Cloud perimeter increasingly difficult to govern, according to CenturyLink
FYI, this story is more than a year old
In hybrid IT environments it can be difficult to use the traditional ‘perimeter’ concept to describe the boundary between an organisation’s private network or cloud-based infrastructure, and the public internet.
That’s according to CenturyLink, who says in this digital landscape, organisations need new methods to secure and govern the corporate cloud perimeter.
“The idea of a perimeter conjures images of an impenetrable barrier that can prevent things from getting in or out,” explains Stuart Mills, regional director, ANZ, CenturyLink.
“In terms of enterprise technology infrastructure, firewalls and other intrusion detection systems have traditionally been used to secure the business perimeter,” he says. “Things are no longer so simple. The perimeter, if it still exists at all, has moved. In many cases, organisations find that a growing proportion of their IT assets are now located outside of their data centres or internally-managed infrastructure,” Mills says.
“This is due to the rise of cloud, mobility in the enterprise, and online collaboration tools. As a result, it is difficult to govern and protect all IT assets equally.” There are five security technology features organisations can implement to help govern their cloud perimeter and protect all of their IT assets no matter where they reside: 1. Identity management integration Standards-based integration with identity management providers can help organisations quickly provision and de-provision access to company resources and data. This type of integration also provides organisations with complete control over password complexity rules, expiration, and multi-factor authentication requirements. 2. API security Many cloud providers provide application programming interfaces (APIs) that let customers integrate management for their cloud service into third-party management platforms or their own applications. APIs provide valuable business capabilities for customers, but they also introduce an additional potential attack surface that needs protection. 3. Multi-tier user management To facilitate the segregation of different cloud environments, organisations should look for cloud providers that have the flexibility to offer an account hierarchy structure that affords complete control over which sub-accounts are allowed to exchange data freely. This delivers easy segregation between business units or locations. 4. Logging and reporting The detailed logging of all actions performed through a cloud interface or via an API is an essential part of managing enterprise IT cloud environments, yet it remains a stumbling block for some companies in their adoption of cloud-based infrastructure. Ideally, companies should ensure they have access to log management and reporting mechanisms. 5. Patch management In most cases, cloud service providers regularly update the templates they use to create new virtual machines, helping them remain up to date with the patches that eliminate potential holes in network security. Once a virtual machine is launched, however, the responsibility to patch the system falls to the user of the service. At this point, the organisation needs to make