If someone asked you what the biggest problem with cloud is, how would you answer? Would it be security? Complexity? Personally, I think it comes down to the fact that cloud involves so many systems, data centres, networks, security controls that it’s almost impossible to create clear segmentations of where cloud environments begin and end. Cloud is a global entity made up of fenced-off clusters of information.
But beyond the simple cloud issue is what social media and personal devices do to affect these already dynamic boundaries. These devices connect to the same cloud network and suddenly they create new endpoints and access points that weren’t part of the original network plan. On top of this, social media means these devices and users are extended to other public groups. This means there is an endless potential for open portals to your network with an unknown number of risks.
So what can IT professionals do to contain these risks? The main thing is that we need to be aware of all the types of links and the types of risks associated with each type of device. But instead of looking at it from a requirement to lock down the edges of your environment, which will continue its endless sprawl, what if we looked at it from an inside-out perspective?
What if we started with the data, and put controls on where the data could be moved to, accessed from, viewed and edited by, and use this as the centre of which security policies are based on? This way regardless of sprawl, the data would be protected by the original governing policies.
If cloud computing is changing the way we do business, then maybe it’s worth changing the way we approach security to mirror these changes.