This post continues the analysis on the ‘Top 15 Trends S&R Pros Should Watch: Q2 2014’ by Forrester. Our first post covered regional data-centers and localization issues along with automation of security configuration, the following post will cover the Authentication and Access Control trends.
Trend 14: Being “Authentic” and Authentication (Being Human is Key)
The use of personal mobile devices in the workplace has compelled enterprises to implement Bring Your Own Device (BYOD) policies. Nevertheless, the owners of these devices expect immediate access and response time. If authentication or security practices impede a user’s ability to access information within a reasonable time frame, then the user may become reluctant to use the cloud-based solution or service altogether.
Therefore, cloud-based solutions must help to speed up these processes.
What can be done?
When it comes to IaaS, it makes sense to simplify authentication processes as much as possible. IT managers should remove complicated and/or time-consuming security procedures in favor of something that still protects the network while being indistinguishable from any other network system. 40Cloud does precisely this through its identity and access management function.
There are solutions available in the market that require a remote employee to notify the central firewall control system of their IP address and port number every single time they access a cloud server. Not only might this process be insufficiently secure (due to the strength of the association between IP and identity), it’s also extremely cumbersome.
40Cloud’s security platform actually identifies users and allows them access only those parts of the cloud for which permissions have been granted in advance. This means that only an initial authentication is required. Moving forward, access rights are enforced in a way that does not require employee involvement (but is based on his/her identity). This solution is not only more controllable and secure; it is also easily accessed and managed by users as well as by the organization’s IT security staff. In short, if employees’ access to the cloud or to another service is perceived as absolutely seamless (or if they perceive it to be a quick and easy process), then they will be more likely to have a positive user experience overall.
Trend 15: Access Control in the cloud
Contemporary access control implementations are usually based on central gateway entities that enforce a configured access control policy. When considering implementation of access control in an infrastructure cloud environment, the following questions immediately arise:
- Can I ‘relocate’ my on-premise access control gateway to the cloud?
- How can I make sure that my cloud resources are accessed solely through the access control gateway (and that direct access to the virtual servers is blocked)?
- How can the gateway verify the identity of my (remote) employees?
- How can the gateway enforce access rights over the IaaS network?
The main challenges are networking- and identity-related. With networking, the difficulties arise from the fact that, as an IaaS consumer, you have very limited control of the network infrastructure. With identity, the challenge is to re-use your existing on-premise identity systems for secure, efficient cloud access. To ensure viability, networking and identity solutions should be integrated into a single function.
What can be done?
40Cloud provides comprehensive access control functionality for cloud infrastructure services. It combines the ability to configure and enforce access control policies, as well as to integrate with identity systems. 40Cloud’s solution can be implemented in any IaaS cloud, and enforces identity-based access control policies regardless of the ‘native’ IaaS network capabilities. Access control is achieved by building a dynamic virtual private network that overlays the cloud provider’s network, and by allowing the organization’s administrator to fully enforce routing and firewall policies (over this overlay network). 40Cloud’s gateways can securely connect to existing identity systems (e.g. Active Directory) in order to achieve full identity integration.
As we can see, the future of IaaS, and the continual build-out of “the cloud” brings with it new trends and challenges that must be addressed in order to provide the highest possible level of security, as well as the best possible user experience.
An organization taking the IaaS path should be aware of these trends and challenges, and should devise a plan to address them. 40Cloud addresses all the technical challenges discussed above in one integrated solution that is delivered as-a-service, and can help IT managers implement their plan quickly and efficiently.