What Organizations Should Know About Cloud Security

Cloud computing offers the promise of greater agility, resource optimization, and user performance, yet many businesses are understandably leery about jumping onto the cloud bandwagon until they have assurances that hosted resources will be secure. In fact, security concerns are the main obstacle to widespread cloud computing adoption among enterprises today. Before taking advantage of these capabilities, businesses need to assure users they have a simple way to access all their applications, and trust that their information is secure in the cloud.

What is Cloud Computing?

Cloud computing is essentially the ability to consume computing resources on demand via the internet and pay on a per-usage basis. There are public clouds managed by vendors such as Google and Amazon. These reside outside of an enterprise's firewall.

Instead of moving their data to these environments, many businesses are now building clouds within their own four walls. These so-called private clouds provide the benefits of agility and better resource utilization, without the inherent security concerns of having sensitive data outside the organization's perimeter.

A third option includes hybrid solutions, which take advantage of the best features of public and private clouds. Organizations using hybrid models may employ tools that designate which data should and should not be allowed outside the firewall to ensure continuous compliance with security guidelines as data is moved about.

Why Does the Cloud Require a Different Approach to Security?

In a cloud environment, workloads (combinations of applications, middleware, and operating systems) can be easily shifted from one locale to another to optimize performance as needed. With these rapid shifts, it's critical to maintain proper regulatory and security standards. For cloud computing to flourish in the enterprise environment, businesses need assurances that they'll still be able to securely manage their people and workloads, regardless of location

So What Can Organizations Do to Secure Data in the Cloud? 

There are a number of security techniques being employed to secure the cloud. One such method is what's called annexing the cloud. This involves treating the cloud like a piece of an extended data center. When a workload residing in that cloud is needed, management tools are used to secure that workload just for the time it's in use and then release it when the user is done. This allows businesses to take advantage of public clouds, without placing their data at risk.

Many solutions in the market provide identity management in the cloud but they do so in unsecure ways, even to the point of poking a hole in the enterprise's firewall. That's not security.  Annexation is a far more secure approach that involves extending the perimeter of enterprise practices to the cloud. This process delivers a unified view of cloud resources to enable seamless access and management regardless of location. This approach ensures that business policies and operational practices of the enterprise can be enforced uniformly in the cloud as well as in the data center. By communicating identity and auditing information to and from a workload in the cloud, companies can secure data without changing the workload itself.

Annexing can also be employed to help support regulatory compliance. By providing compliance events from the cloud to the data center organizations gain audit trails for the use of corporate identity, cloud information and processes, and privileged user actions that take place in the cloud. In this way organizations can demonstrate to auditors that business rules have been extended and enforced within the cloud.

Many people believe you can take traditional identity and security practices, throw them in a cloud environment, and expect everything to work just fine. Not so!  Businesses taking advantage of cloud computing should utilize cloud security approaches that support sharing of roles, policies, and workflows, rather than merely providing single sign-on. Instead of simply pushing credentials to a cloud provider, security tools need a means of exchanging information between the cloud and the enterprise to ensure that sensitive information remains behind the firewall at all times. Rather, they act as pseudonym credentials to protect the enterprise's presence in the cloud.

With this approach, a user logs in via an enterprise identity system, which verifies their identity and if it's validated, the service generates an identity token to authenticate the user. In this way, workloads become cloud-safe because identity credentials are never exposed.

Because each cloud provider has its own a unique identity token standards, the security provider should provide connectors that communicate the different identity and security events within that cloud back to the enterprise. This ensures consistent security policies across a large ecosystem, without adding complexity for users.

Cryptographic keys play a critical role in cloud security by ensuring the security of information at rest and in motion moving to and from the cloud. To prevent cryptographic keys from being compromised, they should never be stored within the cloud itself. Key generation, exchange, and storage should also be managed within the enterprise. Cloud security providers can also provide key-based encryption for cloud storage repositories.

How can you simplify system management issues within the cloud? Provide unified access to cloud services. Today users access each cloud application in a different way based on how the cloud provider accepts identity and access information. This creates an added burden for IT departments responsible for the integration and maintenance of these services. By accepting user information, verifying it within an enterprise identity store, and generating an identity token, organizations can alleviate these issues.

Having multiple cloud environments increases IT costs involved with provisioning and deprovisioning users. Businesses would be well served to centrally administer and automate these accounts to alleviate IT costs. This also strengthens security by ensuring that as soon as an employee leaves the company their account is automatically disabled. Likewise, it speeds on-boarding of new employees, fostering greater productivity. 

Ultimately, enterprises who create secure, trustworthy boundaries around identity and assets will be among the first to capitalize on the true power of cloud computing.