According to a recent study, Gartner, as reported by InfoWorld, Cloud Computing was mentioned as one of the top two technology priorities for CIOs in 2010. What is also interesting that at the top 10 list is also the security technologies.
The concept of cloud computing is not new. The economic viability of this model is completely convincing for many companies with Gartner study also mention cost reduction and improved workforce efficiency as two of the top 10 CIO business priorities. However, concerns about security and relinquishing control over sensitive corporate data blocked the widespread adoption of cloud computing in the last few years. But still evident is that cloud computing era is approaching quickly. And here's why.
Past experience has taught us that the economic viability is a strong driving force for innovation, and that the drive will prevail over the technical challenges. An example is the switch from mainframe computing paradigm, which dominated the marketplace in the ' 80s, to client-server paradigm that prevailed in the 1990s. Mainframe generation was characterised by the silos of data and voice communications. In this generation, dumb terminals used to connect to the proprietary mainframes for specific yet limited computing applications with voice, video and data separated running on the whole network. Mainframe paradigm was simple and secure, with companies become fully managing the access rights to data and applications.
The economic advantages of unifying voice, video and data applications on a single converged network was, however, a stronger and more predominant force. Continuing this example, the hot-dip galvanized client-server paradigm, the adoption of the TCP/IP in the world, which in turn spurred the development of the Internet and unified communications.
These same concepts apply to cloud computing industry. The economic viability of capital based on the almost unlimited elastic computing resources required for the rapid and effective implementation of IT projects, will overcome the security considerations. The fact that the existing cloud computing vendors misappropriation and large new players entering the cloud computing market, is yet another indication that this industry has begun to occur successfully across the gap.
This market growth is an indication that the adoption of the technology is to be delayed from the early adaptors, who is the visionary in the wild to the pragmatic early majority. There is ample evidence that cloud computing WINS momentum. Amazon grows considerably, their Elastic Compute Cloud and S3 services and a stock price appreciating more than 175% from January 2009; Google Apps Engine challenging Office applications, Microsoft dominance and Salesforce-dot-com's stock price is appreciating over 180% in the last year, there are also new large players who enter this market, including IBM with Blue Cloud and with at&T Synaptic Hosting, and the expectation is that other large ISPs would add cloud services to their portfolio in 2010.
Regardless of whether your company is an early adapter or an early majority of the company, if you want to adopt cloud computing technologies in the foreseeable future, and then an interesting issue to consider would be: "How would the adoption of cloud computing and SaaS applications affect the enforcement of corporate policies for mobile users?"
The traditional approach to enforce corporate access security is to require mobile users access to the corporate LAN to launch SSL VPNS or IPSec VPN clients. With these technologies is established by the application or tunnels, the network layer, respectively, to ensure the confidentiality of data traversing these VPN. Challenge of this approach is that mobile workers use their corporate remote access devices to gain access to the Internet either does not launch your VPN clients or their sessions are routed directly to the Internet through a provisioned on split tunnel access routers.
When remote users access to the corporate LAN via VPN, they are protected by firewalls with UTM (Unified Threat Management) functionality. However, this is not the case, when users connect directly to the Internet. In this case, they are exposed to a multitude of risks, including viruses, phishing and spyware.
A practical example of this risk would be the following scenario. Consider that you are using your company's laptop computer to log off from your home to Dolphin Stadium and the Miami Dolphins team Web site to buy tickets for the 2010 Super Bowl football game. Not aware that this site has been hacked into (based on a real scenario *), and it will download and install a malicious code on your portable computer. This code works as the Trojan and can install a keylogger code and disable the anti-virus program on your portable computer. Purchase your tickets to the Super Bowl, decide it is time to get some work done, and log in to your Google Apps. Unfortunately, your password to the Google Apps captured by keystroke logging and compromised at the time. This scenario could have been avoided with a mobile connection manager blocking remote access to Google Apps, after the demonstration, that AntiVirus program is disabled.
As the control point in the cloud computing era offset from the VPN connection, the connection manager is required to enforce corporate policies for endpoint security. The recently announced Open iPass Mobile platform is designed with this paradigm shift in mind. Open the Mobile client always runs on the mobile device, which makes it possible to become the ultimate control point for all mobility purposes, regardless of whether access to the applications reside in the cloud or registered on the local area network.
The client is in most cases, it is transparent to end-users, enforce policies in the background. Policies may include optimal network selection, launching and passes on the user's credentials to the VPN clients and the integrity of the controls perform swatch and remedies. The Court of Auditors (Event condition action) functionality of the open Mobile Client empowers it administrators to enforce corporate endpoint security policies. The Court of Auditors is used to enforce both prior to and post-connect policies and spans across all integrated technologies (e.g. VPN) and use (e.g. UTM apps running on the mobile device).
* Based on a real hacking scenario, refer to the website of the PC World article "Super Bowl related Websites Hacked." or http://www.pcworld.com/article/128750/super_bowlrelated_web_sites_hacked.html.
By Michael Segal, iPass.
iPass Inc. helps companies and individuals to reconcile management remote and mobile connectivity. IPass software and services, enterprise customers can create easy-to-use wireless and broadband solutions for their mobile workers, home offices and branch and retail locations, complete with web-based management, the security validation and total invoicing. Visit us at http://www.ipass.com or blog on http://www3.ipass.com/blog: or find a hotspot on: ipass.jiwire.com
No comments:
Post a Comment