Cloud Computing

Inside Amazon’s open-source security bet

“The interexchange of data enables better security outcomes,” said Dr. Robert Blumofe, EVP and chief technology officer at Akamai.
article cover

Tony Webster via Flickr

· less than 3 min read

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

Stepping out. A consortium of security companies joined Amazon last month to announce the formation of the Open Cybersecurity Schema Framework (OCSF), an open-source approach to dealing with cybersecurity issues they hope to model as a framework for the industry going forward.

The project includes “an open specification for the normalization of security telemetry across a wide range of security products and services, as well as open-source tools that support and accelerate the use of the OCSF schema,” Amazon Web Service VP of security Jon Ramsey and Chief Information Security Officer director Mark Ryland said in a statement announcing the initiative.

Analysts and CEOs at cybersecurity firms both inside and outside the consortium polled by Protocol called the initiative “a great direction” and a “stepping stone” to greater resistance to cyberthreats down the line. Respondents were asked what they thought success would look like, and most cited operability and adoption as the main drivers of what the OCSF should look like in a year.

“The interexchange of data enables better security outcomes,” said Dr. Robert Blumofe, EVP and chief technology officer at Akamai, which was not a member of the OCSF launch consortium. “We are hopeful that OCSF will facilitate this interexchange.”

Adaptation. But not everyone is as bullish on the new open-source cybersecurity framework’s future. Steve Benton, VP of threat research at cybersecurity company Anomali, told SDXCentral late last month that he had doubts OCSF could transition the “hype” around the project to reality. The OCSF, as a project of AWS, will present a framework that other companies will need to adapt to, given the position of AWS in running the web.

One way of bridging the gap between current frameworks and the OCSF is to get the government involved. An executive order or regulatory framework that would spur adaptation of the OCSF could supercharge “investment in the modification of their core data models,” Netskope Deputy CISO James Robinson told Protocol.

“To support the effort and update the data models, they need to have revenue behind it,” Robinson said.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @EoinHiggins_ on Twitter.

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.