Trust relationships are about establishing hierarchies and knowing who can be counted on to protect and treat shared resources and sensitive information appropriately. It’s about trusting not just who you’re transacting with, but also how they provide services and security. When expectations between parties are formalized and organized through ties of the federation, the result is not just a safer community of users, but one that interacts more conveniently, openly and productively.
To illustrate, consider a scenario in which an enterprise user needs to access a cloud-based CRM application. What typically happens is that the user must follow separate access procedures to connect to his enterprise network and the CRM service. As the IT industry moves forward with cloud technologies, such as redundancies in credentials and processes, will eventually become obsolete. To create a more seamless experience between enterprises and clouds, companies will develop federated trust policies and secure authentication systems to enable a single log-in that grants users appropriate access to all IT-based services, whether they’re inside or outside the enterprise. By leveraging strong authentication to link cloud services, companies aren’t just creating a convenient user experience; they’re also strengthening enterprise security by reducing the number of places where authentication occurs and, thus, the overall threat surface for unauthorized access
Most of the time-tested practices and technologies for managing trust in traditional enterprise IT environments can be ported to maintain confidence in private enterprise clouds. For example, organizations can extend traditional information security practices such as data encryption, robust authentication and fraud detection to their private clouds to protect against intrusion, phishing, malware and even information espionage. To improve information portability and protection, enterprises can institute policies for federated identity management.
Following are some best practices for managing trust in private clouds:
1. Set clear policies to define faith and be equipped to enforce them
In a private cloud, trust relationships are established and controlled by the organization using the cloud. While every party in the trust relationship will naturally protect information covered by government privacy and compliance regulations — employee tax ID numbers, proprietary financial data, etc. — organizations will also need to set policies for how other types of exclusive data are shared in the cloud. For instance, a corporation may classify information such as purchase orders or customer transaction histories as highly sensitive — even as trade secrets — and may establish risk-based policies for how cloud providers and business partners store, handle and access that data outside the enterprise.
how cloud providers will report and validate their performance in enforcing the standards set by the organization. These agreed-upon standards must be administered by binding service level agreements (SLAs) that stipulate the consequences of security breaches and service agreement violations.