Cloud Computing Security – 3 Essential Functions

manage-employees-authentication-and-access-cloud-secure

By 2020 more than 80% of businesses are expected to move to the cloud, but the question of Intranet Security has always been the elephant in the room. Cloud is being adopted at an extreme pace with companies opting for everything from software-as-a-service to infrastructure-as-a-service.

The fact is there is no service secure enough that can’t be breached; cloud, on-premise or hybrid and there is definitely no easy fix. In the recent year with the numerous government and private hacks, cloud-related stories that have made the rounds in the media has made it increasingly difficult for organizations and people, in general, to believe that the Cloud is safe. For some reason procuring servers and maintaining it on your premise can protect you from all the criminals online. Sure the new cloud computing security technology solutions are created, but energy is put in securing the future instead of protecting the present.

This article we would look at cloud solutions and if they are safe enough for businesses to trust, and if the cloud is a worthwhile investment for the future.

Manage Employees, Authentication, and Access.

Cloud Security Service provider and customers must have complete governance on whoever can access the client’s information. The Cloud service providers must be able to give the client the ability to set different levels of authorization for various employees and terminate the access once the employment ends. For instance, on a company collaboration portal if the admin would like to give certain security clearances to someone in Sales (Project access, Proposals, tasks trackers) but would like to restrict access to the HR department which would contain salary information, etc.

The cloud security service provider must give identity information, access control logs, and data that can be monitored. When required the security logs to be audited by the customer. It is important to understand (IDAM) Identity and Access Management is a solution that has multiple functions.

Some of them being:

Single Sign-On (SSO) – Cloud Security Services should cover. Intranet SSO is a huge benefit to both your IT department and the employee.
SSO makes any cloud service a lot more secure and convenient for the IT department as well. It gives the IT department one platform through which they can monitor employee movement, be alert, ready for phishing and malware attacks. It also helps the employee to log in to multiple services from one platform. Single Sign On also helps the improve employee productivity. One of the most common problems for any employee is the password reset option, and it is one of the most frequent issues that IT-help desks must deal with today. Employees have more than 15 passwords which make it tough to remember and makes it a bigger security risk, SSO cuts out the use of multiple passwords and helps with password resets as an option via the (forgot password) feature.

Multiple Authentication Process – One level security is never enough, and like most high-level secure sites, i.e., mobile devices, Online wallets or online banking require multiple security measures are a must. Security levels will require the cloud computing service vendor to provide excellent support and authentication options. There are various password authentication options which are One-time password or single use code, secret questions, authentication tokens, etc.

Multiple Authentication Process

Follow All Compliance, Risk & Governance processes.

It is imperative for any organization to set up the processes and structures according to the level of sensitive data that is available to the company. A process that can help with effective information security governance, risk management, and compliance.

Cloud Computing – We are aware this comes with some risks, and it is up to the cloud service provider and the customer to collaborate and mitigate these risks.

In 2011, the Information Systems Audit and Control Association (ISACA) published “IT Control Objectives for Cloud Computing” to facilitate the understanding of cloud computing and the associated risks. ISACA is the organization behind CobiT. Control Objectives for Information and Related Technology (CobiT) is an IT governance control framework that helps organizations address the area of regulatory compliance, risk management and aligning IT strategy with organizational goals among the various services listed below:

  • SaaS: Software-as-a-Service provides cloud-hosted business applications to users using a thin client or web browser.
  • PaaS Platform-as-a-Service delivers operating systems, storage and network capacity via the internet.
  • IaaS: Infrastructure-as-a-Service is the outsourcing of hardware and other operation support equipment such as storage, network components, and servers. IaaS is also referred to as Hardware-as-a-Service (HaaS). Expanded delivery models now include BPMaaS.
  • BPMaaS: Business-Process-Management-as-a-Service “provides the complete end-to-end business process management needed for the creation and follow-on management of unique business processes” (Fingar, 2010).

Cloud networks & connections are the most vulnerable.

The Network Is critical to cloud computing because the cloud service provider has limited options but to expose most of the networking capabilities and that provides limited options to the customer.

Cloud can only consist of a deployment or service model and without the network there can be no cloud service. Customers will not be able to access their cloud resources, and no network means applications, infrastructure & data cannot work together.

Cloud computing network security
Cloud computing network security

Networking must change because the rise of cloud models has an adverse effect on the network:

  • New infrastructure, for example, everything is becoming virtualized. Infrastructure is becoming programmable, servers and applications have mobility.
  • New applications, for example, data-intensive analytics, parallel and clustered processing, telemedicine, remote experts, and community cloud services.
  • New access, for example, mobile device-based access to everything and virtual desktops.
  • New traffic, for instance, predominantly server-to-server traffic patterns and location-independent endpoints on both sides of a service or transaction.

What you need to do with security and data has not changed. Data still needs to travel between the computing and storage components of an application and then to the user of the application. Security still must be applied to help make sure that the right users, devices, and systems have access to the right data at the right time. While protecting against attacks, intrusions, breaches, and leaks. Different kinds of data and traffic have varying levels of importance and network resource whose needs still must be met across the entire network with quality-of-service (QoS) capabilities.

However, how you do these things has to change:

  • Network architecture needs to be flexible, instead of being a static stumbling block.
  • Network services need to be location independent: Delivering any data, applications to where users are at whenever the services are needed.
  • Network resources need to be abstracted so that provisioning can be automated and actions orchestrated through common interfaces.
    Source: NIST.

There is no concept of “one size fits all”. No basic architecture pattern or template can be used for cloud customers across the board. The customer and the cloud service provider can make sure there is a solution for all the product and service you need so that your data is protected and investments are safe, with the highest level of performance.

 In-Control Does not mean Secure!

To conclude we have covered three of the most important ways companies can work with their respective business Intranet cloud service providers to protect their investment or migrate to the future with the cloud. The location of your data matters a lot less than how easily it is accessible. Instead of concentrating on cloud or on-premise you should look at the levels of security and protocols that have been set.

 

 

Site Footer