Due to its exponential growth in recent years, cloud computing is still
considered an emerging technology. As Cloud computing cannot yet be considered
a mature and stable technology / platform. Cloud computing comes with both the
benefits and the drawbacks of innovation. To better understand the complexity
of cloud computing,
Let’s discuss this on this four pillars
1.
Cloud use and satisfaction level,
2.
Expected growth,
3.
Cloud-adoption drivers,
4.
Limitations to cloud adoption.
Various studies determined that the increased rate of cloud adoption is the
result of perceived market maturity and the number of available services to
implement, integrate and manage cloud services. Cloud adoption is no longer
thought of as just an IT decision; it’s a business decision. Cloud has become a
critical part of a company’s landscape and a cost effective way to create more
agile IT resources and support the growth of a company’s core business.
Cloud Computing Maturity Stage
Cloud computing is still in a growing phase. This growth stage is
characterized by the significant adoption, rapid growth and innovation of
products offered and used, clear definitions of cloud computing, the
integration of cloud into core business activities, a clear ROI and examples of
successful usage. With roles and responsibilities still somewhat unclear,
especially in the areas of data ownership and security and compliance
requirements, cloud computing has yet to reach its market growth peak.
Cloud Adoption and Growth
How does cloud computing continue to mature? Security and privacy continue
to be the main inhibitors of cloud adoption because of insufficient
transparency into cloud-provider security. Cloud providers do not supply cloud
users with information about the security that is implemented to protect
cloud-user assets. Cloud users need to trust the operations and understand any
risk. Providing transparency into the system of internal controls gives users
this much needed trust.
Companies are experimenting with cloud computing and trying to determine how
cloud fits into their business strategy. For some, it is clear that cloud can
provide new process models that can transform the business and add to their
competitive advantage. By adopting cloud-based applications to support the
business, Software as a Service (SaaS) adoption is enabling organizations to
channel resources into the development of their core competencies.
Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)
adoptions enable businesses to experiment with new technologies and new
services that require resources that would be expensive if they were completed
through in-house implementation. IaaS and PaaS also allow companies to adapt to
the rapid changes in market demand, because they create a completely new,
faster and cheaper offering.
User Satisfaction
According to respondents, the level of satisfaction with
cloud services is on the rise. Cloud services are now commonly being used to
meet business as usual (BAU) and strategic goals, with the expectation that
they will be more important for BAU than strategic plans in the future.
It’s not perfect yet, but the level of satisfaction with cloud services and
deployment models is expected to increase as the market matures and vendors
define standards to minimize the complexity around cloud adoption and
management. The increase of cloud service brokers and integrator is helping
businesses to integrate applications, data and shared storage in a more efficient
way, making ongoing maintenance much easier.
Moving Past the Challenges
Study found that the most significant cloud concerns involve
security and international data privacy requirements, data custodianship, legal
and contractual issues, provider control over information, and regulatory
compliance. Both cloud providers and cloud users have a role is moving past
cloud concerns. Cloud providers need to demonstrate their capabilities to
deliver services in a secure and reliable manner. Companies must understand
their own accountability for security and compliance and their responsibility
for implementing the necessary controls to protect their assets.
Gaining Maturity
The decision to invest in cloud products and services needs to be a strategic
decision. Top management and business leaders need to be involved throughout a
cloud product’s life cycle. Any cloud-specific risk should be treated as a
business risk, requiring management to understand cloud benefits and challenges
to be able to address cloud-specific risk. The need remains for better
explanations of the benefits that cloud can bring to an organization and how
cloud computing can fit into the overall core strategy of a business.
Effective access Control
As the threat landscape has evolved to include adversaries with deep
pockets, immense resources and plenty of time to compromise their intended
target, security professionals have been struggling to stave off data breaches.
This is not a matter of if your network will be compromised, but when.
Since many companies have built up their perimeter defenses to massive
levels, attackers have doubled down on social engineering. Phishing and
malware-laden spam are designed to fool company employees into divulging login
information or compromising their machine.
Since threat actors have become so good at circumventing traditional
defenses, we cannot afford to have only a single point of failure. Without
proper internal security, attackers are given free reign of the network as soon
as they gain access to it.
Instead, attackers should encounter significant obstacles between the point
of compromise and the sensitive data they are after. One way to accomplish this
is with network segmentation.
Keep your hands to yourself : In
an open network without segmentation, everyone can touch everything. There is
nothing separating Sales from Legal, or Marketing from Engineering. Even
third-party vendors may get in on the action.
The problem with this scenario is that it leaves the data door wide open for
anyone with access credentials. In a few hours, a malicious insider could
survey the network, collect everything of value and make off with the goods
before security personnel get wind of anything out of the ordinary.
What makes this problem even more frustrating is that there is no reason
everyone on the network should be able to touch every resource. Engineers don’t
need financial records to perform their job, and accountants don’t need
proprietary product specifications to do theirs.
By simply cordoning off user groups and only allowing access to necessary
resources, you can drastically reduce the potential damage an attacker could
inflict on the organization. Instead of nabbing the crown jewels, the thief
will have to settle for something from the souvenir shop. Additionally, the
more time the attacker spends trying to navigate and survey your network, the
more time you have to find them and throw them out, preventing even the
slightest loss of data in the process.
How it works: It is best to think
of a segmented network as a collection of zones. Groups of users and groups of
resources are defined and categorized, and users are only able to “see” the
zones appropriate to their role. In practice, this is usually accomplished by
crafting access policies and using switches, virtual local area networks
(VLANs) and access control lists to enforce them.
While this is all well and good, segmentation can quickly become a headache
in large corporate environments. Network expansion, users numbering in the
thousands and the introduction of the cloud can disrupt existing segmentation
policies and make it difficult to maintain efficacy. Each point of enforcement
could contain hundreds of individual policies. As the network grows in users
and assets, segmentation policies can quickly become outdated and ineffective.
Retaining segmentation integrity is an important security function in
today’s world of advanced threats and high-profile data breaches. To properly
protect themselves, organizations need to constantly maintain segmentation,
adding new policies and adjusting existing ones as network needs change.
One way to tackle the challenges of traditional access control is with
software-defined segmentation, which abstracts policies away from IP addresses
and instead bases them on user identity or role. This allows for much more
effective and manageable segmentation that can easily adapt to changes in the
network topology.
Active segmentation for effective
access control: When you couple software-defined segmentation with an intelligent
planning and implementation methodology, you get active segmentation. This
approach to segmentation allows network operators to effectively cordon off
critical network assets and limit access appropriately with minimal disruption
to normal business functions.
When implemented correctly, active segmentation is a cyclical process of:
1.
Identifying and classifying all network assets based on
role or function
2.
Understanding user behavior and interactions on the
network
3.
Logically designing access policies
4.
Enforcing those policies
5.
Continuously evaluating policy effectiveness
6.
Adjusting policies where necessary
