The darkest cloud in the sky

Jeff Hajek

to neutralize the very cost savings and efficiencies the cloud delivers.

The problem can be summed up by the “ad hoc” approach to cloud security. Most companies choose to deploy virtualization technologies without involving security teams up front. As a result, many simply retrofit the virtual network with their physical network security strategy – regardless of cloud-specific threats.

Let's start with inadequate user-level authentication. In a cloud environment, workers must login to multiple applications and services versus logging into their desktop. As a result, organizations easily can lose control over their ability to ensure strong authentication at the user level. The implementation of federated ID, a single-sign on process, mitigates this threat by allowing access to physical and cloud applications through a single, strong authentication.

Another challenge lies in the increased sophistication of network attacks and the use of traditional port-based access control to protect traffic accessing the cloud. Cloud-ready firewalls should provide multilayer inspection. That means IPS capabilities at the network perimeter, backed by IPS inspection inside the network. Further, human error is still the greatest threat to network security and only will be amplified as companies add more devices to secure the cloud. Centralizing device management and making it a vendor-agnostic process will drastically improve complete network security.

Lastly, as cloud computing becomes more prevalent, so will virtual desktops. Companies should isolate them from other network segments and implement deep inspection at the network level to prevent both internal and external threats.