Managing identity security in the cloud

August 3, 2012

No matter where cloud computing goes, it simply cannot escape the mention of security concerns. One of the biggest issues comes when trying to maintain identity security in the cloud, as the opening up of new endpoints makes controlling access a necessity. What comes along with that is the complex nature of cloud contracts, where understanding internal systems and security controls is just as important as cloud security.

Part of the duality comes from the constant battle over who is more responsible for both identity and data security in cloud computing environments. It means companies looking to move to the cloud can feel confident in security, but can't make assumptions about the protection that vendors provide.

"The biggest frustration is determining whether they did that - if a provider cannot give you definitive evidence [through testing and data verifications that their product is [as] secure as they say it is, you have no ability to make a business decision to use it," Gartner analyst Jay Heiser told Computerworld.

Cloud identity
For some companies, it comes down to finding a way to manage and secure cloud identity that can assuage any concerns with overall security. When Colorado-based brewer Molson Coors migrated to the cloud, the complex nature of the move was evident. For Molson Coors to gain full control and feel fully confident, the identity management system's security company CISO Kevin Schmitt had to ensure that all the encryption keys and other access control measures were squarely under his command, according to Computerworld.

By taking identity management into the cloud, while keeping the controls close to the chest, Schmitt was able to get over the security concerns and into the cloud.

"I can't say there wasn't any fear, uncertainty or doubt over this," Schmitt told Computerworld, "but all of these cloud providers authenticate differently and we did not find there was an advantage to having the identity management in-house."

Single sign-on
One of the more popular controls used to control access and identity when in the cloud, although one that Schmitt and Molson Coors passed on, is single sign-on. While is is one option when it comes to securing identity, TechTarget warns that it could result in more vulnerable security across the board.

According to the news provider, just that challenge is presenting cloud providers and customers with a dilemma. They must walk a tightrope between convenience and potential security issues with data security.

-McAfee Cloud Security