'App shaping' key to securing the cloud on a budget

One of the hot topics at this week's Identity Management conference in London was how to secure cloud-computing resources on a tight budget.

Microsoft boosts Internet encryption and transparency
Microsoft boosts Internet encryption and transparency

Whilst this may seem a misnomer, given the cost advantages that a cloud data centre resource can deliver over its local bricks and mortar counterpart, budgets - even in the corporate cloud - are still under significant pressure.

According to Ed Macnair, EMEA MD of Intermedia, the key security issue in his opinion is how to embrace the cloud without losing control of the data.

"Our research suggests that around 56 percent of companies make use of six or more SaaS (software-as-a-service) applications, whilst 76 percent of network intrusions exploit weak and stolen passwords," he told the audience, adding that - just to make life more difficult - the average business user has 25 different passwords they have to remember for internet-based services.

One solution to this security issue in the cloud, he argues, is to use a technology called ‘application shaping', which effectively gives IT security management granular control over the various features of an app running in the cloud, but without reducing its overall effectiveness.

"App shaping allows us to block and control the various functions of an application on a highly granular basis. Ideally the IT department needs to have access to a single pane of glass that gives them an overview of the audit reporting that is needed for controlling cloud-based resources," he explained.

Macnair went on to say that an increase in the number of organisations using cloud-based services is driving the requirement for CIOs to extend existing enterprise identity to manage and audit the use of Web applications.

The issue here, he says, is that existing identity and access management (IAM) and single sign-on (SSO) solutions do not enable CIOs to tightly govern and audit user access in the cloud.

On top of this, he adds that the availability and ease of deploying Web applications has increased the incidence of employees using unauthorised applications to process corporate data.

Another challenge that CIOs face, Macnair argues, is the increase in employees using personally-owned devices to access, process and store corporate data

The issue around cloud budget - and control - was picked up by Professor Ali Abdallah, a professor of information security and head of centre for cyber security with Birmingham City University, who explained how IAM plays a most critical role in any organisation, since it provides the foundation pillar upon which all business processes and associated security controls are usually anchored.

Traditional IAM systems, said Abdallah, are rapidly becoming not fit for purpose because they cannot effectively adapt to evolving expectations.

Against this backdrop, he adds that large organisations are facing growing IAM challenges in terms of enlarging scope - ie employees, partners, supply chains, customers and social users - as well as accommodating diverse entities - such as people, assets, services and the Internet of Things (IoT).

The challenge facing IT professionals, he told his audience, is how to managed provisions - in-house, federated, cloud-based and IaaS (Identity as a Service) - whilst at the same time extending the functionality to include identification, attributes, binding and relationship correlations, as well as assuring quality through the assurance of identity, confidence in attributes, usability, trust, security and privacy.