Cloud Services and Security: What you need to know
Software as a Service (SaaS) offers services such as email, office automation and
customer relationship management through a cloud-based application using a
cloud provider’s infrastructure. Platform as a Service (Paas) offers a computing
platform for developers to use facilities such as databases, operating systems
and programming execution environments. Infrastructure as a Service (Iaas)
is the foundational cloud platform layer, giving IT administrators the ability to
access processing, storage and other fundamental computer resources.
HOW DOES USING THE CLOUD IMPACT YOUR SECURITY?
Transitioning to cloud services requires a different way of thinking about your
data security. It’s no longer about defending the information stored on your
premises, but managing the cloud systems that control your data.
There tends to be a confusion point around the difference between data
residency and data sovereignty. Residency is about whether your data is stored,
and sovereignty relates to which country’s laws apply to it. Just because your
cloud provider is based in another country, that does not mean that the laws of
those countries will apply.
It is important to understand the laws and regulations that apply to your data,
especially if you are handling customer data using cloud systems. Some regions
such as the EU apply stringent fines against any company found to be in breach
of its rules, so be sure your compliance processes are up to date and that
employees understand their responsibilities.
Understanding how security responsibilities are shared
Cloud security is a shared responsibility. You can’t fully entrust your service
provider with protecting your data, although they certainly have a role to play.
Some security problems do vanish as you adopt a cloud service, for example
physical data center security, server hardware and virtualization.
Although these security problems are effectively outsourced, it remains
important for you to choose a cloud provider carefully to ensure you have the
right level of protection. Most cloud providers offer protection against networkbased Distributed Denial of Service (DDoS) attacks, but it’s important to check
that the service provided is truly of a quality that matches the provider’s claims.
Some security issues remain the user’s responsibility. These include threat
and risk assessments, end-user training, data classification and identity
management. Other issues can be outsourced to a third-party managed services
provider; for example, monitoring, patch management and compliance audits
can all be handled in this way.
3
SaaS and Identity and Access Management
The biggest issue with using SaaS applications is identity and access
management (IAM). The user will need to manage multiple accounts and control
privileges so that, for example, a junior employee can access and control much
less than a senior executive.
It can be challenging to keep track of IAM in a SaaS environment. An important
security challenge for many organizations is keeping track of employees as they
leave and removing their accounts and privileges promptly. Without this control,
critical data and systems can be left open to outside influence.
Microsoft Azure offers an innovative way to manage IAM. A single location
(Active Directory or AD) provides a management hub for controlling access to
over 2800 applications supported by the platform. Users authenticate with Azure
AD to access SaaS applications and privileges are easy to remove and adjust.
SaaS encryption and tokenization
Certain data sets will be too unsuitable to entrust to the cloud, whether because
of their sensitive nature or because of regulatory constraints. This type of data
can still be accessed using cloud services through encryption and tokenization.
Encryption scrambles data, which can then only be decrypted using a decryption
key kept in an on-premises key server. Tokenized SaaS applications display
digital tokens rather than data, which issue an instruction to the agent on the
user’s computer to access data from another location - usually a data center
owned by the user.
SaaS and backup or audit services
Some organizations feel a little uncertain about trusting a cloud provider to
be the sole custodian of their data. A third party backup service can be helpful
in this situation. The backup provider makes a remote copy of your SaaS data,
which can be retrieved if there are any issues with your cloud provider’s service.
Those who are nervous about cloud services might also consider using an audit
service along with their SaaS facilities. This involves paying extra to store logs of
how applications have been used. The storage time for these logs varies widely
between applications, making it challenging to uncover actions for compliance
purposes. Audit services provide you with a trail for extra peace of mind in
addressing problems.
PaaS and application-layer security
PaaS provides developers with the opportunity to spin up container-based
operating systems for a few seconds at a time to support a particular tasks.
These short-term environments remove many security headaches associated
with traditional host protections, such as intrusion detection and prevention.
4
Please complete the form to gain access to this content
