Security Enterprise Services

FAQ: Top 3 Considerations for Cloud Server Access

More organizations are looking to move out of their data centers and private cloud environments and into the dynamic world of public and hybrid cloud architectures. There are many reasons for this, including cost savings with utility billing, shorter and easier provisioning time and the ability to spin up servers, when needed, to handle project-specific workloads and tasks.

Despite these benefits, access to these servers, and the applications being served from them, continues to challenge organizations. Do the servers and applications fall into the same bucket as enterprise server and application access policies? Are cloud servers “special snowflakes” that require specialized policies that pertain to servers outside of the data center? Do the complexities of cloud make these servers and applications impossible to audit effectively?

The cloud presents a host of new challenges and by definition opens up access to more people. With this in mind, when deploying new, or migrating existing, servers in public and hybrid cloud environments, consider the following access-related issues as a starting point.

What happens if the cloud server instance IP address changes?

Traditional data centers and private clouds are static or semi-static in nature. Little changes day-to-day with regards to IP address and compute resource allocation. Granted, private cloud environments can be somewhat dynamic in nature but often, organizations treat private cloud environments like they would an on-premises virtualized server infrastructure.

Public and hybrid cloud environments, on the other hand, are dynamic in nature, and there is no guarantee that the IP address you are allocated one day will follow your server through its entire lifecycle. This makes taking stock of assets, and facilitating access to those assets, a real challenge.

QUICK TIP - Organizations must ensure that access to servers and applications in cloud environments does not hinge on static IP address assignment.

Can your users access the cloud server regardless of location?

The term “road warrior” is rarely, if ever, used anymore. User connectivity to company resources, regardless of location, is an expectation that nearly every employee now has.

Your users must be able to access your cloud-hosted servers and applications from wherever they are located. Whether it’s a coffee shop, a home office, or in-flight Wi-Fi, users expect to be able to get to the tools required to perform their job.

QUICK TIP - Don’t fall into the trap of whitelisting corporate IP ranges, as that method of access control is no longer sufficient in our interconnected, mobile employee, and often out of the office, world.

Will cloud servers be diligently audited?

Everyone has heard this story before: an employee is fired, his or her access to the building and enterprise network is terminated, yet the ex-employee was still able download all of your customer information and bring it to your competitor.

Whether a true story or vendor folklore, this tale serves to educate organizations on the dangers of disparate authentication architectures and against insufficient auditing of terminated employees.

When an employee is terminated, for whatever reason, the organization must ensure that ALL of that employee’s access is removed or transferred over to a designated individual should any follow-up actions be required.

QUICK TIPTreat your cloud servers and cloud-hosted applications as you would a server residing within your data center. Audit it regularly and apply the same level of scrutiny you would to a physical computer asset.

Three steps forward, no steps back!

The cloud has many benefits but also a host of unforeseen, or long forgotten, access challenges that require diligent research to understand. You should not anticipate that the cloud service provider has the answers to all access-related challenges but, it’s entirely possible, that the provider can shed some light on some of the blind spots.

Remember, just because you can put a particular application or server in a cloud environment, doesn’t mean that it is automatically secure, compliant or accessible for the individuals that need to use it.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

August 2014

2014 August

In the August issue of Security Magazine, read about the public-private partnerships and the future of DHS with Frank Taylor, sneak a peek at the ASIS 2014 security products, and read a special report on cyber risk and security. Also in this issue find out why America is in desperate need of a CSO and the most common mistakes in Cyber incident response. The security game has dramatically changed since September 11th, read about what enterprises are doing to keep Americans safe and sound.

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+