Apr 05, 2011

What kind of access controls to cloud servers are important?

Is it an all-or-nothing proposition?

You may want to read this PDF file on controlling cloud data:



"Cloud computing is clearly one of today’s most enticing
technology areas due, at least in part, to its cost-efficiency and
flexibility. However, despite the surge in activity and interest,
there are significant, persistent concerns about cloud computing
that are impeding momentum and will eventually compromise the
vision of cloud computing as a new IT procurement model. In this
paper, we characterize the problems and their impact on adoption.
In addition, and equally importantly, we describe how the
combination of existing research thrusts has the potential to
alleviate many of the concerns impeding adoption. In particular,
we argue that with continued research advances in trusted
computing and computation-supporting encryption, life in the
cloud can be advantageous from a business intelligence standpoint
over the isolated alternative that is more common today."

I would like to see granular security over cloud-based storage that integrates with Active Directory. If I'm managing hundreds of users across multiple departments, it's important to make sure that employees can only get into the files that they're allowed to see, and to allow management to take a birds' eye view over the work their employees are producing.


One place that the cloud vendors are still playing catch up to the mainframe computing world has to do with security policies and access controls. In many cases, access is an all-or-nothing proposition, meaning that once a user authenticates to the cloud, they have the freedom to do a lot of unintentional damage to start and stop a virtual server or make other mayhem inside the entire cloud environment.


Some cloud providers are better about this than others, and allow virtual networks within a particular environment or other means of segregated access for individual users. There are also third-party security tools, such as Hytrust's Appliance for VMware and Reflex Systems vTrust. Both of these allow more granularity so that users can run the applications on a virtual server but not reconfigure or turn off the server itself.


For more Cloud Computing tips, see 12 questions to ask your cloud computing provider

Answer this