Enterprise Cloud Computing Blog

Making Cloud Computing Secure for the Enterprise

Posted by Ellen Rubin on Dec 01, 2009 at 8:00 AM

For cloud computing to gain traction in the enterprise, IT and security executives need to be certain that their company’s applications and data are safe. But when security is partly out of enterprise control, it becomes impossible to know if sensitive information has been accessed or compromised.

Today, using a public cloud means moving from an internal environment where a company has complete control of data and processes to an environment where that control belongs to someone else, and is often opaque. Within the cloud, applications run in a multi-tenant virtual environment, sharing physical machines with other customers. Companies considering moving an application to a cloud have legitimate concerns about data being compromised or stolen, including unauthorized access by cloud administrators, exposure in the internet or rogue employees using the cloud to corrupt or leak sensitive information.

One solution is to keep sensitive data within the corporate data center and put the other application tiers in the public cloud. While this approach works well for some use case scenarios, the latency impact of the “reach back” into the data center can be unacceptable for many applications and users. The other option is to move the entire application to the cloud – including the database tier – for better performance and scalability, but this exposes the application to new potential threats such as those mentioned above.

Encryption is a well-known approach to addressing these types of security threats. For protection in the cloud, the enterprise would need to encrypt all data and communications. While it’s not that difficult to add encryption software initially to the application environment, the new configuration requires ongoing management and maintenance. And in order to run the application in the cloud, the enterprise needs to deliver the encryption keys to the cloud to decrypt the data, creating additional security risks by exposing the keys in the operating environment. In the worst case, poor configuration can expose the corporate data center to threats from the cloud.

In developing our security model at CloudSwitch, we worked closely with CSOs and security teams at several large enterprises to understand their requirements. As a result, our architecture addresses three areas of protection required to make cloud computing secure for the enterprise:

  • In the data center:  Role-based access control protects data and processes from unauthorized access.
  • In the Internet:  Connections are authenticated and data is encrypted to prevent data in transit from being exposed or compromised.
  • In the public cloud:  Data is encrypted with keys under enterprise control, and can never be accessed by the cloud provider or unauthorized users.

The CloudSwitch security strategy is a key part of our vision to make the cloud a seamless extension of the corporate data center. Using CloudSwitch technology, companies can move applications and data to a cloud without modification, and back to the data center as needed. Companies can also select the right cloud for a specific application, based on security and compliance levels as well as service offerings and pricing structures. Only with control of applications and data at all times can enterprises take full advantage of cloud resources without sacrificing the security required by customers, internal users, regulators and other stakeholders.

File under: , , ,
3 comment(s) so far...

Reader Comments

  1. Sx

    December 02, 2009 7:24 PM | Permalink

    How does your offering compare to some of the security capability provided by Oracle Database. For instance, Database Vault does the role based access. Similarly with transparent data encryption, your data resides on disk encrypted and is automatically decrypted when queries are run by legitimate users. The decryption key is stored in a wallet kept outside the database which itself requires a master key that one can maintain outside the cloud environment.

  2. Ellen Rubin

    December 08, 2009 3:04 PM | Permalink

    Great question! Our solution has a lot in common with Database Vault in that it guarantees that all data is encrypted in the cloud and it protects the encryption keys. However, our solution is broader in that it protects all servers and applications when you move them to the cloud. This is important because sensitive information often lives outside the database as well as in the database and we have found that there is value in protecting all of the tiers of the application when deploying to the cloud. Finally, we automate the key management between the datacenter and the cloud deployments such that you do not have to manage the equivalent of the wallet and master key with you own software and processes.

  3. Global Security Challenge LLP

    January 06, 2010 8:39 AM | Permalink

    Hi,

    The concerns of security and reliability are shared by a high percentage of enterprise users still but there is progress being made and we are seeing a slow but sure step over to cloud.

    we have addressed these concerns by launching the Cloud Security Challenge Awards 2010, where we invite start-ups & individuals to submit their ideas/innovations that help make cloud computing secure and reliable.

    With a 1st prize of $10,000 and backed by HP Labs, Cloudsecurity.org and Cloudsecurityalliance.org, it's definately an event worth involving yourself in so check it out at www.globalsecuritychallenge.com for more details and application.

    All the best!

    Team GSC

Leave a Comment