Cloud computing not only introduces a new level of flexibility for enterprise IT services, but it often improves data security, too. A cloud provider that has to adhere to stringent privacy and compliance regulations typically has more know-how and access to more resources than a small- or medium-size company. But it is just not possible to rely on a cloud provider for every aspect of data security.
In the end, the company is responsible for its own data. Many aspects of data security are beyond the purview of the cloud provider, but at least it is responsible for checking all certificates and knowing which ones are relevant. However, all basic security measures are the responsibility of the company. Among them is the protection of the data-in-transit between the company’s LAN and the data center in the cloud. The easiest way to ensure this protection is to use a location-to-location VPN tunnel.
If a VPN solution is already being used, the company has to make sure there aren’t any compatibility issues between its VPN gateway and the gateway at the cloud provider’s site. The VPN standards IPsec and SSL have been in use for many years and are tried and trusted, greatly reducing the potential for trouble. Usually the cloud data center provides a virtual machine on which the company installs another instance of its VPN gateway solution.
Major solution providers like Microsoft Azure, Amazon Web Services and Google Compute Engine provide extensive how-to guides and online manuals explaining how to assure compatibility with a VPN. Most providers even relieve the customer of that process by offering a turnkey, managed VPN solution. If needed, not only the LAN-to-cloud connection is covered, but client-to-cloud connections for the employees’ mobile end devices are provided as well.
For larger VPN installations, which extend over national borders, it might make sense to use value-added services offered by the telecommunications provider. For example, one big British telecom offers direct-managed VPN connections from all over Europe to the Microsoft Azure data centers in Dublin and Amsterdam.
But even though the all-in-one package sounds tempting, companies have to realize that they relinquish control of their IT security infrastructure when they use a fully managed VPN service offering. A company’s encryption keys and certificates, as well as storage spaces, may no longer be under its command.
However, the VPN and its security implications must be seen as only one element of the overall network security concept. If companies want to utilize cloud computing, they must protect data from end to end. A VPN secures data-in-transit, but it is much safer if the data starts its trip through the VPN tunnel already encrypted.
For a holistic security approach, encryption solutions have to be considered, and there also must be a clear separation between personal data and anonymous information. In order to achieve this, companies need robust security policies and – if PCI-relevant data is being processed – a good understanding of all relevant privacy regulations.
Several government agencies, including NCUA and NIST, as well as compliance organizations like PCI, have published guidelines that help enterprises tremendously with planning and operating compliant and secure cloud computing solutions.
Want to learn more about securing M2M communications? Download our whitepaper “Managing Secure Communications in M2M Environments” to find out more.
In Managing Secure Communications in M2M Environments, we cover:
– How to choose a connection method that’s right for your application.
– How to configure end devices so they can perform authentication steps.
– How to manage VPN configurations and updates without human interaction.