needs to be defended, the cloud provides a different attack surface, especially when security information is shared for common benefit. Alexander said that the cloud, together with threat intelligence sharing, can enable a defensive surface that is orders of magnitude better than what many organizations have today.
Alexander claimed that the October 2016 attack against DNS provider Dyn (which was attributed to the Mirai botnet comprised of Internet of things devices) proves that there is a need for a common, shared defense for IT security. It's a place where Alexander thinks the U.S government should also be playing a role.
"Reading the Constitution, it says, 'for the common defense'; it doesn't say for the defense of only those that are really big and critical and for the rest of you, good luck," Alexander said.
The cloud can help to enable that common defense, providing an opportunity to bring small and midsized organizations the security they need.
"As we go forward, this cloud thing is going to keep moving," Alexander said. "It helps the small and midsized companies, that's the trend. It will be great for big companies, but it's a life-saver for small and midsized companies."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.