2012년 7월 24일 (화)
As cloud computing continues to make its presence in the technological world felt, the need for not just data security but identity security in the cloud becomes prominent. With the cloud, it becomes a matter of control as well as security. According to Channel Biz, this has also come to bear as more organizations are moving from hybrid environments back to a dedicated private cloud.
This need for control of overall services requires a different take on cloud authentication than had been seen in the past. Beyond just the overall network level, this is taking hold on the application and application program interface (API) levels.
Identity is also a major part of the focus on security with the launch of Microsoft Office 2013. According to InfoWorld, the new launch is marked by a major shift from endpoint device security to one that puts the focus on the user. The largest motivator behind that shift is the cloud.
"[This release] makes a fundamental change from computer-centered identity and authentication to user-centered identity and authentication," a Microsoft overview of the launch says. "This shift enables … personalization to roam seamlessly with users as they move from desktop, to tablet, to smartphone or to a shared or public computer."
By putting the focus on identity management as opposed to device management, it allows IT to take back control of such tools. The authentication represents the shift throughout the cloud environment, as organizations look to put security needs back inside the corporate bubble.
Beyond the changes in cloud security that are apparent in commercial applications, the shift to stricter identity protection can be seen in the OAuth 2.0 authorization framework, according to ZDNet. If the framework receives approval from the Internet Engineering Task Force (IETF), it will represent a new, standardized way to look at securing mobile applications and API calls.
Although the framework is set to cover web security outside the cloud as well, the access of certain types of APIs covered under OAuth 2.0 are popular for applications that reside in the cloud. Using these APIs, clients can communicate with applications, while the applications can also communicate with one another.
Where the OAuth 2.0 framework really impacts cloud security is with mobility. It changes the game with relation to identity and the requirements for single sign-on. It also eliminates the need for a password and instead relies on access tokens to confirm identity.
-McAfee Cloud Security