Cloud and Mobile Security

Igor Altman

November 12, 2010

A few weeks ago, I discussed several issues concerning technology trends in the cloud computing market (as well as mobile). These issues are either opportunities for expansion stage companies who are looking to achieve thought leadership and competitive positioning, or concerns for the larger organizations who will be their customers.

Today’s topic involves security for access outside the company’s firewalls, which impacts both cloud and mobile deployments.

Items to consider:

  • If you’re engaging a public cloud provider, you need to make sure:
    • They’re secure by doing your diligence on them
    • You have a secure connection between your data center and theirs (if data transfer is necessary)
    • Employees / customers can access that cloud securely, and there’s enough protection to make sure if they’re accessing it from mobile devices or public computers, it’s difficult for someone else to get in (for instance, Salesforce.com relies on security tokens and Bank of America does as well, along with a picture password, etc.)
       
  • If you’re creating a private cloud for people to access from outside the firewall, you need to:
    • Have a solution that will allow you to dynamically assign security policies, permissions, virtual firewalls, etc. to different zones in your private cloud. On the one hand, you should retain the flexibility of the cloud, but on the other, make sure everything is secure and only the right people have the right access to the right data
    • Consider implementing security solutions that are out there for SaaS applications and websites, focusing on cross-scripting and SQL injections to make sure no one can crack into your cloud the way someone would crack into any server via a website
    • Have all the legacy security stuff for your data center still intact, but much more dynamic, including change management database integration, etc.
       
  • If you’re talking about mobile devices, you need to implement solutions that integrate mobile device users to Active Directory for the right permissions, and then be able to block the user from installing vulnerable or questionable applications on the device. However, the solution should still allow that user to get the full value from the device, encrypt and manage data on the mobile device, and be able to lock a user out if they’re terminated from the company. 
     

There are many other issues to consider, but if you’re thinking about cloud or mobile and haven’t thought about these, it’s a good start! 

Senior Director Project Management

Igor Altman is Senior Director of Product Management at <a href="https://www.mdsol.com/en/">Medidata Solutions</a>, a leading global provider of cloud-based clinical development solutions that enhance the efficiency of customers’ clinical trials. Prior to Medidata, he worked at OpenView focusing on new investments in the IT space.