Ambient Cloud: Two approaches to securing the cloud
the enterprise is responsible for securing their own cloud and can give access to providers to assist in securing their cloud. (For an additional premium, of course.) But how should you approach security? There might be problems.
Previous post: Ambient Cloud: Who is responsible for securing the cloud?
We have mentioned that the enterprise is responsible for securing their own cloud and can give access to providers to assist in securing their cloud. (For an additional premium, of course.)
But how should you approach security? There might be problems.
1. Extend your perimeter to the Cloud
Contrary what many are saying, the perimeter-based security model is not dead at all. When dealing with the cloud, enterprises still have the notion of a perimeter. The choice for firms is whether they extend that perimeter into the cloud or extend the cloud inside their perimeter, or both. Extending your perimeter to the cloud involves setting up an IPSec VPN tunnel to your public cloud provider’s servers and putting enterprise-grade security on the public cloud server, usually in the form of security software and virtual appliances. For ambient cloud, this translates to using a mobile device management platform to install enterprise-grade security on employee owned or corporate owned mobile devices. There can be a downside to extending your perimeter to the cloud.
2. Extend the cloud into your enterprise
Extending the cloud into the enterprise allows the cloud to effectively extend inside your perimeter and involves agreeing to an IaaS public cloud provider or cloud-based MSSP installing a cloud node on site. The benefit of having this set-up is that it is already well understood. An example is the Trend Micro Smart Protection Network, which links security servers inside an enterprise network to a security network of thousands of servers in the cloud. From an ambient cloud perspective, it’s common to work with third-party services to manage employee owned or corporate owned mobile devices. There are alternatives for managing your mobile devices within your own enterprise.. Both scenarios have similar drawbacks concerning the potential lack of visibility and control arising from outsourcing to the cloud. CISOs must be vigilant, conduct due diligence and be aware of the risks involved.
For the full whitepaper visit: Who Owns Security in the New Ambient Cloud? [downloadable pdf]