Where Should the IT Department Put Security/Access Control Points for Cloud Data Access?
To be able to run operations and applications from the cloud, the non-cloud platforms below have to be cloud enabled. But always remember that in cloud services, data security is ultimately the responsibility of the enterprise customer. So where does the enterprise put the control point to maintain data access/security control of cloud-based data?
Data can be accessed in transit or while in the cloud if not protected well. We discuss the ways that data can be protected and authorization can be given for access in a cloud environment by making sure the underlying non-cloud IT infrastructure and policy automation have taken the appropriate measures.
Measures can include:
- Assigning access-control rules to applications and data that can move with them to the cloud, which are not layer specific.
- Authorizing access to applications and data based on verified user-access claims, which are monitored by appliances or other devices.
- Data encryption, so the cloud cannot see contents.
- Use of a federated identity management to ensure every user is known at every point in the cloud, involving assignment of roles and other attributes to each user to verify data-access claims.