June 15, 2010, 2:25 PM — We laid out the essential concepts of cloud security in Cloud security: The basics.
Perhaps the best way to further understand cloud security is through specific examples. Here's a peek into a few of the biggest concerns that users have and how four companies have chosen to handle them.
Cloud model: SaaS
Security concern: Single sign-on
When Lincoln Cannon was hired 10 months ago as director of Web systems at a 1,500-employee medical device company, he wanted to help the marketing department make a switch to Google Apps and a SaaS-based training application called eLeap, in the interests of lowering development costs and improving productivity.
However, there were some concerns. Marketing executives didn't want users to have more than one log-in, and IT wanted to retain access control over the applications, especially when it came to adding new employees and terminating their accounts when they left the company.
Cannon turned to a single sign-on system from Symplified, which communicates with Active Directory to verify the credentials of the user who is trying to log in to the cloud application. Google Apps uses APIs to offload authentication of users to a single sign-on provider, Cannon says, but with eLeap, the system needed to use an authentication adapter.
Also see "The cloud security survival guide" on CSOonline.com
Either way, "it's kind of like a guardian," Cannon says. "To get to our instance of eLeap training or Google Apps, you have to authenticate with the single sign-on provider." And it's synchronized with Active Directory. "We define, through Symplified, which of our accounts has access to these SaaS applications, and when we kill the account in Active Directory, it prevents anyone from using that account to access those SaaS applications," Cannon says.
The Symplified system can operate in a SaaS model itself, but the device company chose to implement a Symplified-managed router behind its firewall. It did this because IT didn't want to manage user accounts and passwords in the cloud. "All that happens behind the firewall," Cannon says.
Cloud model: IaaS
Security concern: Data encryption