Cloud-based resources have found their way into nearly every aspect of computing. While they have proven to generally be secure, enterprises are still directly responsible for protecting their systems and data in this environment.
It is not enough to take the cloud service provider’s word that their systems are secure and impenetrable. Enterprises need to assure their systems are secure by taking measures on their own behalf to supplement what their providers already have in place.
Four Ways to Secure Cloud-Based Resources
Consider these four factors that can help provide enterprise level security to cloud resources.
1. Embrace Centralized Management
The basic premise of cloud-based architecture is the distribution of data and processes beyond the enterprise’s perimeter. Each cloud-based service has servers that exist outside the enterprise and are therefore beyond IT’s direct control. Without security that limits access at the perimeter, every server needs to control access to its own resources. With hundreds or even thousands of servers in use by an enterprise, it isn’t realistic to consider IT managing each server’s access permissions individually.
The realistic way to manage server access is to establish a centralized control that defines access by user role and data type, and then propagates those rules across cloud-based services. Controlling factors need to be based on the data itself rather than the physical location of the servers. This is because data can frequently be migrated to the most appropriate location that provides access, and audit controls must be based on the data regardless of its location.
2. Invest in Federated Identity Management
Maintaining universal user identity in a distributed environment is essential to maintaining valid access. Since data can reside in multiple servers accessed by multiple applications, identity management must be able to assign and revoke user permissions regardless of location and application.
Federated identity management needs to manage access permissions for internal systems owned and controlled by the enterprise. It must also seamlessly apply the same permission levels to users accessing externally supplied computing resources. This single point of identity management simplifies the process and allows the enterprise to control access to both internal and external applications.
3. Understand the Vendor
Cloud service vendors typically offer differing service-level agreements (SLAs) that cover the most common risks and compliance issues. It is incumbent on IT to find out which areas are not adequately covered by the SLA and provide their own mitigation processes or work with the vendor to close the gaps between standard offerings and required enterprise-level protection. Government regulations have made compliance and completely assured cybersecurity protection increasingly important — and, in some cases, mandatory.
4. Get Cyber Intrusion Protection
The reality of networked computing is that data thieves will continue to exist and exploit ready opportunities. The increased complexity of operating multiple computing resources distributed across wide regions makes building an effective defense difficult. There is no single method to protecting enterprise systems, and IT needs to perform all the normal precautions to keep their systems regularly updated against newly discovered threat vectors.
The use of reputation-based tools has become important since it adds an alert layer to existing signature-based virus detection tools. In addition, the proliferation of cloud-based systems allows individuals to connect enterprise networks to unvetted services. Whitelisting certain services can also help prevent rogue services from gaining network access and injecting exploits.
Protecting enterprise data and services has always been a challenge, and today’s cloud-based infrastructure adds a layer of complexity. Security professionals need to know the connecting systems that make up their enterprise and put the best resources in place to maintain their security. By collaborating with service providers, regularly updating hardware and developing an enterprisewide server management strategy, IT can reduce the number of security gaps within today’s network infrastructure.
Freelance Writer and Former CIO
Scott Koegler practiced IT as a CIO for 15 years. He also has more than 20 years experience as a technology journalist covering topics ranging from software ...