Remote Access in the Cloud
– David Hald, co-founder, chief relation officer at SMS PASSCODE A/S, says:
A 2013 report by IBM revealed that one out of five organizations is using the cloud, and many industry analysts expect that figure will only grow bigger. Indeed, consulting firm KPMG projects that the cloud computing market will skyrocket to $241 billion in the next seven years, compared to $40.7 billion in 2011. Due to its convenience and immediacy, cloud use is shown to considerably increase revenue and gross profit growth. This sets up the IT department to transform from a cost center to a profit center with strategic business insights for the C-suite.
The cloud’s popularity also sets up IT for significant security concerns. Whether organizations are using public or private clouds—or a hybrid of both—IT security professionals will need to ensure that data is encrypted before it’s sent to the cloud. In a similar vein, they will need to authenticate the identities of users accessing an organization’s applications and data. Authentication methods will need to keep pace with the increased incidence of identity theft and hacking attacks, as remote access methods open the door wide to malicious actors. Even though usernames and passwords are still widely used, they cannot provide protection against today’s threats.
The ability to store volumes of data in large, offsite data centers – or, the “cloud” – represents real cost savings for companies without the resources to store a significant amount of data onsite. Yet many businesses continue to struggle with securing remote access to data as security risks evolve.
In light of the reality of doing business these days, an increasing number of end users are being given access to cloud-based business applications. Some cloud solutions offer generic security measures for authenticating users accessing these systems in the cloud, giving the customer organization the responsibility of choosing what type of security to use and relying on the organization’s judgment to determine whether the security is strong enough to protect access effectively.
Ensuring Cloud Security
With identity theft, malware and hacking attacks on the rise, the old methods of protecting data are simply inadequate. It has become increasingly obvious that usernames and passwords are ineffective ways of authenticating access, yet their use is still widespread as users balk at more cumbersome forms of authentication like tokens and certificates.
The quantity of data being stored in the cloud continues to increase even as the effectiveness of basic usernames and passwords declines. Cloud providers must accommodate access to millions of users from all over the world. A centralized breach in a cloud-based solution would pose a serious risk to the data of thousands – if not more – organizations. Therefore, it is the responsibility of the organization to ensure that its users have access to strong, flexible security that is difficult to compromise, yet is easy to use, regardless of whether it is the organization or the cloud provider offering it.
Strong Authentication, Ease of Use
Organizations are starting to put authentication standards in place in recognition of the pressing need for higher security for cloud access. One of the major problems organizations face is how to handle user identities in the cloud. Often it means that IT departments must maintain an additional set of user credentials for each and every cloud solution used by their employees. This approach requires clunky procedures and extra work for IT. To bypass this problem, IT should use a centralized method that gives each user a single identity that provides access to a variety of different cloud solutions.
To ensure that users accessing company data are qualified in advance, a best practice is to use an approach that provides strong authentication while freeing end-users from being dependent on specific software, hardware or features.
SAML For a Secure Cloud
An option that has been widely used is Security Assertion Markup Language, or SAML. A SAML structure requires involvement from three parties the end user, the service provider and the identity provider. The service provider role is held by cloud solutions, such as Microsoft Office 365, Salesforce or Google Apps. The identity provider role handles user authentication and identity management for the service provider. The identity provider in this scenario can be used as a centralized system to handle authentication and identity management for multiple service providers at once. By utilizing a SAML identity provider, organizations can gain all the benefits traditionally associated with on-premise authentication solutions.
Employing SAML saves organizations time, since this construction frees the organizations from maintaining multiple instances of user credentials: one in the local area network (LAN) and yet more in the cloud. This way, the organization can keep its authentication and security mechanisms the same for all users, regardless of whether they are accessing data from the cloud or from the LAN, saving time and money while boosting security.
What the Cloud Requires
Cloud computing offers organizations and end users the convenience of remote access, and its benefits guarantee continued growth and use of the cloud. Along with that growth come real threats to user identities that absolutely must be addressed, and as effectively and efficiently as possible. Organizations need to thoroughly examine the level and type of security a cloud service provider offers before making any deals. It is clear that security based on simple usernames and passwords can no longer protect against today’s security threats. Cloud providers must make it their goal to offer security solutions that work for all parties involved while providing ease of use as well. Organizations must ensure that their employees have secure, authenticated access in the cloud, no matter what.
About the author:
David Hald is a founding member of SMS PASSCODE A/S, where he acts as a liaison and a promoter of the award-winning SMS PASSCODE multi-factor authentication solutions. Prior to founding SMS PASSCODE A/S, he was a co-founder and CEO of Conecto A/S, a leading consulting company within the area of mobile- and security solutions with special emphasis on Citrix, Blackberry and other advanced mobile solutions. In Conecto A/S David has worked with strategic and tactic implementation in many large IT-projects. David has also been CTO in companies funded by Teknologisk Innovation and Vækstfonden. Prior to founding Conecto, he has worked as a software developer and project manager, and has headed up his own software consulting company. David has a technical background from the Computer Science Institute of Copenhagen University (DIKU).