Cloud computing is booming and the IaaS path is one that every company wants to follow. However, adopting the IaaS path also means one has to keep tap, and face data security challenges that the field regularly poses. Here we list a trend of such challenges, and methods that may help deal with them.
Localization of Datacenters
After the recent expose’ of the NSA’ data security program, “PRISM”, many companies have been forced to reconsider their data security and privacy policies with infrastructure providers. Some of the questions they now face are:
- Which service provider would be more vulnerable to govt. surveillance programs?
- Which provider is more likely to surrender confidential data to such organizations?
- As privacy laws are different for each country, which laws apply to my service provider?
The concerns listed above, have forced many companies to reconsider their cloud service providers and opt for providers that are local and hence fall under the same governing laws as themselves. As part of the solution the following steps can be taken:
1. Encrypt all data headed for the cloud.
2. Ensure your provider is answerable in case the authorities come questioning.
3. Make sure your solution in infrastructure-agnostic, allowing you to use any infrastructure provider, local or otherwise.
Automating the security configuration
With the advent of cloud computing, it must be understood that the dynamic nature of the IaaS environment entails a different security solution as compared to safeguarding data on the client side. Firstly, due to risks associated with IaaS deployment, a dedicated configuration is required for each server. Second, in a cloud, the load and the number of servers is variable. Hence, applying a security solution manually is riskier and inconvenient.
A solution to this problem is the automation of cloud security configurations. To answer the immediate question that arises, what needs to be automated? The answer is whatever is dynamic or server relared. For example, FortyCloud allows its administrators to automate the security configuration using a policy-system. A new server, hence, will automatically be associated with one such policy, and in real time.
The question of Authentication
Personal mobile devices are regularly being used in workplaces. As a result, enterprises have implemented the Bring Your Own Device(BYOD) policy. That been said, users expect immediate access and response through their devices. Any delays in this, and this might discourage the users from using the cloud solutions altogether.
A solution to this is the simplification of the authentication protocols. Most services require users to provide and IP address and a proxy whenever they ask for access. This is not only insecure but also cumbersome. A solution to this process is granting access on the basis of pre-defined authenticated accesses, which moving forward do not require a user’s credentials but only their identity. Such solutions can make the user experience much more enriching.
Controlling access in the cloud
Access in cloud environments is controlled through the central gateway. In case of an infrastructure dependent cloud environment some access control questions may arise:
- Can the on-premise control gateway be relocated to the cloud?
- How can I ensure that my resources are accessed only through the gateway and that the servers remain untouched?
- How can the gateway identify the employees’ identity?
- Can a gateway enforce access rights over the IaaS network?
The chief problems here are network and identity related. This is one major IaaS security trend worth watching. With networking, the difficulties arise due to limited control over the infrastructure.
With identity, the problem arises with reusing the existing identity systems. A solution to this is to integrate the two and provide access by developing a virtual network that shadows the cloud provider’s network.