It may be tempting for organizations to consolidate administrator duties in the cloud because many functions can be conveniently and centrally administered using virtualization management software. However, as with physical IT environments, in which servers, networks and security functions are split among several administrators or departments, segregating those functions within the cloud can provide added security by diffusing control.
Manage policies for provisioning virtual machines: Organizations establishing a security posture based on virtual machine identities should know how those identities are formed and what precautions their cloud vendors have taken to safeguard those identities.
Employ data encryption and tokenization: Organizations should encrypt data residing with or accessible to cloud providers. Additionally, organizations should ensure cloud vendors support data encryption controls that secure every layer of the IT stack.
Adopt federated identity policies backed by strong authentication practices: Federated identity policies, like the authentication services that accompany them, are only as strong as their weakest link. Each member of the federation must be trusted to comply with the group’s security policies. Employing a uniform, acceptable level of strong authentication among all members of the federation will be crucial for creating a climate of trust that will allow federated identity models to become more widespread.
In the coming years, organizations will need to extend their private cloud capabilities in strong authentication and fraud detection to protect against phishing, malware and even information espionage. In building stronger defenses against unauthorized access and online fraud, organizations can borrow from these practices commonly used to prevent online financial fraud:
Implement strong authentication services: Deploying riskbased identity access and management systems, which intelligently vary authentication processes based on realtime calculations of risk, is one of the most effective ways to secure user identities in the cloud.
Deploy multiple lines of defense to protect against sophisticated malware attacks: The growing use of strong authentication techniques has spurred fraudsters to develop new, more sophisticated methods for intercepting user identities to commit crimes. Companies can protect their private clouds from fraudsters’ malware attacks by deploying multilayered approaches to prevent intrusion and to verify user identities.
Map the “Dark Cloud” of cybercrime: Cybercrime intelligence services can provide valuable, timely insight into cyber criminals’ methods of operation and their ecosystems. Such insight can be used to help organizations detect malware attacking their users, recover credentials stolen from users, shut down infection points and spoofed phishing websites and monitor botnets and command & control motherships.
Within cloud environments, the virtualization layer provides an unprecedented degree of visibility for auditing. Following are some best practices for organizations to employ when handling identity compliance in private clouds:
Monitor cloud vendors for compliance: Companies deploying private clouds should coordinate with their various cloud providers to ensure the data needed to prove regulatory compliance is fed back into the enterprise.
Ensure adherence to jurisdictional-specific regulations in borderless clouds: Complying with government regulations to preserve data privacy can pose a challenge in clouds, where data can be automatically shared and stored in several locations at once. “Data-aware” clouds are among the many sophisticated tools that are emerging for enterprises to use in complying with regulations within the cloud environment.