The consumerisation of IT has led to the proliferation of smart devices and the advent of cloud services fuels this proliferation by enabling applications to run in a dynamic and elastic fashion; independent of the storage and processing power of the end device.

The ‘prosumer¹’– a social/business individual - now expects to access both personal and business applications with equal ease and from the same, often privately owned, device. The so-called ‘Bring Your Own Device⁶ (BOYD) conundrum’.

This combination of increased mobility of the user, non-managed devices and the virtualised/multi-tenant data centre, leads to a number of security challenges not previously experienced by the enterprise or service provider.

At the same time, security is consistently called out as the greatest inhibitor to the adoption of cloud services. In the Cloud Circle 1^st Industry Trends Report ²security is cited as the biggest barrier to cloud services overall, and by five out of six industry sectors.  

At the highest level there is a need to deliver ‘clean clouds’. That is, to create an ‘attack-free zone’ from which to provide services in both public and private cloud domains, and to ensure ‘infection-free endpoints’ that can connect securely to the service without compromising overall security.

This cannot be done within the data centre alone. Clean clouds require end-to-end security.

In the attached paper (below), The Evolving Threat Landscape, I take a high level look at what can be done at the two extremes of the cloud service connection; in the virtualized data centre and on the mobile device.  

Securing the Virtualised Data Centre

To create an attack-free zone, today’s virtualised data centres must have an integrated set of security policies that are coordinated across the physical and virtual domain. This can be achieved through integrated functionality, policy definition and management applied consistently in and across physical and virtual appliances, such as the Juniper SRX and Virtual Gateway (vGW). Policy is policy; whether applied to a physical port or a virtual port.

Ken O'Kelly’s guest blog ‘Security Challenges in a Virtual World’⁴ covers this topic in more detail.

Secure Mobile Clouds

The establishment of ‘appstores has made it far easier to install client software onto a user’s mobile device (remember IPsec installations?) A single client download, such as Junos Pulse, can now bundle a range of security features; protecting the device with anti-virus, anti-spam, firewall and loss/theft mitigation, and bringing the device  under management control. Using this same client, the now infection free device can establish a secure VPN connection to the service; maintaining the integrity of the clean cloud.

And with standard-based protocols such as SAML³, federated identity and access services can be established that allow integration of public and private clouds (hybrid clouds⁵) where the user need logon only once and seamlessly access multiple services, all under the control of the enterprise access policy.

Delivering Clean Clouds

So, the delivery of a clean cloud is very much achievable provided that thought is given to the end-to-end security architecture and integration at the functional, policy and management levels.

Are you running a clean cloud?

What impact does Bring Your Own Device  have on your cloud security strategy?

Nigel Stephenson

Head of Cloud Services Solutions Marketing, EMEA

References:

1. Oxford Dictionaries. Definition of Prosumer. (2011)
2. Cloud Circle 1^st Industry Trends Report Page 8.(2011)
3. Wikipedia Security Assertion Markup Language (2011)
4. Juniper Guest Blog. Security Challenges in a Virtual World’. Ken O’Kelly. (2011)
5. SearchCloudComputing.com Hybrid Cloud Definition (2009)
6. Bring Your Own Device. SC Magazine Video Interview with Karim Toubba (2011)