"Authentication and authorization of users to an enterprise resources and applications across cloud and in-premise has to be seamless"
Use and Implementation of Cloud in business
The big question facing most organizations today is not if someone should use cloud computing; but rather how to use it without compromising security and privacy of the organization’s critical data. It is beyond doubt that most of the organizations today adopt some form of cloud computing, whether it is for computing or storage augmentation.
The benefits are agility, rapid scalability, elasticity and avoidance of upfront large capital expenditure. Startups have been the first to embrace these benefits simply because they need to be frugal and do not have a legacy infrastructure to worry about. For enterprises, the biggest concern is security and unauthorized access to customer information.
Given that public cloud technologies are maturing, companies that have made them a part of their business model will give a tough time to those not leveraging the cloud. The common “initial” use cases for cloud are:
Software-as-a-Service or finished applications: Business services as CRM, HR, email, enterprise collaboration, online reputation management. Technology services such as authentication and accounting, Message queuing etc.
Platform-as-a-Service: Development and UAT environments, disaster recovery etc.
Infrastructure-as-a-Service: Cloud based storage is an attractive use case.
The journey to the cloud involve so creating a secured environment that enables one or more cases by addressing several dimensions. This begins with understanding the public cloud computing environment offered by the cloud provider. It should cover the policies, procedures and technology controls used by the cloud provider.
One can also expect that the data maintained within a cloud should be faster to restore, and more reliable than that maintained in a traditional data centre. One has to also maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.
Authentication and authorization of users to an enterprise resources and applications across cloud and in-premise has to be seamless. The architecture of a cloud solution should extend to the client such that single sign on is maintained across, without compromising user passwords.
It is reasonable to expect that all of the above measures are openly available for verification, scrutiny and audit. The enterprise needs to verify the assurances made by the cloud provider and look for audits such as SSAE 16, ISO 27001, and industry-specific assessments such as FISMA or PCI.
One need not always take a defensive stance in this entire journey. Cloud can also be leveraged for taking proactive security measures. For instance, cloud brings along with it higher levels of standardization which in turn facilitates platform hardening and more automation of security management activities.