November 4, 2019
The cloud is totally in vogue. No matter where you look in the IT industry, recently everything has turned around Cloud. Everyone wants to be there, according to the motto “In is who in is”.
But what about the hype? I don’t give out my company data after all – not to mention my private documents, photos etc.. That completely contradicts what we IT admins have been branded with for decades: Confidential data must never leave the isolated company network! And now we should just throw this credo completely overboard and push everything into a big, grey cloud?! Attacks on the cloud are much easier because anyone can access it. My data is much more secure in my shielded, local IT network!
This is what the opinions of many IT admins sound like.
Cloud or On-Premises: What is safer?
But let’s approach the whole topic soberly; without any cloud hype, but also without any nostalgic feelings about our on-premises networks.
At the moment we all use the so-called fortress model to secure our data. That is, to avoid points of attack, we have sealed off our IT network to the maximum. A strong firewall strictly separates the LAN and the Internet from each other and prevents access from outside.
This procedure is very effective and attackers have virtually no points of attack. Job done successfully!
Mobility becomes more and more important
But since a few years the business world is changing dramatically. There is almost no sales representative who doesn’t have a smartphone or tablet and therefore needs to access company data at the customer. But also many other colleagues want to be all at once mobile and to be able to work from at home or with the commuting. And since it is primarily the bosses who want to access their data anytime and anywhere with their iPhones and iPads, secure solutions need to be found quickly. The necessary approvals are now gradually tearing holes in our beautifully sealed IT network. The increasing number of firewall releases is by far not the biggest problem for IT security. Above all, the solutions that the employees themselves have sought out to cover their needs are tearing huge holes in the previous security concepts. This is not meant by the respective employees at all badly. For example, if there is no official way to access the files required by the customer, the employees will simply send them to their private e-mail addresses, to which they have access everywhere. And company data is already on the way in the network, without the company admin still having control over it. This is exactly what happens every day, in almost every company. Some IT companies, for example, offer the service of checking companies for this so-called Shadow IT.
This shows that we have no choice but to move away from the rigid corset of the fortress model towards a security concept that is at least as secure, but at the same time much more flexible. So what does such a model look like?
Cloud: Flexible but sure of safety?
The so-called Citymodell takes a completely different approach: Basically, everyone first enters the network, but cannot do anything there. Only those who have explicit permissions to the individual folders and files can read, edit, etc., these files. This creates flexibility, as employees no longer have to sit in the company to be able to access data. In order not to let strangers rage completely free, the network is monitored by a self-learning Artificial Intelligence (AI) using various mechanisms.
Thus one goes away from the complete isolation, to the damage limitation. How is that meant?
If you compare the whole thing with a settlement, it might become a bit clearer.
The fortress model has, as the name suggests, a strong, thick wall around it. This keeps off a very large part of the attackers. But if somebody succeeds in overcoming this wall, the houses behind it are almost defenceless.
With Citymodell on the other hand, anyone can come to the city. But only those who have the key will get into the houses. If it should succeed to penetrate nevertheless once into a house, the perpetrator has only entrance to this one house, all others are still secured. In addition, people who behave suspiciously because they go from door to door and try out various keys are stopped by the “AI police”.
IT security in a stange
As we can see from this example, the security approach is changing drastically. While the majority of security in the fortress model depended on a strong firewall, the focus is now on protecting identities. Modern cloud environments therefore rely on the following pillars in their security concepts:
– Reliable identities
– Detailed rights/role management
– Artificial Intelligence
– Interaction of solutions
The city model is based on the premise that everyone is who they say they are. For this reason, protection of individual identities is the highest commandment in the cloud. However, the username and password protection used so far is no longer sufficient for this, which is why in most cases a two-level check is used. With each logon different data are collected, such as the computer from which the user logs on, the geoposition, the time etc. A usage profile is created from this data. If a login attempt comes from a foreign device or from another place, country, continent than usual, it is either rejected directly or the user is asked to verify his identity using a second factor. Usually this is a number that is sent by SMS or phone call to a stored phone number. However, it is also possible to confirm it in a special app on a previously registered mobile phone.
Detailed roles and right management
The next step is detailed rights and role management. If, despite the measures mentioned above, an account can be hacked, it should at least not be equipped with extensive administrator rights. And let’s be honest, who really needs administrator rights in a company? Certainly not everyone who currently owns them. But also the majority of us IT-Admins don’t need these authorizations the whole day and sometimes not even daily. For this reason we should all also rethink here. If the IT admins only had their extensive rights on weekdays from 6 a.m. to 8 p.m., for example, everyone could work regularly. But in the remaining times a few potential security gaps would be closed again. Alternatively you can assign the Administrator rights also On-Demand. A point to think about.
Once all these points have been observed and, at best, implemented, the cloud also protects itself – through the use of AI (artificial intelligence). No, these are not human-like robots that want to make us all evil, as Hollywood always wants us to know. The AI is a self-learning system, which detects deviations from standard operation by means of real-time analyses and thus prevents attacks. But this does not only happen on one server, but on all systems hosted in the respective cloud. This means that no matter which server, which project or which company is attacked, the KI detects the attack and takes defensive measures on all systems. If an attacker tries to hack an account of a company, he will be blocked immediately in the entire cloud and thus for all systems of all companies hosted there. This results in community protection, similar to a flu vaccination.
But the AI can do even more. It also analyzes all configurations and settings and proactively suggests improvements. Again, results from all cloud users are included.
Interaction of solutions
This cross-system approach is the great advantage of the cloud. This also applies to the administration of the individual solutions. If on on-premises systems separate solutions (e.g. e-mail and file storage) still have to be configured individually, users, authorizations, security settings etc. are managed in the cloud centrally in one place. Duplicate work and potential security gaps are thus eliminated. In addition, working is comfortable as dashboards provide a quick overview of all relevant information.
Existing on-premises solutions can hardly meet the modern requirements of an ever more mobile everyday life. The cloud, on the other hand, enables secure working at any time and (almost) anywhere.
Hosting many different systems, many different users in one and the same cloud, does not pose a security risk. On the contrary, the resulting swarming knowledge and artificial intelligence of the cloud provide a considerable gain in security.