Security should not inhibit cloud adoption
Pirean CTO, Mike Cartwright addresses popular misconceptions about securing a cloud environment and outlines how organisations can extend much of their existing security infrastructure to embrace 'on demand' computing power, without compromising the keys to the kingdom.
Through 2010 the definition of Cloud Computing evolved from a relatively straight forward 'pay as you go' SAS or IAS model to really represent what is best described as a service delivery methodology. The cloud computing model really represents 'on demand' computing power - leveraging your organisations internal data centre resources and those provided by one or more external service providers - or more likely a hybrid of the two. The availability and affordability of computing power is fuelling innovation, and organisations experiencing significant growth are not restricted to traditional data centre models - they are starting to build their IT strategy around smaller internal data centres, designed to protect identities, sensitive corporate information and business critical data (essentially the 'keys to the kingdom'), and now look to the adoption of external computing power to do the real work and deliver performant and cost effective services to their customers. I would go as far as to predict that with increased network bandwidth and dynamic service provisioning a 'computer resource' trading market is not an unreal possibility within the next five years.
Large established organisations have invested significantly in their existing infrastructure, and don't have the option of moving their entire organisation to this new model in the short or medium term. However, when they look to new services that they plan to deliver in 2011, rather than investing in additional hardware and absorbing the capital and operational expense cloud computing resource from an IAS or SAS provider does offer a genuine alternative. When asked, there is a general acknowledgement of the potential benefits of adopting a hybrid cloud computing model but the number one inhibitor is always identified as security.
Security in a hybrid cloud environment does provide some new challenges, but it is no where near as complex as it is perceived. Traditional access management solutions were developed to secure web-facing services hosted in a data centre not the cloud. Bending these solutions for cloud means implementing a central access management server, and routing all traffic through this single point - it makes little sense to redirect your service traffic through your corporate datacenter. In fact, adopting a traditional data centre approach to security is where many misconceptions start. If a company looks to deploy additional identity repositories within the hosted environment, the need for additional server instances that essentially replicate the role of existing systems in your data centre actually negates a significant percentage of the cost benefit.
Security in a hybrid cloud environment does provide some new challenges, but it is no where near as complex as it is perceived.
Given the level of existing investment in any organisations security infrastructure, it makes a lot more sense to leverage the existing systems to secure the cloud. This can be achieved through establishing a central point of access control though the implementation of a Versatile Authentication Server. This approach enables the existing security infrastructure in your data centre to be used to secure any cloud based application or service - but removes the requirement for cloud based repositories. The only time you need to talk to your data centre is at the point where you authorise a user. As the server manages Authentication Workflows for all applications, internal and external, if a user is connected to one cloud application we can create a secure session to another without requesting additional information. Delivering single sign-on between cloud services without any direct connection between the two service providers. Single sign-on can be implemented from internal applications to cloud based applications, or from cloud provider to cloud provider.
In summary, think of cloud computing as 'on demand' computing power and there are significant benefits to be realised without compromising security.
Most Recent Comments
There are no comments posted for this entry yet
Please leave a comment