Allan Leinwand

Three Ways To Secure The Enterprise Cloud

Secure The Enterprise Cloud

Data is moving to the cloud. It is moving quickly and in enormous volumes. As this trend continues, more enterprise data will reside in the cloud and organizations will be faced with the challenge of entrusting even their most sensitive and critical data to a different security environment that comes with using the cloud. Cloud service providers need to take the necessary steps to keep pace with these changes, all while instilling in customers the utmost confidence in the security of their environments. Due to the prevalence and public visibility of hacks and data breaches, confidence in cloud security may not come easily. However, for every apprehension or concern about cloud security, there is a tool or method available to properly secure the cloud and allow customers to enjoy the benefits of cloud computing while maintaining the proper level of security.

While there are many ways to secure the enterprise cloud, this article will highlight some of the most important features used to secure data in the cloud including authentication, authorization and encryption.

Let’s start with authentication. To make sure only authenticated users can log into a cloud service, enterprises should use an authentication mechanism held outside the cloud and in an enterprise datacenter. Many enterprises authenticate users by using Secure Sockets Layer (SSL) to establish an encrypted connection between their cloud provider service and their existing internal Active Directory Federation Services (ADFS) or Lightweight Directory Access Protocol (LDAP) server. Another popular authentication method is to use Security Assertion Markup Language (SAML) for Single Sign-On (SSO) that makes it easier for users to log in to multiple systems without remembering multiple passwords. Cloud service providers should also offer ways to integrate user authentication with two-factor authentication or multi-factor authentication tools that provide additional layers of enterprise security.

Second, authorizing the functionality a user can access is another way to help secure data in the cloud. After a user is logged in a cloud platform needs to provide rich functionality to authorize user actions. An enterprise cloud platform should also include Role Based Access Control (RBAC) that allows the authorization of users by source IP address, by username or by groups of users. The most advanced cloud platforms allow users to build customized Access Control Lists to build simple or complex authorization rules.

Finally, encryption is an additional level of security that encodes all the data so that only users who have a proper key can read it properly. Users without the key either cannot see the data or it is seen as an unintelligible string of characters. The first way cloud providers use encryption is to secure all data in-flight between client browsers and the cloud provider using Transport Layer Security (TLS), a protocol sometimes referred to by its legacy name SSL. This use of encryption secures all data between the enterprise customer site and the cloud service provider so it cannot be read in transit across the Internet.

In addition to using encryption for data in-flight, many cloud providers can also encrypt data at-rest while stored in a database using technologies like column encryption. Database column encryption, as the name suggests, can encrypt each database column using a unique private encryption key. This usually takes the form of authorizing specific fields to be visible by certain users or users with certain roles. For example, this use of data at-rest encryption could potentially only permit users who have an authorized Human Resources role to see database fields showing employees home addresses and other personal information in an unencrypted format.

Encryption

For some cloud service providers, there is an additional way to use encryption –encrypting data in the enterprise before it is sent to the cloud service provider. This technique uses a proxy application that resides in the enterprise network and encrypts data with a private key before sending it to the cloud. The data remains encrypted while in-flight and at-rest in the cloud. It is then sent back to the proxy application when requested and decrypted by the proxy. While this approach may seem to have security advantages, it can severely limit the usefulness of the data in the cloud as it is all encrypted and not readable by any cloud services.

While securing the cloud is a complicated, technical process, these main features represent the most foundational parts of properly securing the cloud. With consistent and thorough application of the proper security measures cloud service providers will enable customers to unlock the potential of the cloud.

By Allan Leinwand

Allan Leinwand

Allan Leinwand is chief technology officer at ServiceNow, the enterprise cloud company. In this role, he is responsible for overseeing all technical aspects and guiding the long-term technology strategy for the company.

Before joining ServiceNow, Leinwand was chief technology officer – Infrastructure at Zynga, Inc. where he was responsible for all aspects of technology infrastructure used in the delivery of Zynga’s social games including data centers, networking, compute, storage, content distribution and cloud computing.

Previously, Leinwand was a venture partner for Panorama Capital, LLC where he focused on technology investments in data networking, open source software and cloud computing. Prior to this role, he served as an operating partner at JPMorgan Partners.

In 2005, Leinwand founded Vyatta (acquired by Brocade), the open-source networking company.

Leinwand currently serves as an adjunct professor at the University of California, Berkeley where he teaches on the subjects of computer networks, network management and network design. He holds a bachelor of science degree in computer science from the University of Colorado at Boulder.

View Website
How Will Artificial Intelligence Really Impact Jobs?

How Will Artificial Intelligence Really Impact Jobs?

Artificial Intelligence Jobs Hamilton is my favorite Broadway musical. The show follows the life of one of America’s founding fathers, Alexander Hamilton, who went from a destitute, illegitimate child in the British West Indies to ...
Ransomware Cyber-Attacks: Best Practices and Preventative Measures

Ransomware Cyber-Attacks: Best Practices and Preventative Measures

Ransomware Cyber-Attacks “WanaCrypt0r 2.0” or “WannaCry,” an unprecedented global ransomware cyber-attack recently hit over 200,000 banking institutions, hospitals, government agencies, and other organizations across more than 150 countries. The ransomware encrypted user data, and demanded ...
Turn to the Cloud as Part of Your Data Breach Strategy

Turn to the Cloud as Part of Your Data Breach Strategy

Data Breach Strategy The latest Verizon Data Breach Investigations Report is out, and the verdict is in: data breaches are on the rise. While the news shouldn’t surprise anyone, there are some actionable insights to ...
The Cloud Debate - Private, Public, Hybrid or Multi Clouds?

The Cloud Debate – Private, Public, Hybrid or Multi Clouds?

The Cloud Debate Now that we've gotten over the hump of whether we should adopt the cloud or not, "which cloud" is now the center of the debate. It feels like that one multiple choice ...
malware tracking maps

Live Hacking and Ransomware Tracking Maps Online

Hacking and Ransomware Tracking Maps We've recently covered a few live hacking maps but have decided to extend the list based on the recent ransomware activities with some additional real time hacking attack and ransomware tracking ...

CLOUDBUZZ NEWS

Facebook suspends 200 apps over data misuse investigation

Facebook suspends 200 apps over data misuse investigation

(Reuters) - Facebook Inc has so far suspended around 200 apps in the first stage of its review into apps that had access to large quantities of user data, in a response to a scandal ...
Cambridge Analytica files for bankruptcy in U.S. following Facebook debacle

Cambridge Analytica files for bankruptcy in U.S. following Facebook debacle

(Reuters) - Cambridge Analytica, the political consultancy at the center of Facebook Inc’s (FB.O) privacy scandal, filed for Chapter 7 bankruptcy in the United States late on Thursday. This past March allegations surfaced that Cambridge ...
Oracle Enables Smart Manufacturing with New Artificial Intelligence Cloud Applications

Oracle Enables Smart Manufacturing with New Artificial Intelligence Cloud Applications

Intelligent applications help improve overall business performance in manufacturing by driving smarter decisions, increasing yields and enhancing production efficiency Oracle today announced new artificial intelligence (AI) cloud applications that enable manufacturing organizations to reduce costs ...
The Lighter Side Of The Cloud - iPatch
The Lighter Side Of The Cloud - Fear Of Heights
The Lighter Side Of The Cloud - Wearable Infection
The Lighter Side Of The Cloud - The Nanodegree
The Lighter Side Of The Cloud - Playing It Safe
The Lighter Side Of The Cloud - Really Smart Machines
The Lighter Side Of The Cloud - Security Overkill
The Lighter Side Of The Cloud - The Autobiography
The Lighter Side Of The Cloud - Energy Battle