In hybrid IT environments it can be difficult to use the traditional ‘perimeter’ concept to describe the boundary between an organisation’s private network or Cloud-based infrastructure, and the public internet.
In this digital landscape, organisations need new methods to secure and govern the corporate Cloud perimeter.
“The idea of a perimeter conjures images of an impenetrable barrier that can prevent things from getting in or out,” says Stuart Mills, regional director, ANZ, CenturyLink.
“In terms of enterprise technology infrastructure, firewalls and other intrusion detection systems have traditionally been used to secure the business perimeter.
“Things are no longer so simple. The perimeter, if it still exists at all, has moved. In many cases, organisations find that a growing proportion of their IT assets are now located outside of their data centres or internally-managed infrastructure.
“This is due to the rise of Cloud, mobility in the enterprise, and online collaboration tools. As a result, it is difficult to govern and protect all IT assets equally.”
Mills says there are five security technology features organisations can implement to help govern their Cloud perimeter and protect all of their IT assets no matter where they reside:
1. Identity management integration
Standards-based integration with identity management providers can help organisations quickly provision and de-provision access to company resources and data.
“This type of integration also provides organisations with complete control over password complexity rules, expiration, and multi-factor authentication requirements,” Mills adds.
2. API security
Many Cloud providers provide application programming interfaces (APIs) that let customers integrate management for their Cloud service into third-party management platforms or their own applications.
“APIs provide valuable business capabilities for customers, but they also introduce an additional potential attack surface that needs protection,” Mills says.
3. Multi-tier user management
To facilitate the segregation of different Cloud environments, Mills says organisations should look for Cloud providers that have the flexibility to offer an account hierarchy structure that affords complete control over which sub-accounts are allowed to exchange data freely.
“This delivers easy segregation between business units or locations,” he explains.
4. Logging and reporting
For Mills, the detailed logging of all actions performed through a Cloud interface or via an API is an essential part of managing enterprise IT Cloud environments, yet it remains a stumbling block for some companies in their adoption of Cloud-based infrastructure.
“Ideally, companies should ensure they have access to log management and reporting mechanisms,” he adds.
5. Patch management
In most cases, Cloud service providers regularly update the templates they use to create new virtual machines, helping them remain up to date with the patches that eliminate potential holes in network security.