By 2020 more than 80% of businesses are expected to move to the cloud, but the question of Intranet Security has always been the elephant in the room. Cloud is being adopted at an extreme pace with companies opting for everything from software-as-a-service to infrastructure-as-a-service.
The fact is there is no service secure enough that can’t be breached; cloud, on-premise or hybrid and there is definitely no easy fix. In the recent year with the numerous government and private hacks, cloud-related stories that have made the rounds in the media has made it increasingly difficult for organizations and people, in general, to believe that the Cloud is safe. For some reason procuring servers and maintaining it on your premise can protect you from all the criminals online. Sure the new cloud computing security technology solutions are created, but energy is put in securing the future instead of protecting the present.
This article we would look at cloud solutions and if they are safe enough for businesses to trust, and if the cloud is a worthwhile investment for the future.
Manage Employees, Authentication, and Access.
Cloud Security Service provider and customers must have complete governance on whoever can access the client’s information. The Cloud service providers must be able to give the client the ability to set different levels of authorization for various employees and terminate the access once the employment ends. For instance, on a company collaboration portal if the admin would like to give certain security clearances to someone in Sales (Project access, Proposals, tasks trackers) but would like to restrict access to the HR department which would contain salary information, etc.
The cloud security service provider must give identity information, access control logs, and data that can be monitored. When required the security logs to be audited by the customer. Identity and Access Management is a solution with multiple functions. A few of the most common are:
Single Sign-On (SSO) – SSO makes any cloud service a lot more secure and convenient. It gives the IT department one platform through which they can monitor employee movement, be alert, and watch for phishing or malware attacks. It also helps employees log in to multiple services from one platform, improving performance and productivity. One of the most common problems for any employee is the password reset option, and it is one of the most frequent issues that IT-help desks must deal with today. Employees often have more than 15 work related passwords, making it difficult to remember each one and increasing overall security risks. SSO cuts out the use of multiple passwords and helps with password resets as an option via the forgot password feature.
Multiple Authentication Process – One level security is never enough. Security levels require the cloud computing service vendor to provide excellent support and authentication options. There are various password authentication options for one-time passwords, single use codes, secret questions, authentication tokens, or more.
Follow All Compliance Processes
It is crucial for any organization to set up their processes and structures according to the degree of sensitive data available within their organization. Cloud computing, of course caries with it certain risks and it is up to the cloud service provider and the customer to collaborate and mitigate these risks.
In 2011, the Information Systems Audit and Control Association (ISACA) published “IT Control Objectives for Cloud Computing” to facilitate the understanding of cloud computing and the associated risks. ISACA is the organization behind CobiT. Control Objectives for Information and Related Technology. CobiT is an IT governance control framework that helps organizations address the areas of regulatory compliance, risk management, and align IT strategy with organizational goals among the various services listed below:
- SaaS: Software-as-a-Service provides cloud-hosted business applications to users through a thin client or web browser.
- PaaS: Platform-as-a-Service delivers operating systems, storage, and network capacity via the internet.
- IaaS: Infrastructure-as-a-Service is the outsourcing of hardware and other operation support equipment such as storage, network components, and servers. IaaS is also referred to as Hardware-as-a-Service (HaaS). Expanded delivery models now include BPMaaS.
- BPMaaS: Business-Process-Management-as-a-Service “provides the complete end-to-end business process management needed for the creation and follow-on management of unique business processes” (Fingar, 2010).
Networking must change because the rise of cloud models has an adverse effect on the network:
- New infrastructure, for example, everything is becoming virtualized. Infrastructure is becoming programmable, servers and applications have mobility.
- New applications, for example, data-intensive analytics, parallel and clustered processing, telemedicine, remote experts, and community cloud services.
- New access, for example, mobile device-based access to everything and virtual desktops.
- New traffic, for instance, predominantly server-to-server traffic patterns and location-independent endpoints on both sides of a service or transaction.
What you need to do with security and data has not changed. Data still needs to travel between the computing and storage components of an application and then to the user of the application. Security still must be applied to help make sure that the right users, devices, and systems have access to the right data at the right time. While protecting against attacks, intrusions, breaches, and leaks. Different kinds of data and traffic have varying levels of importance and network resource whose needs still must be met across the entire network with quality-of-service (QoS) capabilities.
However, how you do these things has to change:
- Network architecture needs to be flexible, instead of being a static stumbling block.
- Network services need to be location independent: Delivering any data, applications to where users are at whenever the services are needed.
- Network resources need to be abstracted so that provisioning can be automated and actions orchestrated through common interfaces.
There is no concept of “one size fits all”. No basic architecture pattern or template can be used for cloud customers across the board. The customer and the cloud service provider can make sure there is a solution for all the product and service you need so that your data is protected and investments are safe, with the highest level of performance.
In-Control Does not mean Secure!
To conclude we have covered three of the most important ways companies can work with their respective business Intranet cloud service providers to protect their investment or migrate to the future with the cloud. The location of your data matters a lot less than how easily it is accessible. Instead of concentrating on cloud or on-premise you should look at the levels of security and protocols that have been set.