Brought to you by The WHIR
As organizational IT data centers move to adopt cloud technologies they’ve immediately begun to see benefits in this type of distributed computing. Users are now able to access their applications or corporate desktops from any device, anytime and anywhere. But it’s not just about apps and desktops. New types of cloud services are revolutionizing user experiences and rich content delivery.
This seamless experience creates a more sustainable environment and helps end-users have a better computing experience.
Still, security will almost always be one of the biggest concerns of the IT business sector. Experience has shown that no matter what technology or platform is implemented, securing that environment is a top priority. As data centers push their cloud infrastructure even further with solutions that include identity federation and single sign-on, the clear challenge and question becomes: How do we secure our cloud initiative?
Understanding and working with cloud security best practices
When analyzing the concept of security concerns associated with cloud computing, an organization may sometimes come up with a long list of challenges.
When evaluating a cloud solution, whether it is private or public, IT administrators must conduct their due diligence in researching their technology and making sure their environment is ready for such a step. Below are some industry tips and best practices when cloud security comes into the equation.
- Plan strategically
- Since every environment is unique, very careful consideration must be given to how the corporate workloads are to be delivered to the end-user. By designing a solution from the start which embraces security, an infrastructure will already be one step ahead in their cloud initiative. Taking a secure approach from the initial phase creates a solid foundation for entering into the cloud. By starting with security first, compliance conscious organizations are able to deploy both a resilient and audit-ready environment.
- Pick a partner wisely
- Your partner’s ability to protect sensitive cloud-based data will be crucial. There are many cloud providers to choose from. Some will offer private cloud solutions, while others will offer a combination of a pubic/hybrid cloud deployment. When evaluating a partner that will be set to deliver corporate IT services via the cloud, make sure that partner has a foundation and heritage in both IT and security services. Verify that cloud-ready risk mitigation is part of the provider’s common security practice. Evaluate a partner that has proven experience integrating IT, security, network services, as well as providing robust and strategic service-performance assurances.
- Identity Management
- Every enterprise environment will likely have some sort of identity management system. This is to control user access to corporate data and computing resources. When looking to move to the cloud, identity management quickly becomes a security concern. One of the last things an IT administrator would want is a user who is forced to remember several sets of credentials. Cloud providers must either integrate the customer’s identity management system into their own infrastructure, using identity federation or single sign-on technology, or provide an identity management solution of their own. Without that, some environments have seen what is known as identity pools, where users have multiple sets of authoritative credentials they must use to access common workloads.
- Protecting corporate data
- For an IT organization to be considered protected, data from one end-user must be properly segmented from that of another. That means that “data at rest” must be stored securely and “data in motion” must be able to securely move from one location to another without interruption. Good cloud partners have solutions like this in place to prevent data leaks or access by unauthorized third parties. As such, it’s important to clearly define roles and responsibilities to ensure that auditing, monitoring and testing cannot be circumvented even by privileged users unless otherwise authorized.
- Develop an active monitoring solution
- Just like information within a data center – data in the cloud must be continuously monitored. If an IT manager needs live data to be pulled from a cloud environment, they must leverage an active monitoring solution. Performance bottlenecks, system instabilities or other issues must be caught proactively to avoid any outages in services. Failure to constantly monitor the health of a cloud environment will result in poor performance, possible data leaks and, sometimes worst of all, an angry end-user. Organizations which are ready for the cloud must plan accordingly as to the monitoring and intervals required based on their data content. From there, it’s advised they implement manual or automated procedures to respond to related events that may occur in their cloud environment.
- Test regularly and establish environmental metrics
- Whether deploying your own private cloud or using a cloud-ready partner, always make sure to test and regularly maintain your environment. When looking at a service provider, make sure they offer a solid Service Level Agreement (SLA) that should include metrics like: availability, notification of a breach, outage notification, service restoration, average time to resolve, and so on. Both in a provider relationship and in a private cloud solution, regular proactive testing should occur. By keeping an environment healthy and tested, we remove quite a bit of risk associated with security or inadvertent data leaks.
Never forget the basics
Since security is always a concern for a conventional data center, it should very much be a top priority in any cloud initiative as well. Third-party organizations, such as the Cloud Security Alliance, regularly publish advice for securing a cloud deployment.
Always try to remember the following for securing SaaS, PaaS and IaaS environments:
- Strong authentication methods are always recommended. Two-factor, and even certificate-based authentication methods can be great. Remember, depending on the risk level of the services being offered, your security architecture will need to match those requirements.
- You must be able to manage user access across the board. User privileges will absolutely vary and you especially need to control the administration of privileged users for all supported authentication methods.
- Incorporate self-service and identity validation. You can deploy powerful tools which analyze lost and orphaned accounts across onsite and remote locations. And, they’ll look at admin accounts as well. You can allow users to request new services and even modify their own permissions (where it makes sense). The key is managing these permissions and creating user controls.
- We’re beyond just enforcing strong passwords; even though that’s still important. Now, new technologies allow for deep interrogation of users, locations, devices, and even specific resource access points. Either way – ensure your users havesecure methods of entry depending on the devices they’re using.
- Identity management and federation can help out a lot. For example, federated services can be a means of delegating authentication to the organization that uses the SaaS application. Or, you can tie separate services using federation services to reduce authentication challenges. These are great ways to manage user identities in one spot.
As more data centers are pushed into the cloud, security will play an even greater role in maintaining data integrity. Even though the technology is still new, cloud-computing offers great benefits to those environments prepared to make the investment. Remember to make wise and well-researched decisions when evaluating cloud data center security options.