Cloud services can be a security nightmare for IT admins. SAML can solve the problem and protect cloud-based data.
Security and cloud are two terms that are rarely heard together, simply because so few have faith in the pairing of those two elements. Yet, security has become one of the most important elements in any cloud-enabled enterprise. Nowhere is that more critical than with companies moving applications over to cloud based services – where a lack of efficient security can quickly derail any project and cause immeasurable harm to the business – just ask retailer Target how important security has become.
Those charged with keeping cloud applications secure are quickly discovering that there is a real security conundrum with cloud applications – how do you open up an application to remote use, yet keep it closed to those who should not have access?
After all, a poorly protected application can potentially expose businesses to all sorts of problems, ranging from data theft to service interruptions. The real challenge for security administrators comes from a lack of control – cloud based applications are beyond the controls of the firewall and may involve data traversing a multitude of routers, data centers and hosts.
Further complicating those cloud security issues is the concept of mobility, where employees must have the capability to accesses those services from remote locations, completely eschewing corporate policies, data center controls or other security mechanisms – meaning that IT administrators have absolutely no visibility into transactions and are completely powerless to authoritatively protect corporate data in transit.
While the problems with cloud application security are nothing new, IT administrators are starting to see some powerful security technologies come to their aid, and new services and products are arriving on an almost daily basis, which aim to serve and protect corporate data traversing the wild west of the cloud.
Using SAML to protect the cloud
The key to protecting information purveyed by cloud services comes in the form of SAML (Security Assertion Markup Language), an XML-based open standard data format for exchanging authentication and authorization between multiple parties. The use of SAML is on the rise and a multitude of cloud services vendors, such as Concur, Salesforce, SugarCRM and countless others have implemented support for SAML. However, SAML alone won’t protect much.
The trick is to integrate a few different technologies around SAML, such as SSO (Single Sign On), encryption and intrusion detection – all of which, when combined give IT administrators control of cloud application security, akin to the level of security offered inside the firewall.
That combination of technologies also solves one other major challenge for IT administrators: the issues surrounding BYOD (Bring Your Own Device).
By enforcing what SAML is all about, administrators can regain control of the corporate traffic, even when it is accessed with BYOD technologies, effectively killing two birds with one stone – the security issues of cloud services and BYOD adoption.
However, SAML is not a roll-your-own solution for cloud application security issues. Solving those problems takes a little more than creative coding. It means relying on some type of a proxy to handle the traffic, as well as the authentication. A few vendors have come on the scene to offer exactly that – case in point is Campbell, Calif.-based BitGlass, a startup that has just begun to offer services that leverage SAML and provide proxy based access to some major cloud services providers.
Of course Bitglass isn’t the only player in town – other ventures worth a look include Airwatch, IBM Fiberlink and Citrix Zenprise – however those solutions focus more on the BYOD element than the general access to cloud applications. For the focus on security beyond the firewall and BYOD based concerns, a group of additional vendors are tackling cloud application security and are also worth a look. Those vendors include Adallom, CloudLock, Skyhigh Networks, SkyFence, nCrypted Cloud and a few others that are still in stealth mode.
The lesson here is that there is no longer an excuse to leave cloud applications with anything less than enterprise protection and that savvy administrators can research hosted security offerings to solve those thorny issues around both hosted applications and BYOD. However, IT administrators need to ask one major question – “Can I Get SAML with that?”