Any industry CIO understands the possible legal, financial and reputational consequences of a data breach on the future of a business. But growing enterprises, overwhelmed with huge amounts of data, may find it difficult to trust a third-party cloud provider with the safety of their information.
Looking to protect proprietary and sensitive data, companies often search for hybrid IT options that leverage both cloud technology and traditional on-premise data storage. And now, with the emergence of new and varied data management options, CIOs concerned with what seems like infinitely amassing bits of insecure information can even start looking toward another secure storage strategy — outer space.
Cloud Constellation, a startup from California, is working on launching SpaceBelt, a cloud computing service that would put physical satellite-based data centers in space as an orbiting belt around the earth. The system will enable better security and disaster protection than land-based data centers, according to the company.
But is it necessary? The existence of such a project aimed at storing and safely delivering data immediately begs a number of questions on existing earth-based cloud architecture: Is the security paradigm of current cloud infrastructure actually insufficient to protect an enterprise's data? And, is a technology — such as an orbiting data center — filling a void in cybersecurity and efficient information transmission?
Cybersecurity and the cloud
Cloud Constellation, which hopes to have a few satellite-based data centers operating by 2019, will sell storage capacity on the SpaceBelt to cloud providers.
Scott Sobhani, CEO of Cloud Constellation, says the service would be safer and faster than existing cloud technology because it prevents hacking and avoids jurisdictional legal issues by taking data off the internet. Also the belt, placed almost 500 miles above Earth, would not be subject to space debris or overheating from the sun. In fact, it would actually benefit from the natural air-conditioning of outer space.
"Today the internet uses public address headers that identifies the intended destination of a data packet," said Sobhani. "Once hackers identify it, they have access to your intellectual property if you happen to be at a company that is sending important data."
"SpaceBelt will take the data from Houston and immediately send it around the world without touching any other network, so it takes away the exposure of that proprietary information before sending it to remote locations around the world," he said. "In our system we don't have any public address headers, we don't have any way of identifying how important that info is."
With reports that cybersecurity breaches hit nearly 75% of global organizations in the last year alone, it appears that information being sent over the internet is fairly insecure. Though, Benjamin Caudill, founder of Rhino Security Labs and a security expert, says the cloud as a system is actually very secure.
Taking data transmission through the internet is really only an issue if hackers somehow get access to the resources and capabilities necessary to compromise entire international routers, according to Caudill. Those are the types of technologies the NSA, KGB or other nation-state actors might have, but not a typical hacker.
"A lot of times it comes down to the 80-20 rule. Eighty percent of the attacks can be solved with 20% of the work. There's a handful of basics you can follow that will eliminate all of that low-hanging fruit," said Caudill. "A huge amount of it comes down to identity and authentication, session management, all those sort of front door capabilities — less so on comprising the entire data center and more compromising your account."
"There's a disproportionate emphasis on the protection — we have firewalls and antivirus and all this stuff that is to keep bad guys out, but we don't tend to put a lot of emphasis on the identification and response. We are just assuming that's never going to happen and that's unrealistic," said Caudill.
In fact, RSA's second annual Cybersecurity Poverty Index found 75% of the almost 900 respondents said they had a significant cybersecurity risk. The report also found that organizations that invested in detection and response technologies, rather than perimeter based solutions, fared better against cyberthreats.
Protection, as Caudill says, is not so much about removing the internet out of the equation, but rather a matter of following obvious rules of thumb, such as encrypting data, proper authentication for usernames and passwords, and basic user training.
Space as the security answer
So, would data centers in space solve a cybersecurity or data problem?
Caudill says "sure," but that the problem doesn't yet exist.
"It's a cool idea there are applications where this may be useful in the future, but I think that they are providing solutions to which there are no problems currently," said Caudill. "We do not have a regular problem where bad guys are physically kicking in doors and stealing servers off the rack."
SpaceBelt promises to offer a modular system of data storage capacity with enough petabytes in orbit to cover demand. Though, Jim Reavis, CEO of the Cloud Security Alliance, attests that the cloud is capable of handling the upwards of 2.5 quintillion bytes of data that are generated daily, according to IBM estimates.
"Cloud service providers can keep up more efficiently that any single organization doing capacity planning and keeping up with this growth, because of the fact that the model of cloud computing is a shared resource. So, you can add capacity efficiently at scale," said Reavis. "You know, we will probably see some changes in data centers over time where it goes to more of a grid model where information might be stored on different types of devices and even mobile devices."
But, in terms of jurisdiction and legal issues with accessing private data abroad, Reavis says data centers in space could potentially address concerns of regional laws governing information management in different ways, which can perhaps present challenges for enterprises that have data centers in multiple parts of the world.
"The big problems we have with cloud computing and the internet are the conflicting regulations that different countries have. So, some people are concerned about having data centers outside the governance of the U.S. or the European Union or China," said Reavis. "But, if you have a place that's sort of neutral territory, you can start thinking about new laws and governance."
Avoiding jurisdictional challenges of data management is one of the key aspects of the SpaceBelt, Sobhani said.
"Not only are we a better security story because of the isolation of the data to just its destination without a middleman, but we can also achieve jurisdictional isolation," said Sobhani. "We can isolate certain countries, and we can circumscribe an area that is required for jurisdictional issues."
With the EU recently approving its own form of cybersecurity law, as well as other nations considering their own regulations, global cooperation on information flow over the net is emerging as a pressing cybersecurity issue.
Space is an area where different laws on information governance could emerge, according to Reavis.
And, according to Sobhani, satellite-based data centers in space would allow video-based services to stream content faster and more effectively through its "telecom backbone." The project is on track and Cloud Constellation is already discussing contracts with a number of telecom service providers, he said.
"We expect in the first quarter of this year to start the system and be able to start build it. We've already done a lot of procurement activity to identify the best suppliers, satellite spacecraft suppliers who are very interested in supplying the system to us. So we expect to be in service by the first quarter of 2018," said Sobhani.
"We have about 10 major telecom service providers interested in our service once it's available and they have put in commitment letters, so that they are in an advantageous and strategic position with SpaceBelt."