Security in a Cloudy Future

Cloud computing has exploded. According to a report from Visiongain, an independent media company, the cloud computing market was worth approximately US$37.9 billion by the end of 2012. The cloud is now ubiquitous.

Of course driving this explosion are the many benefits of joining the cloud, which organisations are increasingly recognising.

The cloud has the potential to reduce IT costs by outsourcing hardware and software maintenance and support. In turn, this allows IT resources—both funds and staff—to be reallocated towards hitting more strategic IT goals.

If a business handles a lot of applications and, as a result, experiences slow server response times, cloud solutions can be of great help. Cloud-based services allow for faster connections and better response time compared to traditional servers and hardware. This also has the added benefit of helping to improve productivity in the workplace by allowing employees to work faster.

Furthermore if a business’ employees frequently work remotely—whether by travelling or telecommuting—they will likely want to view or manage projects saved on their company server from afar. Remote access through the cloud allows staff members to access company information from anywhere. Employees won’t have to be in the office to complete or download work, and this capability also fosters greater collaboration as it’s easier to collaborate on projects. Remote access, like faster connections and better response time, will also encourage increased productivity. Employees will just need access to the internet or cloud in order to connect to company servers and get to work.

But the cloud, whilst omnipresent, is not almighty. Security concerns remain for many IT departments and with good reason. According to the quarterly reports of cloud hosting company ‘FireHost,’ they have seen a 160 percent rise in cross-site scripting attacks in the last three months of 2012: from 1 million attempts to a whopping 2.6 million.

It is not just cloud providers who face security threats but their customers too, and with the upsurge of wirelessly enabled internet devices—most notably smartphones, tablets, and laptops—more and more employees are bringing their personal devices into the workplace and connecting them to corporate servers en masse. ‘Bring Your Own Device’ (BYOD) is one of the latest buzzwords in the IT world. Increasingly companies are not only tolerating employee usage of personally-owned, wirelessly enabled devices in the workplace but actively encouraging it by introducing comprehensive BYOD programmes.

And when the cloud is coupled with the rise of BYOD, these concerns double. How do you ensure that malware on one employee’s device does not spread to others? What can you do to stop anyone who enters company premises having immediate access to the company resources? Is there a way to ensure that any critical data is only accessible to authorised users? Essentially, the real question is how do we maintain security in this new, open-access world? The cloud brings with it a plethora of new security challenges.

Fortunately, there are measures cloud customers can put in place to alleviate concerns.

First and foremost, organisations must ensure compliance with various privacy standards. This means going beyond having a secure internet connection when accessing and storing data. For instance, the United State Health Information Technology for Economic and Clinical Health (HITECH) Act assigns cloud service vendors the same security responsibilities as health care providers. If you are considering a transition to the cloud, be sure to complete audits to fulfill all local and regional regulations, avoid fines, and maximise security. Set up breach notifications, and plan for disaster recovery to protect health, financial, and proprietary information.

Secondly, organisations need to ensure that they can provide secure access to the cloud.

Juniper Networks MAG Series Junos Pulse Gateways, for example, are modular, purpose designed access solutions that meet the secure remote, mobile and LAN access needs of today’s agile businesses of all types and sizes.

The MAG Series with #1 market leading Junos Pulse SSL VPN and Unified Access Control (UAC) is able to provide role-based secure access on various devices - mobile or non-mobile, local or remote, wired or wireless, and also enables SSO via SAML - to resources on corporate networks and cloud hosted servers and applications. This enables employees to access company resources from anywhere whilst, at the same time, IT can control which users have access to what and from which devices.

The solution verifies and ensures that endpoint devices meet corporate security policy requirements before granting access to company resources and data—whether the user is remote, mobile, local, or a guest user. For example, jail-broken or rooted mobile devices or remote laptops without the requisite, up-to-date endpoint security software can be disallowed access until they are remediated, and comply with the corporate policy. Furthermore, the Juniper solution allows an organisation the ability to control user access based on user identity or role, the user’s device type and its integrity and location and grant access only to network resources and data that the user is authorised to access.

Juniper’s MAG Series with its Junos Pulse SSL VPN and UAC fulfills the needs of any organisation thinking about joining the cloud. It opens the door to remote access, whilst making sure that security—of access and of data—is still tight and allows today’s businesses to embrace BYOD, securely.