It leaks have raised public concerns about cloud security. To limit potential problems, enterprises must consider governance requirements, tools, providers, and more.
The security of applications and data is critical to any enterprise, but responsibility is not evenly distributed. As a result, it organizations need to develop a cloud security strategy that will identify compliance policies or principles that the rest of the enterprise needs to comply with.
The public cloud eliminates part of the infrastructure and management overhead of traditional data centers, but the burden of meeting cloud governance needs rests with the IT department. In a changing cloud computing landscape, it is important to build a management model that is similar to everyday processes rather than products.
Choosing a cloud provider based on your organization's data location, privacy, and governance requirements, and choosing a cloud provider based on best practices for developing a cloud governance strategy that covers the entire enterprise, is an important consideration for any IT organization.
Cloud Security challenges
When it comes to cloud security, most businesses are not very clear about what is true or what is fictitious. The diversity of threat activities is not as important as the location of the infrastructure, according to alert Logic's 2012 Cloud security status report. Attacks are inherently random, so any system that can be accessed from outside (whether it is an enterprise system or a cloud system) has the same chance of being attacked.
The report found that attacks based on Web applications frequently attack the environment and internal environments of service providers, with 53% of businesses and 44% of businesses being attacked by such attacks. However, the internal environment has been hit more frequently than the service provider environment, averaging 61.4 attacks and 27.8 attacks respectively. Compared to the service provider environment users, the internal environment users will also be significantly more brute force attacks.
The 2012 report still has a cautionary tale today, and recent data leaks from companies such as Sony, Home Depot and Target have nothing to do with the cloud. Most attacks occur on traditional systems and are blamed on aging security systems and exposed security vulnerabilities.
As cloud computing continues to grow in popularity, and the systems that are implemented become more complex and heterogeneous, the importance of having proven cloud security strategies and technologies has increased dramatically.
Identity and access Management (IAM), also known as identity management, is not a new technology, but the rise of cloud computing has made it the center of the stage. Many cloud providers, such as Amazon Network Services (AWS), provide the IAM as a service by default. Other providers require customers to select and deploy a third-party iam system.
The concept of IAM is simple: Provide a security solution and technology that allows the right people to access the right resources at the right time for the right reasons. This concept follows this guideline: any system and everyone has identity, including people, servers, devices, APIs (application programming interfaces), applications, and data. Once identities are validated, the next step is to define which identities are accessible to other identities and to establish policies that define these relationship limitations.
An example would be to define and store the identities of a cloud based API that is used by a group of smartphones running an application. These APIs each have identities, and smartphones, apps, and people who use them all have identities. When interacting with another resource, the IAM service verifies the identity of each entity.
A code example of the IAM is the AWS version, a fully fledged identity management and security system that allows users to control access to the AWS Cloud service. This IAM allows you to create and manage AWS users and user groups in a privileged manner, allowing or prohibiting access to data. The advantage of Amazon's IAM is that it can manage who can access what data and under what circumstances.
Other manufacturers in the industry
Of course, not everyone is running AWS. Fortunately, many of the new IAM vendors are committed to the cloud, often promising to provide both identity management and a single sign-on service. These vendors include Bitium, Centrify, Okta, OneLogin, Ping identity and symplified.
Each vendor has a different approach to cloud security and IAM, so evaluate each product with your specific requirements. When choosing the right cloud security scenario, consider the following factors:
The integration of cloud-based identity management services or other security services with enterprise security systems. Security should be systematic for both cloud and non cloud systems. Consideration should be given to products that meet both sets of requirements.
The design and architecture of identity-based security services. Sometimes, security services may come from your cloud provider. In many other cases, you have to choose and deploy Third-party security tools.
Testing (including the "White Hat" safety test) is important. The test results are persuasive in terms of the actual effectiveness of the security system.
Impact on performance. In some cases, security can slow your system down to a level that affects productivity.
Industry and all necessary regulations to be followed.