Overcoming cloud computing security challenges

Overcoming cloud computing security challenges

Tags:   cloud computing  cloud security  risk assessment

By Michael Cobb | Feb 1, 2010

As information security program managers begin the new year, it's common practice to identify the key themes that will affect an enterprise security strategy.

However, there's one theme that arguably stands out above all others: cloud computing. The tough economic climate does help make the case for cloud computing very persuasive. Because on-demand resources are dynamically scalable and flexible; on-demand resources have been the hot topic of 2009 and will always be attractive to businesses large and small. Whatever the state of the economy during 2010, cloud computing will surely continue to change the way we do IT.

For everyone involved in trying to protect their organizations' network users and data, a move to cloud computing will present a huge change and challenge. Compliance regulations will most likely prevent an enterprise from moving all its data and operations to the cloud, so the transition is in fact an additional security challenge on top of protecting existing network infrastructures. Moving to the cloud requires data and applications to be placed outside the comfort zone of well-established perimeter defenses and physical access controls. An increasing number of users who don't come under the controls of HR, such as suppliers, clients and partners, will access your data via Web-based collaboration tools. IT administrators already struggle with the task of securing mobile users who access corporate networks, but cloud computing is on a different scale altogether.

For me, one of the key security challenges is how to efficiently manage and enforce access control for employees, customers and partners beyond the enterprise firewall. Cloud computing turns us all into remote workers, and cloud applications and data, by definition, are outside the enterprise. This means that you can no longer rely on multiple layers of authentication, firewalls and other perimeter defenses to do the job for you.

Strategically, managing these challenges requires a number of actions. HR security policies must be reviewed and tightened up so they enforce robust lifecycle management of users. A detailed identity and access management strategy must also be put in place, one that makes full use of federated identity management, an arrangement that enables users to securely access data or systems across autonomous security domains. I recommend enabling single sign-on (SSO) within your own enterprise applications and leveraging this architecture to simplify cloud provider integration and implementation.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Comments

Comments

I completely understand your

Submitted by 036ad378a94807148d60c2627da3d112 on 8 February 2010 - 9:09pm.

I completely understand your hesitancy when it comes to cloud computing. I would be very worried about who had access to my information. I guess time will tell if cloud computing will be a good thing or not. casino online

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
WhiteHat Security reveals top 10 Web hacking techniques
Top 10 tips for protecting sensitive data from malicious insiders
Today's top security priorities
Rustock botnet increases spam traffic
UTM product offers Logansport Savings Bank superior protection

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS