Grounded in the Cloud
HP Helion brings together all the speed, agility and cost benefits of cloud computing, and with all the possibilities and interoperability of open source. Providing the cloud practitioner in you, the flexibility, reliability and security that enterprises need to move forward with confidence.

In this blog, we will explore the unique challenges and solutions of enterprise cloud deployment and usage. And in so doing, help you on your way to design, build and manage enterprise-grade infrastructure, platform and application services for the Cloud. Come join us now on this journey….

Cloud in the Enterprise–Security 4–Where is Safe?

By Roger Lawrence, Chief Technologist, Strategic Enterprise Services - HP South Pacific

 

When I was at Microsoft, I had the occasional opportunity to work with Jesper Johannsen and Steve Riley, two of the Security Evangelists at the time. Jesper moved on to Amazon. Steve to Riverbed. They had a saying:

“If I have physical access to your computer, I own your computer.”

 

This is one of the immutable principles of computer security. Given enough time, any security system can be hacked.

Which brings us to this week’s topic: What happens when security systems are more secure in the cloud than on premise?

  under_desk.jpgCapability Maturity

 

This all comes down to the capability maturity of your organisation. If we go back a short decade or so, most PC-based applications were architected in a distributed fashion. This was because of two technology constraints at the time:

  1. Expense and Reliability of Network Bandwidth

WAN technologies were still in their infancy, and hugely expensive. It was more cost effective for organisations to distribute servers to branch sites, because LAN traffic was a lot more reliable and cost effective than WAN traffic.

  2. Compute power

Simply put—computers could process fewer transactions. So instead of paying for the expense of a data centre with tens or hundreds of computers needed to support thousands of users; it was less expensive to host few servers on branch sites.

Roll forward a

decade, and there are large enterprises that still host a number of critical systems at branch sites. This even though network bandwidth is hugely more reliable and compute power has increased by a factor of at least 64. Examples include: Active Directory Domain Controllers, Dial-In (RADIUS) servers, mailbox servers and other network intensive applications.

 

This is mainly due to the capability maturity of an organisation. Many enterprises still see IT as a Technology Provider. They simply see it as a cost centre that provides IT systems as a support function to the business. In that model, IT never gets the capital to re-architect or consolidate services. It’s just easier to keep current systems running

Which brings us back to:

 

“If I have physical access to your computer, I own your computer.”

 

The Domain Controller for your organisation, at the very least, contains all of the authentication and access control for compute resources across the enterprises. Often these contain the hierarchical relationships and contact details for employees too. If someone can get access to one of your DC’s—because it’s in a remote site—they can engineer access to your entire network.

 

Of course this doesn’t only apply to Authentication Services, but to any application that is hosted across the network.

This also doesn’t only apply to confidentiality of information, but also to availability. Giving remote users access to services hosted in branch offices increases the risk of denial of service (because there is no network access) or the risk of unnecessary traffic on the branch network.

 

In these instances, hosting these services in the physically secure data centre of a cloud vendor, architected for High Availability both physically, and logically, is more secure than on premise.

 

What are your thoughts? Do you think the Cloud is more secure than a data centre? Why or why not? Share your thoughts in the comments section below. I know the other readers will want to hear your thoughts as well.

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Roger has been trying to get out of Information Technology since programming COBOL on mainframes in the late '80's. But no matter in which c...
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.