I packed my cloud bag and in it I placed...
As we've begun to adopt a myriad of cloud-based services, our network perimeter has become more expansive and therefore, potentially more porous. Cloud services may need additional firewall ports open, which is equivalent to opening more doors into your home. On top of this, your employees are now working wherever they want and they’re using a handful of different devices. Last but not least, your data is racking up an impressive amount of frequent flier miles as it travels and gets stored in platforms strewn all across the country.
If you’re a network security administrator, the security tools you used to manage – resembling something like a toll booth – now probably looks more like an air traffic control center. That said, investments in information technology (IT) are meant to enable efficiency, not constrain it; and it’s still a winnable fight.
The secret? IDENTITY
The security of identity has evolved and uses some compelling new tools to build a set of parameters that dictate which users can access which applications, which data, from where, and with what device. The authentication handshake we used to use looked something like this:
- Username and password correct?
- Is the device located within the network?
- Good to go.
This isn’t going to cut it anymore. As you adopt cloud services, you’re introducing more variables. To offset these variables, using the tool set of Identity-based security, you need to paint a far more colorful picture of risk by asking a more complicated set of questions… such as:
- Username and password correct?
- Is the device located on the network?
- If not, where is the connection’s Internet Protocol (IP) address?
- Is this a secured connection?
- Is the device up to date with anti-virus definitions and operating system (OS) patches?
- Is this a recognized device or a new device?
- Can the user verify their identity with something they have (token or phone)?
- Does this user have the permissions they require to do what they’re trying to do?
- Is encryption required to safely execute this action?
Though it sounds like a headache, the cybersecurity market has produced many valuable services which simplify this type of authentication and bridge the gap between mobility and security in compelling ways.
The First Five Items in Your Cloud Security Suitcase
1. Cloud-based Active Directory
Synchronize your users, permissions, and authentication requirements across disparate applications and services by extending Active Directory to the Cloud. Call it step 1.
2. Identity Management Services
You make the rules. Identity Management Services, such as Microsoft Enterprise Mobility + Security (EMS), allow your organization to specify authentication requirements with a whole new set of criteria. Cloud-based dual factor authentication, patching and AV requirements, and even bio-metrics like fingerprints can be leveraged to ensure your data is secure.
3. Mobile Device/Application Management (MDM, MAM)
Let's say I'm the airport and I need to pull up a customer’s financial record. MDM and MAM solutions provide encryption services and management features that solve this problem while retaining your organization’s ability to control risk. Conversely, if an employee leaves your organization, these tools can execute a remote wipe of very specific applications and data from the former employee’s devices.
4. Vendor Management
You’re only as strong as your weakest link. To safely do business in today’s market of outsourcing, multi-sourcing, and public/hybrid cloud services, vendor due diligence is crucial. Consider the vigilance you’ve given to your own security posture and extend those same requirements to your business partners. Word to the wise: your business partners include your applications vendors. Keep an open mind – you might learn something from what your partners are doing too! Think of it as a club – set your requirements and stick to them – you’ll be doing everyone a favor.
Surprise, surprise. But encryption doesn’t only apply to email anymore. Are your backups being sent offsite via an encrypted tunnel? Does compliance require that you encrypt server hard drives? Are your desktop hard drives encrypted? Are your WAN circuits encrypted? How about the path from your firewall to your hosted VoIP service’s data center? And the email app your employees have on their phones? Check these boxes off one by one. Working from anywhere introduces the risk of anywhere. Bring the security of encryption along for the ride.
Finally – embark on these transitions with empathy. Your employees are your most valuable assets; don’t leave them behind. Invest in training and invest time in creating a logical road map so no one gets burnout. There’s no huge rush… the cloud is here for the long haul.