There a meme that’s been working its way around social media recently, to the effect that ‘there is no cloud, it’s just someone else’s computer’. It’s an interesting thought.
‘Moving to the cloud’ has become one of those phrases that people throw around without really thinking about what it is – a network of servers accessed over the internet. So, essentially someone else’s computer.
Numerous businesses have now migrated previously on-premise services or their data storage to the cloud.
The key benefit is, of course, financial. Instead of buying their own hardware organisations just pay for the server space they use. The cloud also makes it easy to upscale or downscale operations quickly, simply by increasing or decreasing the amount of space they buy.
But if the cloud is just someone else’s server, how secure is it compared to on-premise systems?
On the one hand, the network protection is the same as with on-premise. Plus there’s less opportunity for malicious employees to reach data they shouldn’t really access and it could be argued that because it’s their business, cloud service providers have even more invested in guaranteeing the security of the data they’re storing.
But this places your business’s data on someone else’s computer and effectively delegates the security policy on that data to another entity.
Migrating partial or entire on-premise services to the cloud is not always a smooth process and the move to different systems and servers can throw up a number of issues.
Normally, cloud applications aren’t active directory integrated so businesses no longer have the option of an on-premise, single authentication source.
The very nature that it is no longer local (i.e. within the network), means it is essential that multiple forms of authentication are considered to maintain tight security.
Some cloud services offer this, while others require additional set-up or purchasing and others simply don’t.
Personal data duplication
Inevitably multiple services that are authenticating and managing users can result in personal data being duplicated.
>See also: Cloud data management: data protection
Users have to manage information on themselves in multiple places; on-premise services as well as in the cloud.
Data consistency also plays a factor here. Updating one source and not another results in incorrect profiling and HR’s task can become a complicated and time consuming challenge.
Multiple systems equals multiple passwords and that means password problems, which will inevitably result in an increased load on the helpdesk and potential security issues.
At all costs businesses will want to avoid users writing account details on sticky notes, but it’s not easy to manage multiple accounts, and these days most people do have multiple personal and business accounts.
Aside from the obvious dangers in writing down passwords, the risk of people using obvious passwords, repeating old passwords or using the same password across system increases as the number of passwords they need to remember grows.
Differing password policies
Organisations have their own internal standards for passwords and in an ideal world, complex passwords are preferred.
However, not every cloud system can or does adhere to this.
Password policies too can differ wildly from one cloud application to another and this can again result in passwords being written down.
What’s more, password issues result in the highest number of helpdesk tickets every year.
Where a business does have a handle on this, moving to the cloud without considering the impact can have a detrimental effect on IT admins and helpdesk teams.
Conflicting password expirations
This goes hand in hand with password policies but is worthy of a note in itself.
Most systems require passwords to be changed frequently for security purposes but even this can have a knock on effect on migration plans.
Having to change passwords on different systems at different times can be a real pain point for users.
People like things to be easy and straightforward, the very ethos of any migration plan should be to make the end-users life much easier and simple.
Having to churn out more cycles to managing accounts results in disgruntled users and is a security disaster waiting to happen.
The use of technologies such as the security assertion markup language (SAML) can help eliminate these issues.
These technologies establish trust with an identity provider and the identity providers can themselves be cloud services or self-hosted.
SAML authentication provides a standard for transmitting authentication information.
Specifically, SAML enables users to access resources from entirely separate domains using their own credentials from your chosen identity source.
It allows solutions such as single sign-on to provide one point of access to an end-user who wishes to navigate through several different back-end networks.
For all the great benefits moving to the cloud brings, there are many security implications to consider.
Any new system needs to be transparent and effortless for users – and not compromise the self-controlled security policies enjoyed with an on-premise service.
Sourced by Lee Painter, security expert and CEO of Hypersocket Software