Many companies would like to take advantage of cloud computing, but concerns about possible security breaches and loss of data hold them back. For cloud computing to gain traction in the enterprise, IT and security executives need to be certain that their company’s applications and data are safe. But when security is partly out of enterprise control, it becomes impossible to know if sensitive information has been accessed or compromised.
Security issues associated with third-party cloud environments continue to prevent organizations from taking advantage of the cost savings and flexibility that the cloud can offer. Today, using a public cloud means moving from an internal environment where a company has complete control of data and processes to an environment where that control belongs to someone else, and is often opaque. Within the cloud, applications run in a multi-tenant environment sharing virtual machines with other customers. Companies considering moving an application to a cloud have legitimate concerns about data being compromised or stolen, including unauthorized access by cloud administrators, exposure in the Internet or rogue employees using the cloud to corrupt or leak sensitive information.
One solution is to keep sensitive data within the corporate data center and put the other application tiers in the public cloud. While this approach works well for some use case scenarios, the latency impact of the “reach back” into the data center can be unacceptable for many applications and users. Moving the entire application to the cloud—including the database tier—provides better performance and scalability, but this exposes the application to new potential threats such as those mentioned above.
Encryption is a well-known approach to addressing these types of security concerns. For protection in the cloud, the enterprise needs to encrypt all data and communications. While encrypting the application in the initial environment is usually fairly straightforward, extending that encryption to the cloud creates new security issues that have blocked many cloud deployments. In order to run the application in the cloud, the enterprise needs to deliver the encryption keys to the cloud to decrypt the data. This creates additional risks by exposing the keys in the operating environment. In the worst case, poor encryption configuration and management can expose the corporate data center to threats from the cloud.
End-to-End Isolation and Control
So how do you make the virtual, multi-tenant environment of the cloud safe for enterprise use? You do it by giving the enterprise total control of its systems and data, using security technology that isolates its data and applications at all times once they leave the physical data center. This requires a security architecture that addresses three key areas of protection:
- In the data center: Role-based access control is needed to protect data and processes in the cloud from unauthorized access by internal users. Thus, administrators need the ability to set user roles and assign privileges for cloud resources. This could include what functions a user can perform, applications they are allowed to access, and what groups they can be part of (e.g., development, testing, or production). Ideally, the same policies and mechanisms in place internally should extend to the cloud environment, transparent to users and administrators.
- In the Internet: To prevent data in transit from being exposed or compromised, data needs to be encrypted end to end, from within the data center firewall, across the Internet, and into the cloud firewall. All customer traffic between the enterprise data center and a cloud server will then through this secure tunnel. From the user’s perspective, set-up of this secure environment should be automatic, with no configuration work required and no need to understand the network connections or the cloud provider’s environment.
- In the public cloud: The secure tunnel originating inside the data center firewall needs to extend throughout the public cloud environment. Encryption keys need to be under enterprise control at all times and never accessible by the cloud provider or unauthorized users. Keys should be stored within the data center and transmitted to the cloud only when needed, through the secure tunnel. Cloud providers should have no access to the encrypted network within their cloud at any point—during processing, when data is stored, or in transition.
Using this approach, the cloud becomes an extension of the internal IT environment while the cloud provider sees only an encrypted connection running into one of its servers. With end-to-end isolation of applications and data, companies can run selected applications in the cloud with the same protection and control available internally. Data in the cloud is protected against potential threats from other cloud users as well as threats related to cloud provider software and procedures. Corporate IT is also able to enforce company policies in the cloud while reducing dependence on the cloud provider for security
The approach ties in with another important aspect of cloud security: separation of roles and security controls. Since cloud computing allows a separate entity to run the physical infrastructure, it’s important to have a strong separation between the enterprise environment and that of the infrastructure provider. Mixing these controls, such as by allowing the cloud provider to have access to unencrypted data, creates complexity and dependencies that need be managed and monitored. The ability to isolate data with a cloud provider’s infrastructure greatly simplifies server commissioning. Data protection is also independent of updates to a cloud provider’s infrastructure or software.
Securing the Cloud for Flexibility and Savings
An end-to-end security framework greatly reduces the risk of enterprise applications running in a public cloud. The cloud environment becomes an extension of a company’s security perimeter, giving the enterprise control of its applications and data at all times, regardless of where they happen to be deployed. This control also means that organizations don’t have to understand and adapt to a particular cloud provider’s security capabilities or compensate for a particular feature they may or may not have.
Enterprises can now take advantage of cloud economics and flexibility without sacrificing the security required by customers, internal users, and other stakeholders. The days of cloud computing are just beginning, but with the right combination of cloud providers and additional technologies, it’s not too early to start doing real work in the cloud and reap the benefits of this new computing paradigm.
Content
