Is My Public Cloud Too Public? Part 4

Is My Public Cloud Too Public? Part 4

Secure Identity, Information, and Infrastructure

Continued From Part 3

Public cloud computing requires a security model that reconciles scalability and multi-tenancy with the need for trust. As enterprises move their computing environments along with their identities, information and infrastructure to the cloud, they must be willing to give up some level of control. To do that, they must be able to trust cloud systems and providers, and verify cloud processes and events. Important building blocks of trust and verification relationships include access control, data security, compliance and event management—all security elements well understood by IT departments today, implemented with existing products and technologies, and extendable into the cloud.

Securing the Public Cloud

Identity security

End-to-end identity management, third-party authentication services, and federated identity will become key elements of cloud security. Identity security preserves the integrity and confidentiality of data and applications, while making access readily available to appropriate users. Support for these identity management capabilities for both users and infrastructure components will be a major requirement for cloud computing, and identity will have to be managed in ways that build trust. It will require:

  • Strong authentication: Cloud computing must move beyond weak username-and-password authentication if it is going to support enterprise. This will mean adopting techniques and technologies that are already standard in enterprise IT, such as strong authentication (multi-factor authentication with one-time password technology), federation within and across enterprises, and risk-based authentication that measures behavior history, current context and other factors to assess the risk level of a user request. Additional tiers of authentication will be essential to meet security service level agreements (SLAs), and utilizing a risk-based authentication model that is largely transparent to users will reduce the need for broader federation of access controls.
  • More granular authorization: Authorization can be coarse-grained within an enterprise or even a private cloud, but in order to handle sensitive data and compliance requirements, public clouds will need granular authorization capabilities (such as role-based controls and information rights management (IRM)) that can be persistent throughout the cloud infrastructure and the data’s lifecycle.

Information security

In the traditional datacenter, controls on physical access, access to hardware and software, and identity controls all combine to protect data. In the cloud, this protective barrier that secures infrastructure is diffused. To compensate, security will have to become information centric. The data needs its own security that travels with it and protects it. It will require:

  • Data isolation: In multi-tenancy situations, data must be held securely in order to protect it when multiple customers use shared resources. Virtualization, encryption and access control will be workhorses for enabling varying degrees of separation between corporations, communities of interest, and users. In the near future, data isolation will be more important and executable for IAAS, than perhaps for PAAS and SAAS.
  • More granular data security: As the sensitivity of information increases, the granularity of data classification enforcement must increase. In current datacenter environments, granularity of role-based access control at the level of user groups or business units is acceptable in most cases, because the information remains within the control of the enterprise itself. For information in the cloud, sensitive data will require security at the file, field, or even block level to meet the demands of assurance and compliance.
  • Consistent data security: There will be an obvious need for policy-based content protection to meet the enterprise’s own needs as well as regulatory policy mandates. For some categories of data, information-centric security will necessitate encryption in transit and at rest, as well as management across the cloud and throughout the data life cycle.
  • Effective data classification: Cloud computing imposes a resource trade-off between high performance and the requirements of increasingly robust security. Data classification is an essential tool for balancing that equation. Enterprises will need to know what data is important and where it is located as prerequisites to making performance cost/benefit decisions, as well as ensuring that data-loss-prevention procedures focus on the most critical areas.
  • Information rights management (IRM): IRM is often treated as a component of identity, a way of setting broad-brush controls regarding which users have access to what data. But more granular, data-centric security requires that policies and control mechanisms on the storage and use of information be associated directly with the information itself.
  • Governance and compliance: A key requirement of corporate information governance and compliance is the creation of management and validation information—monitoring and auditing the security status of the information with logging capabilities. Here, not only is it important to document access and denied access to data, but also to ensure that IT systems are configured to meet security specifications and have not been altered. Expanding retention policies for data policy compliance will also become an essential cloud capability. In essence, cloud computing infrastructures must be able to verify that data is being managed according to the applicable local and international regulations (such as PCI and HIPAA) with appropriate controls, log collection and reporting.

Sensitive data in the cloud will require granular security, maintained consistently throughout the data life cycle.

Infrastructure security

The foundational infrastructure of a cloud must be inherently secure, whether it is a private or public cloud or the service is SAAS, PAAS or IAAS. It will require:

  • Inherent component-level security: The cloud needs to be designed to be secure, built with inherently secure components, deployed and provisioned securely with strong interfaces to other components, and, finally, supported securely by vulnerability-assessment and change-management processes that produce trust-building management information and service-level assurances. For these flexibly deployed components, device fingerprinting to ensure secure configuration and status will also be an important security element, just as it is for the data and identities themselves.
  • More granular interface security: The points in the system where hand-offs occur—user-to-network, server-to-application—require granular security policies and controls that ensure consistency and accountability. Here, the end-to-end system needs to be either proprietary, a de facto standard, or a federation of vendors offering consistently deployed security policies.
  • Resource life cycle management: The economics of cloud computing are based on multi-tenancy and the sharing of resources. As customer needs and requirements change, a service provider must provide and decommission those resources—bandwidth, servers, storage, and security—accordingly. This lifecycle process must be managed for accountability in order to build trust.
By Gopan Joshi

Gopan is Product Manager: Cloud Computing Services, Netmagic Solutions Pvt. Ltd. and has expertise in managing products and services in various market scenarios and life cycle stages. His experiences ranges from introducing cutting edge innovations in existing products, existing markets to new technology, new markets

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Fintech Systems, Advancements and Investments

Fintech Systems, Advancements and Investments

Fintech Growth According to a recent report, global investment in fintech companies including both venture-backed and non-venture-backed businesses reached $9.4 billion in the second quarter of 2016; investment in venture capital-backed fintech startups, however, fell by 49%. Nevertheless, the Pulse of Fintech, published jointly by KPMG International and CB Insights, suggests venture capital investment in…

How Identity Governance Can Secure The Cloud Enterprise

How Identity Governance Can Secure The Cloud Enterprise

Securing The Cloud Enterprise Cloud adoption is accelerating for most enterprises, and cloud computing is becoming an integral part of enterprise IT and security infrastructure. Based on current adoption trends, it’s clear that the vast majority of new applications purchased by organizations will be SaaS applications. The allure is evident, from cost savings to speed…

Significant Emerging Technologies To Lookout For In 2017

Significant Emerging Technologies To Lookout For In 2017

Emerging Technologies The entire world is being transformed right before our eyes. Emerging technologies are developing at break-neck speeds, and the global community needs to be prepared for what lies in the horizon. As with anything new or evolving there is benefit versus risk to consider. Most of the up-and-coming technologies that will soon affect…

In The Fast Lane: Connected Car Hacking A Big Risk

In The Fast Lane: Connected Car Hacking A Big Risk

Connected Car Hacking Researchers and cybersecurity experts working hard to keep hackers out of the driver’s seat. Modern transportation has come a million miles, and most all of today’s vehicles are controlled entirely by digital technology. Millions of drivers are not aware that of the many devices in their digital arsenal, the most complex of…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

The Age of Data: The Era of Homo Digitus

The Age of Data: The Era of Homo Digitus

The Age of Data In our digital era data deluge – soaring amounts of data, is an overriding feature. That’s why it’s fitting to focus on the concept of Homo Digitus, which I first learned about about in“The creative destruction of medicine: How the digital revolution will create better health care,” by Eric Topol, and…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Rounding Out Your Security Strategy With The Enterprise Cloud

Rounding Out Your Security Strategy With The Enterprise Cloud

Enterprise Cloud Security Strategy No company wants to be the one to have to announce one of the world’s biggest data breaches. From managing networks and datacenters to protecting hundreds of applications, today’s enterprises face enormous challenges. With all the surface area that needs to be tracked and protected including APIs on the front-end, customer integrations…

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Imagine this:  Your wearable device is subpoenaed to testify against you.  You were driving when you were over the legal alcohol limit and data from a smart Breathalyzer device is used against you. Some might argue that such a use case could potentially safeguard society. However, it poses…

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Recurring Revenue Business Metrics Recurring revenue is the secret sauce behind the explosive growth of powerhouses like Netflix and Uber. Unsurprisingly, recurring revenue is also quickly gaining ground in more traditional industries like healthcare and the automotive business. In fact, nearly half of U.S. businesses have adopted or are planning to adopt a recurring revenue model,…

Infographic: IoT Programming Essential Job Skills

Infographic: IoT Programming Essential Job Skills

Learning To Code As many readers may or may not know we cover a fair number of topics surrounding new technologies such as Big data, Cloud computing , IoT and one of the most critical areas at the moment – Information Security. The trends continue to dictate that there is a huge shortage of unfilled…

The Business of Security: Avoiding Risks

The Business of Security: Avoiding Risks

The Business of Security Security is one of those IT concerns that aren’t problematic until disaster strikes. It might be tomorrow, it could be next week or next year. The fact is that poor security leaves businesses wide open for data loss and theft. News outlets just skim the surface, but hackers cost business up…

Explosive Growth Of Data-Driven Marketing

Explosive Growth Of Data-Driven Marketing

Data-Driven Marketing There is an absolute endless amount of data that is being accumulated, dissected, analyzed with the important bits extracted and used for a number of purposes. With the amount of data in the world has already reached into multiple zettabytes annually. A Zettabyte is one million petabytes or one thousand exabytes. With data…

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Verizon Cloud Report Enterprises using the cloud, even for mission-critical projects, is no longer new or unusual. It’s now firmly established as a reliable workhorse for an organization and one that can deliver great value and drive transformation. That’s according to a new report from Verizon entitled “State of the Market: Enterprise Cloud 2016.” which…