|By Sebastian Stadil||
|September 3, 2014 12:00 PM EDT||
In 2012, an IDG survey of enterprise cloud computing adoption showed that 70 percent of respondents said security was among their top three concerns, and two years later, not much has changed. The Everest Group Enterprise Cloud Adoption Survey released in March of 2014 shows that 70 percent of enterprises prefer private cloud because it offers higher security - a clear indication that security concerns still weigh heavily on the minds of enterprise leaders. Centralizing cloud resource access could prove to be the path through, addressing security concerns while providing the agility cloud computing promises.
It is understandable how cloud security presents itself as a chief IT concern when you consider that cloud computing transfers control from IT to business users and developers. And that adopting cloud entails replacing numerous IT processes with self-service portals.
While there are innumerous benefits to adopting cloud computing, transferring control away from IT does open the business to risk as it diminishes IT's ability to protect the organization's resources and data against unauthorized access and misuse. It also ties IT's hands when it comes to identifying and resolving security issues, and enforcing compliance with industry regulations. These are critical functions that have direct impact on business risk.
Addressing Business Risk via Security Controls
Cloud computing transforms the way infrastructure is provisioned in an organization. It replaces the centralized IT-controlled infrastructure provisioning model where developers make an infrastructure request that IT reviews and then fulfills, with a new, distributed developer-centric infrastructure provisioning process where developers effectively bypass IT. As a result, enterprises adopting cloud find themselves in a paradoxical situation where IT is responsible for the infrastructure security that developers now control.
There are three clear control capability areas needed for IT to effectively manage financial, reputation and legal risk.
- Preventive capabilities: IT must be able to prevent insecure provisioning requests from being fulfilled, on both a per-user-role and per-environment basis. For example, IT must be able to enforce specific firewall policies for production infrastructure.
In order to satisfy developer requirements, it is obvious that IT cannot change the way cloud infrastructure is accessed: provisioning must remain self-service. As a result, IT needs transparent and automated policy enforcement. Provisioning requests made to the organization's cloud need to be inspected in real-time and checked against governance policies that are in place. When approved, requests must be forwarded to the relevant cloud API; when denied, the developer that made the request must be immediately informed. Ideally, the developer should be provided with an explanation and an alternate course of action should be suggested.
- Detective capabilities: IT must have a centralized view of infrastructure to identify vulnerabilities and intrusions; IT must be able to understand the purpose of every resource provisioned by the business. For example, IT must be able to identify the configuration of every deployed resource and the environment to which it belongs. That knowledge can then be used to decide whether an unusual firewall configuration or activity pattern should trigger an alert.
To satisfy these requirements, IT needs a federated view and understanding of all of the business's cloud resources, ensuring visibility over the organization's cloud resources. To do so, IT must ensure that every provisioning request is associated with a legitimate owner and use case (ideally in an automated fashion); that all provisioned resources remain visible throughout their lifecycle; and that metadata regarding their purpose remains accessible.
- Corrective capabilities: IT must control access to the business's cloud infrastructure. For example, IT must be able to revoke access for employees that leave the company, and be able to centrally identify and patch affected resources when a vulnerability is identified.
To do so, IT needs centralized credential management to govern access to cloud resources. IT must ensure that access to cloud resources is controlled by the organization's existing identity management infrastructure, and not by ad-hoc SSH keys or RDP passwords created by developers. Naturally, in order to not hinder developer productivity, IT must ensure that developers can still access the resources for which they have a legitimate use.
Where the Rubber Meets the Road
Cloud security has been an issue since 2006 when cloud emerged with the release of AWS EC2. Back then, all cloud instances were exposed to the Internet, and access was only available with root keys. To address these respective problems, Amazon announced AWS Virtual Private Cloud and AWS Identity and Access Management. Some AWS competitors have also issued access control management, though they remain somewhat limited. Yet, these controls only address IT's preventive needs, are only available on AWS as of this writing, and are often complex to use.
As a result, IT is frequently opting to deploy a cloud management platform (CMP), an often on-premise, web-based application, that sits between end-users and the multiple cloud platforms that they may use. CMPs are extensible platforms that let IT departments customize the CMP's behavior to fit their organization's workflows and policies. In turn, CMPs enforce those IT policies in a fully transparent and automated fashion, so that developers aren't slowed down by red tape when getting work done. As a result, CMPs ensure that IT is provided the security capabilities it requires, while ensuring developers retain the agility they need.
Most importantly, CMPs play a critical role in addressing all three control capability areas:
- Preventive: CMPs can provide IT with governance and role-based access control capabilities, and empower IT to secure and control access to cloud resources on a per-user or per-user-group basis. Using a CMP, these policies can be enforced in real-time, so that developers are not slowed by their enforcement. IT can, for example, ensure that specific firewall rules are automatically added for every single instance that is launched, and that instances are automatically launched in secure networks (e.g. a specific AWS Virtual Private Cloud, or VPC).
- Detective: Because CMPs are used for the provisioning of all the organization's resources, they may automatically keep a precise account of the resources that were provisioned, by whom, and for what purpose. As a result, resource tracking can be performed automatically, and developers won't have to perform extra effort to comply with IT policies.
- Corrective: CMPs may centralize the creation and use of CMP-controlled credentials and make those available to dev and IT, or automatically configure cloud resources to leverage the company's existing identity management framework instead. For example, with a CMP, IT can enforce developer use of Active Directory credentials to login to their instances.
While cloud momentum continues to grow, so does concern - rightfully so - for cloud security. While IaaS providers have taken steps to address these concerns within their systems, they do not currently address the spectrum of capabilities needed to fully address business risk. CMPs are an effective option that can be deployed in a way that addresses IT, business, and developer needs.
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from ha...
Nov. 22, 2014 10:00 PM EST Reads: 1,002
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
Nov. 22, 2014 05:30 PM EST Reads: 1,262
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and asse...
Nov. 22, 2014 05:30 PM EST Reads: 1,049
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com...
Nov. 22, 2014 07:00 AM EST Reads: 1,332
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Ar...
Nov. 21, 2014 09:15 PM EST Reads: 1,252
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, a...
Nov. 21, 2014 08:00 PM EST Reads: 1,269
Technology is enabling a new approach to collecting and using data. This approach, commonly referred to as the "Internet of Things" (IoT), enables businesses to use real-time data from all sorts of things including machines, devices and sensors to make better decisions, improve customer service, and lower the risk in the creation of new revenue opportunities. In his General Session at Internet of @ThingsExpo, Dave Wagstaff, Vice President and Chief Architect at BSQUARE Corporation, discuss the ...
Nov. 21, 2014 08:00 PM EST Reads: 1,333
"BSQUARE is in the business of selling software solutions for smart connected devices. It's obvious that IoT has moved from being a technology to being a fundamental part of business, and in the last 18 months people have said let's figure out how to do it and let's put some focus on it, " explained Dave Wagstaff, VP & Chief Architect, at BSQUARE Corporation, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Nov. 21, 2014 07:00 PM EST Reads: 1,209
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's large...
Nov. 21, 2014 06:45 PM EST Reads: 1,175
The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to th...
Nov. 20, 2014 01:00 PM EST Reads: 1,508
As cloud gives an opportunity to businesses to buy services externally – how is cloud impacting your customers? In his General Session at 15th Cloud Expo, Fabio Gori, Director of Worldwide Cloud Marketing at Cisco, provided answers to big questions: Do you see hybrid cloud as where the world is going? What benefits does it bring? And how does Cisco connect all of these clouds? He also discussed Intercloud and Cisco’s investment on it.
Nov. 18, 2014 09:00 PM EST Reads: 1,462
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, p...
Nov. 18, 2014 08:15 PM EST Reads: 1,560
Working with Big Data is challenging, especially when decision makers depend on market insights and intelligence from your data but don't have quick access to it or find it unusable. In their session at 6th Big Data Expo, Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia; Zel Bianco, President, CEO and Co-Founder of Interactive Edge of Solgenia; and Ermanno Bonifazi, CEO & Founder at Solgenia, discussed how a revolutionary cloud-based BI along with mobile analytics is already c...
Nov. 17, 2014 11:00 AM EST Reads: 1,610
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immed...
Nov. 17, 2014 10:00 AM EST Reads: 1,588
Vichara Technologies in Hoboken, New Jersey is expanding its capabilities in big data from origins on Wall Street into other areas, and thereby demonstrating the growing marketplace for advanced big-data analytics services. The next BriefingsDirect deep-dive big data benefits case study interview explores how Vichara Technologies in Hoboken, New Jersey is expanding its capabilities in big data from origins on Wall Street into other areas, and thereby demonstrating the growing marketplace for ad...
Nov. 16, 2014 01:00 PM EST Reads: 1,222
Moscow-based OpenBank, one of the largest private financial services groups in Russia, has built out a business intelligence capability for wholly new business activity monitoring benefits. The next BriefingsDirect deep-dive big data benefits case study interview explores how Moscow-based Otkritie Bank, one of the largest private financial services groups in Russia, has built out a business intelligence (BI) capability for wholly new business activity monitoring (BAM) benefits. The use of HP V...
Nov. 12, 2014 06:45 AM EST Reads: 1,292
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Nov. 10, 2014 12:00 PM EST Reads: 5,930
Scene scenario: 10 am in a boardroom somewhere, second round of coffees served, Danish and donuts untouched, a quiet hush settles. “Well you know what guys? (and, by the use of the term guys I mean to include both sexes here assembled) – the trouble that we have as a company is that we are, to put it bluntly, just a little analytics poor,” said the newly appointed Chief Analytics Officer. That we should consider a firm to be analytically deficient or poor is a profound comment on our modern ag...
Nov. 10, 2014 07:18 AM EST Reads: 2,406
Quantum is a leading expert in scale-out storage, archive and data protection, providing intelligent solutions for capturing, sharing and preserving digital assets over the entire data lifecyle. They help customers maximize the value of these assets to achieve their goals, whether it’s top movie studios looking to create the next blockbuster, researchers working to accelerate scientific discovery, or small businesses trying to streamline their operations. With a comprehensive portfolio of best-i...
Nov. 3, 2014 07:00 PM EST Reads: 3,533