The Lighter Side Of The Cloud  – Self Education
The Lighter Side Of The Cloud – Pocket Money
The Lighter Side Of The Cloud – Thunderstorms
The Lighter Side Of The Cloud – The Crystal Ball
The Lighter Side Of The Cloud – Storage Overload
Is My Public Cloud Too Public? Part 4

Is My Public Cloud Too Public? Part 4

Secure Identity, Information, and Infrastructure

Continued From Part 3

Public cloud computing requires a security model that reconciles scalability and multi-tenancy with the need for trust. As enterprises move their computing environments along with their identities, information and infrastructure to the cloud, they must be willing to give up some level of control. To do that, they must be able to trust cloud systems and providers, and verify cloud processes and events. Important building blocks of trust and verification relationships include access control, data security, compliance and event management—all security elements well understood by IT departments today, implemented with existing products and technologies, and extendable into the cloud.

Securing the Public Cloud

Identity security

End-to-end identity management, third-party authentication services, and federated identity will become key elements of cloud security. Identity security preserves the integrity and confidentiality of data and applications, while making access readily available to appropriate users. Support for these identity management capabilities for both users and infrastructure components will be a major requirement for cloud computing, and identity will have to be managed in ways that build trust. It will require:

  • Strong authentication: Cloud computing must move beyond weak username-and-password authentication if it is going to support enterprise. This will mean adopting techniques and technologies that are already standard in enterprise IT, such as strong authentication (multi-factor authentication with one-time password technology), federation within and across enterprises, and risk-based authentication that measures behavior history, current context and other factors to assess the risk level of a user request. Additional tiers of authentication will be essential to meet security service level agreements (SLAs), and utilizing a risk-based authentication model that is largely transparent to users will reduce the need for broader federation of access controls.
  • More granular authorization: Authorization can be coarse-grained within an enterprise or even a private cloud, but in order to handle sensitive data and compliance requirements, public clouds will need granular authorization capabilities (such as role-based controls and information rights management (IRM)) that can be persistent throughout the cloud infrastructure and the data’s lifecycle.

Information security

In the traditional datacenter, controls on physical access, access to hardware and software, and identity controls all combine to protect data. In the cloud, this protective barrier that secures infrastructure is diffused. To compensate, security will have to become information centric. The data needs its own security that travels with it and protects it. It will require:

  • Data isolation: In multi-tenancy situations, data must be held securely in order to protect it when multiple customers use shared resources. Virtualization, encryption and access control will be workhorses for enabling varying degrees of separation between corporations, communities of interest, and users. In the near future, data isolation will be more important and executable for IAAS, than perhaps for PAAS and SAAS.
  • More granular data security: As the sensitivity of information increases, the granularity of data classification enforcement must increase. In current datacenter environments, granularity of role-based access control at the level of user groups or business units is acceptable in most cases, because the information remains within the control of the enterprise itself. For information in the cloud, sensitive data will require security at the file, field, or even block level to meet the demands of assurance and compliance.
  • Consistent data security: There will be an obvious need for policy-based content protection to meet the enterprise’s own needs as well as regulatory policy mandates. For some categories of data, information-centric security will necessitate encryption in transit and at rest, as well as management across the cloud and throughout the data life cycle.
  • Effective data classification: Cloud computing imposes a resource trade-off between high performance and the requirements of increasingly robust security. Data classification is an essential tool for balancing that equation. Enterprises will need to know what data is important and where it is located as prerequisites to making performance cost/benefit decisions, as well as ensuring that data-loss-prevention procedures focus on the most critical areas.
  • Information rights management (IRM): IRM is often treated as a component of identity, a way of setting broad-brush controls regarding which users have access to what data. But more granular, data-centric security requires that policies and control mechanisms on the storage and use of information be associated directly with the information itself.
  • Governance and compliance: A key requirement of corporate information governance and compliance is the creation of management and validation information—monitoring and auditing the security status of the information with logging capabilities. Here, not only is it important to document access and denied access to data, but also to ensure that IT systems are configured to meet security specifications and have not been altered. Expanding retention policies for data policy compliance will also become an essential cloud capability. In essence, cloud computing infrastructures must be able to verify that data is being managed according to the applicable local and international regulations (such as PCI and HIPAA) with appropriate controls, log collection and reporting.

Sensitive data in the cloud will require granular security, maintained consistently throughout the data life cycle.

Infrastructure security

The foundational infrastructure of a cloud must be inherently secure, whether it is a private or public cloud or the service is SAAS, PAAS or IAAS. It will require:

  • Inherent component-level security: The cloud needs to be designed to be secure, built with inherently secure components, deployed and provisioned securely with strong interfaces to other components, and, finally, supported securely by vulnerability-assessment and change-management processes that produce trust-building management information and service-level assurances. For these flexibly deployed components, device fingerprinting to ensure secure configuration and status will also be an important security element, just as it is for the data and identities themselves.
  • More granular interface security: The points in the system where hand-offs occur—user-to-network, server-to-application—require granular security policies and controls that ensure consistency and accountability. Here, the end-to-end system needs to be either proprietary, a de facto standard, or a federation of vendors offering consistently deployed security policies.
  • Resource life cycle management: The economics of cloud computing are based on multi-tenancy and the sharing of resources. As customer needs and requirements change, a service provider must provide and decommission those resources—bandwidth, servers, storage, and security—accordingly. This lifecycle process must be managed for accountability in order to build trust.
By Gopan Joshi

Gopan is Product Manager: Cloud Computing Services, Netmagic Solutions Pvt. Ltd. and has expertise in managing products and services in various market scenarios and life cycle stages. His experiences ranges from introducing cutting edge innovations in existing products, existing markets to new technology, new markets

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

One Response to Is My Public Cloud Too Public? Part 4

  1. I think date security and infrastructure are considered the most important part of cloud computing.  Company owners want something that can protect their system and at the same time contribute to their system success. 

Recent

Mobile Connectivity Rises – 24 Billion Networked Devices By 2019

Mobile Connectivity Rises – 24 Billion Networked Devices By 2019

Mobile Connectivity Rises Mobile Technologies such as BYOD, Wearable Technology and Internet of Things are the cornerstone to strong cloud computing adoption and will continue to be the case as the number of connected devices continue to climb. In May 2015, Cisco released the complete VNI Global IP Traffic Forecast, 2014 – 2019. Global highlights…

9 Pitfalls of Providing Cloud-Based Online Government Services

9 Pitfalls of Providing Cloud-Based Online Government Services

Cloud-Based Online Government Services Pitfalls When the US government designed the Affordable Care Act, a key part of the program was to encourage enrollment through the Healthcare.gov website. This online service was supposed to make it easier for citizens to learn about the ACA, compare their health insurance options, and take full advantage of this…

IOT, Intelligent Sensors, And The Change That Is Coming…

IOT, Intelligent Sensors, And The Change That Is Coming…

Intelligent Sensors And The Future What is or isn’t connected: In the end, that is the internet of things. They, the things, represent stuff that has been around for the past 30 years. It was only recently that we have developed a way to consistently connect those devices. Despite the increasing awareness of IoT, it…

Popular Archives

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing Despite the rapid growth of cloud computing, the cloud still commands a small portion of overall enterprise IT spending. Estimates I’ve seen put the percentage between 5% and 10% of the slightly more than $2 trillion (not including telco) spent worldwide in 2014 on enterprise IT. Yet growth projections…

New Report Finds 1 Out Of 3 Sites Are Vulnerable To Malware

New Report Finds 1 Out Of 3 Sites Are Vulnerable To Malware

1 Out Of 3 Sites Are Vulnerable To Malware A new report published this morning by Menlo Security has alarmingly suggested that at least a third of the top 1,000,000 websites in the world are at risk of being infected by malware. While it’s worth prefacing the findings with the fact Menlo used Alexa to…

Sponsors

The Many Hats Of Today’s IT Managers

The Many Hats Of Today’s IT Managers

The Many Hats of IT Managers In years past, the IT department of most large organizations was much like a version of Middle Earth: a mysterious nether world where people who seemed infinitely smarter than the rest of us bustled around, speaking and typing languages that appeared indecipherable, yet, which made our world work. They…

Selling Your Business To Your Employees

Selling Your Business To Your Employees

Mobility For Your Employees It may seem a radical notion, the idea of selling your business to the people who work for you, but this is the era in which we now work. Employees of all levels are all incredibly aware of their options when it comes to mobility and employability. This doesn’t mean that…

Established in 2009

CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising