Solving the cloud's inherent security conundrum

Cloud services can be a security nightmare for IT admins. SAML can solve the problem and protect cloud-based data.


cloud security.jpg
 Image: iStock

Security and cloud are two terms that are rarely heard together, simply because so few have faith in the pairing of those two elements. Yet, security has become one of the most important elements in any cloud-enabled enterprise. Nowhere is that more critical than with companies moving applications over to cloud based services – where a lack of efficient security can quickly derail any project and cause immeasurable harm to the business – just ask retailer Target how important security has become.


Those charged with keeping cloud applications secure are quickly discovering that there is a real security conundrum with cloud applications – how do you open up an application to remote use, yet keep it closed to those who should not have access?


After all, a poorly protected application can potentially expose businesses to all sorts of problems, ranging from data theft to service interruptions. The real challenge for security administrators comes from a lack of control – cloud based applications are beyond the controls of the firewall and may involve data traversing a multitude of routers, data centers and hosts.


Further complicating those cloud security issues is the concept of mobility, where employees must have the capability to accesses those services from remote locations, completely eschewing corporate policies, data center controls or other security mechanisms – meaning that IT administrators have absolutely no visibility into transactions and are completely powerless to authoritatively protect corporate data in transit.


While the problems with cloud application security are nothing new, IT administrators are starting to see some powerful security technologies come to their aid, and new services and products are arriving on an almost daily basis, which aim to serve and protect corporate data traversing the wild west of the cloud.

Using SAML to protect the cloud

The key to protecting information purveyed by cloud services comes in the form of SAML (Security Assertion Markup Language), an XML-based open standard data format for exchanging authentication and authorization between multiple parties. The use of SAML is on the rise and a multitude of cloud services vendors, such as Concur, Salesforce, SugarCRM and countless others have implemented support for SAML. However, SAML alone won’t protect much.


The trick is to integrate a few different technologies around SAML, such as SSO (Single Sign On), encryption and intrusion detection - all of which, when combined give IT administrators control of cloud application security, akin to the level of security offered inside the firewall.


That combination of technologies also solves one other major challenge for IT administrators: the issues surrounding BYOD (Bring Your Own Device).


By enforcing what SAML is all about, administrators can regain control of the corporate traffic, even when it is accessed with BYOD technologies, effectively killing two birds with one stone – the security issues of cloud services and BYOD adoption.


However, SAML is not a roll-your-own solution for cloud application security issues. Solving those problems takes a little more than creative coding. It means relying on some type of a proxy to handle the traffic, as well as the authentication. A few vendors have come on the scene to offer exactly that – case in point is Campbell, Calif.-based BitGlass, a startup that has just begun to offer services that leverage SAML and provide proxy based access to some major cloud services providers.


Of course Bitglass isn’t the only player in town – other ventures worth a look include Airwatch, IBM Fiberlink and Citrix Zenprise – however those solutions focus more on the BYOD element than the general access to cloud applications. For the focus on security beyond the firewall and BYOD based concerns, a group of additional vendors are tackling cloud application security and are also worth a look. Those vendors include Adallom, CloudLock, Skyhigh Networks, SkyFence, nCrypted Cloud and a few others that are still in stealth mode.


The lesson here is that there is no longer an excuse to leave cloud applications with anything less than enterprise protection and that savvy administrators can research hosted security offerings to solve those thorny issues around both hosted applications and BYOD. However, IT administrators need to ask one major question – “Can I Get SAML with that?"


Frank J. Ohlhorst is an award-winning technology journalist, author, professional speaker and IT business consultant. He has worked in editorial at CRN, eWeek and Channel Insider, and is the author of Big Data Analytics. His certifications include MC...


BYOD and the cloud is a big security problem for enterprise firms, but many companies are willing to deal with it because of the potential productivity gains.  BYOD devices logging on to a network is simply going to be the reality of enterprise  IT, but the most important thing is to do is secure the data and not just on the network; but with the various ways device now communicate. Our hospital put a BYOD policy in place to use Tigertext for HIPAA complient text messaging, mostly to deal with the reality that the doctors were sending patient data over regular SMS which is not HIPAA compliant. The reality was that the doctors were doing this because it was more efficient for them. Now we have the doctor using HIPAA compliant tigertext and the patient processing productivity doubled in the last quarter - a significent business advantage. Yes, BYOD is a big security issue, and yes their are real productivity gain to be had, but IT is going to have to be creative to get them and maintain security. Here is an example of a BYOD policy:


Thanks for the info.  Would like to see more articles on this topic.

Editor's Picks