2015 Advertising Opportunities - Find Out More!

Is My Public Cloud Too Public? Part 4

Is My Public Cloud Too Public? Part 4

Taking the bull by the horns—Secure Identity, Information, and Infrastructure

Continued From Part 3

Public cloud computing requires a security model that reconciles scalability and multi-tenancy with the need for trust. As enterprises move their computing environments along with their identities, information and infrastructure to the cloud, they must be willing to give up some level of control. To do that, they must be able to trust cloud systems and providers, and verify cloud processes and events. Important building blocks of trust and verification relationships include access control, data security, compliance and event management—all security elements well understood by IT departments today, implemented with existing products and technologies, and extendable into the cloud.

Securing the Public Cloud

Identity security

End-to-end identity management, third-party authentication services, and federated identity will become key elements of cloud security. Identity security preserves the integrity and confidentiality of data and applications, while making access readily available to appropriate users. Support for these identity management capabilities for both users and infrastructure components will be a major requirement for cloud computing, and identity will have to be managed in ways that build trust. It will require:

  • Strong authentication: Cloud computing must move beyond weak username-and-password authentication if it is going to support enterprise. This will mean adopting techniques and technologies that are already standard in enterprise IT, such as strong authentication (multi-factor authentication with one-time password technology), federation within and across enterprises, and risk-based authentication that measures behavior history, current context and other factors to assess the risk level of a user request. Additional tiers of authentication will be essential to meet security service level agreements (SLAs), and utilizing a risk-based authentication model that is largely transparent to users will reduce the need for broader federation of access controls.
  • More granular authorization: Authorization can be coarse-grained within an enterprise or even a private cloud, but in order to handle sensitive data and compliance requirements, public clouds will need granular authorization capabilities (such as role-based controls and information rights management (IRM)) that can be persistent throughout the cloud infrastructure and the data’s lifecycle.

Information security

In the traditional datacenter, controls on physical access, access to hardware and software, and identity controls all combine to protect data. In the cloud, this protective barrier that secures infrastructure is diffused. To compensate, security will have to become information centric. The data needs its own security that travels with it and protects it. It will require:

  • Data isolation: In multi-tenancy situations, data must be held securely in order to protect it when multiple customers use shared resources. Virtualization, encryption and access control will be workhorses for enabling varying degrees of separation between corporations, communities of interest, and users. In the near future, data isolation will be more important and executable for IAAS, than perhaps for PAAS and SAAS.
  • More granular data security: As the sensitivity of information increases, the granularity of data classification enforcement must increase. In current datacenter environments, granularity of role-based access control at the level of user groups or business units is acceptable in most cases, because the information remains within the control of the enterprise itself. For information in the cloud, sensitive data will require security at the file, field, or even block level to meet the demands of assurance and compliance.
  • Consistent data security: There will be an obvious need for policy-based content protection to meet the enterprise’s own needs as well as regulatory policy mandates. For some categories of data, information-centric security will necessitate encryption in transit and at rest, as well as management across the cloud and throughout the data life cycle.
  • Effective data classification: Cloud computing imposes a resource trade-off between high performance and the requirements of increasingly robust security. Data classification is an essential tool for balancing that equation. Enterprises will need to know what data is important and where it is located as prerequisites to making performance cost/benefit decisions, as well as ensuring that data-loss-prevention procedures focus on the most critical areas.
  • Information rights management (IRM): IRM is often treated as a component of identity, a way of setting broad-brush controls regarding which users have access to what data. But more granular, data-centric security requires that policies and control mechanisms on the storage and use of information be associated directly with the information itself.
  • Governance and compliance: A key requirement of corporate information governance and compliance is the creation of management and validation information—monitoring and auditing the security status of the information with logging capabilities. Here, not only is it important to document access and denied access to data, but also to ensure that IT systems are configured to meet security specifications and have not been altered. Expanding retention policies for data policy compliance will also become an essential cloud capability. In essence, cloud computing infrastructures must be able to verify that data is being managed according to the applicable local and international regulations (such as PCI and HIPAA) with appropriate controls, log collection and reporting.

Sensitive data in the cloud will require granular security, maintained consistently throughout the data life cycle.

Infrastructure security

The foundational infrastructure of a cloud must be inherently secure, whether it is a private or public cloud or the service is SAAS, PAAS or IAAS. It will require:

  • Inherent component-level security: The cloud needs to be designed to be secure, built with inherently secure components, deployed and provisioned securely with strong interfaces to other components, and, finally, supported securely by vulnerability-assessment and change-management processes that produce trust-building management information and service-level assurances. For these flexibly deployed components, device fingerprinting to ensure secure configuration and status will also be an important security element, just as it is for the data and identities themselves.
  • More granular interface security: The points in the system where hand-offs occur—user-to-network, server-to-application—require granular security policies and controls that ensure consistency and accountability. Here, the end-to-end system needs to be either proprietary, a de facto standard, or a federation of vendors offering consistently deployed security policies.
  • Resource life cycle management: The economics of cloud computing are based on multi-tenancy and the sharing of resources. As customer needs and requirements change, a service provider must provide and decommission those resources—bandwidth, servers, storage, and security—accordingly. This lifecycle process must be managed for accountability in order to build trust.
By Gopan Joshi

Gopan is Product Manager: Cloud Computing Services, Netmagic Solutions Pvt. Ltd. and has expertise in managing products and services in various market scenarios and life cycle stages. His experiences ranges from introducing cutting edge innovations in existing products, existing markets to new technology, new markets

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

One Response to Is My Public Cloud Too Public? Part 4

  1. I think date security and infrastructure are considered the most important part of cloud computing.  Company owners want something that can protect their system and at the same time contribute to their system success. 

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Cloud Infographic: Most Used Cloud Apps

Cloud Infographic: Most Used Cloud Apps

Cloud app and analytics company, Netskope released its quarterly Cloud Report. The new report reveals that enterprise employees are using an average of 397 different cloud apps (most of which are unsanctioned), when IT estimated they have 40-50 — that’s a tenfold underestimation. Below is an infographic provided courtesy of the group at Netskope which goes into further detail.…

Cloud Infographic – Cloud Fast Facts

Cloud Infographic – Cloud Fast Facts

Cloud Infographic – Cloud Fast Facts It’s no secret that Cloud Computing is more than just a buzz term as that ship has sailed off a long time ago. More and more companies are adopting the uses and benefits of cloud computing while aggressively factoring cloud services spending into their budget. Included is an excellent…

The Education Revolution: Cloud In The Classroom

The Education Revolution: Cloud In The Classroom

The Education Revolution: Cloud In The Classroom With the back-to-school season now upon us, parents, students and teachers everywhere are once again struggling with the perpetual challenge of making kids job-ready in a high-speed and fast-changing environment. There is little doubt in anyone’s mind that information technology plays a central role in all areas of life…

The Lighter Side Of The Cloud – Holiday Photos

The Lighter Side Of The Cloud – Holiday Photos

The Lighter Side Of The Cloud – Holiday Photos Enjoy our weekly comics provided by our talented cartoonists. By David Fletcher About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with…

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…

Featured Sponsors

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud One of the greatest benefits of the increasingly reliable and ubiquitous state of cloud technology is the removal of business silos and the consolidation of information flow, both in-house and on the road. This is of particular importance to the many different types of professionals whose work involves customer relationship management (CRM).…

The Internet of Everything Opens Up The World

The Internet of Everything Opens Up The World

Shaping The World With New Technologies As a connected collection of intelligent objects, the Internet of Everything promises to open up those areas of the world hardest hit by economic, political and agricultural blights. Relatively inexpensive devices, paired with revolutionary energy sources and unprecedented access to information offer great promise to farmers and workers in…

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Blue square_logo_100x100-01
cisco_logo_100x100 vmware citrix100

2015 Advertising Opportunities - Find Out More!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter