Information Technology Reference
In-Depth Information
public cloud architecture is designed to have multiple sets of data coexisting
in one virtual appliance. This arrangement means that it is meaningless to
have systems in place that can both monitor and proactively protect against
potential breaches. The system has to be secure at the point of access.
The reality is that breaches happen, and then enterprises need to quickly
plug the hole, trying to understand what went wrong afterward. In the case
of serious breaches, the default behavior might be to shut a system down
completely, which is massively disruptive for a business. Finally, when an
enterprise is choosing a potential cloud provider, it may find it difficult to
assess a candidate supplier, since they don't release details of their internal
services for the purposes of maintaining security.
19.3 Dimensions of Security
As described earlier, a move to a cloud provider means that an enterprise
will have to establish a level of trust with the provider. The process of build-
ing trust involves open communication and sufficient understanding on the
part of the enterprise, to ask the pertinent questions. We shall now consider
six key functional areas of security, in order to derive a checklist of security
fundamentals that must be present within a cloud system before migrating
to a public cloud:
1. Identity management
2. Network security
3. Data security
4. Instance security
5. Application architecture
6. Patch management
19.3.1 Identity Management
The first area is that of identity management. The nature of cloud services
means that identity management is paramount if end users can securely
access the services that they need to do their jobs. Since we anticipate a user
to be interacting with a business process that is composed of one or more
cloud services (see), we wouldn't expect the user to have to manage separate
access details for each separate service that was invoked. In fact, in a Web
browser environment (the default interface for cloud services), this would be
particularly dangerous as users would simply let their passwords be saved
for convenience. So, along comes another person, who does not have access
to the payroll reports, and they use a computer where the passwords have
been saved in the Web browser. Chaos ensues! Single sign-on (SSO) is one
Search WWH ::
Custom Search