For the past several years, the trend in the enterprise has been to move away from an on-premises computingmodel to a cloud-based one. Cloud computing offers businesses a number of compelling benefits, such as improved scalability and flexibility, on-demand provisioning, and lower cost. Organizations no longer have to install expensive dedicated appliances behind corporate firewalls to deliver mission-critical applications, and the cloud makes it possible for knowledge workers to remain productive no matter where they are or what device they’re using. But cloud computing also comes with security risks. Here are two key concepts to keep in mind when your customers approach you with questions about creating a secure cloud experience.
1. The secure cloud experience starts at the client connection
Under the traditional information security model, the physical and logical infrastructure that houses corporate data and applications is kept on-premises, behind the corporate perimeter and secured by corporate firewalls and other security appliances. But cloud computing is fast dissolving the perimeter. A secure cloud experience doesn’t depend on physical security devices that protect corporate servers and databases: those are now the responsibility of the third-party cloud services provider. Instead, organizations must focus on making sure that their data reaches the cloud service safely. That means securing the client’s connection to the cloud service so that sensitive information cannot be intercepted in transit, as often happens when information travels over unsecured networks such as public Wi-Fi.
Customers who wish to secure cloud connections for their employees will typically need to implement a Virtual Private Network (VPN) and require its use in order to connect to corporate cloud services. In this use case, VPNs serve two purposes. First, they protect the data in transport between the client and the cloud service, and second, they provide an additional layer of authentication, since the employee must log in to use the VPN.
2. Data security trumps infrastructure security
As mentioned above, cloud computing makes most physical security infrastructure the responsibility of the third-party cloud services provider. This does not mean that the enterprise should blindly trust every provider’s assurances of security and compliance, however. And it does not mean that the enterprise is off the hook legally in the event of a data breach. Data privacy and security regulations invariably make the owner of the data—the enterprise—liable and responsible for its protection, and that means that enterprises should look for ways to supplement their cloud providers’ security with additional security measure of their own.
In most cases, that will mean taking steps to secure the data itself, rather than the infrastructure on which it is housed. Technologies such as encryption can ensure that data remains unreadable to unauthorized parties, even if it is intercepted in transit or stolen from the cloud provider’s servers; tokenization provides mathematically generated substitute values for some types of data too sensitive to leave the corporate premises. A number of appliances and services now exist to provide data security to enterprises looking at adopting cloud computing for mission-critical operations.
Creating a secure cloud experience requires a rethinking of the security paradigm and can seem daunting to those more used to the traditional approach. But it is necessary for any business that wants to leverage the many benefits of the cloud, without endangering their data security or regulatory compliance.