Cloud computing offers tantalising advantages, but carries inherent security risks. As experts continue to debate how significant those risks are, Hennie Moolman, Managing Director of network security expert, AfricaSD, suggests there are simple, elegant remote access precautions companies can be implementing already.
Like any novel approach, cloud computing is at the centre of a lively debate. On the one hand, it is viewed as the `paradigm shift` that is finally allowing us to harness the true potential of Internet technologies. While on the other hand, the approach poses new security risks that speakers at a recent security conference in San Francisco predicted will culminate in a `Pearl Harbour-style attack` by hackers.
The truth, as always, is somewhere in the middle.
Asking the right questions
Pioneered by the likes of Amazon, IBM and Yahoo, cloud computing allows for an organisation`s resources and data to be `virtualised` and distributed to data centres. These resources can then be accessed from anywhere as a service. The approach offers many benefits, including most notably cost-efficiency and ease of use, as well as infrastructural agility, scalability and portability, all of which promise to increase a company`s profitability.
Cloud computing also has the benefit of streamlining security procedures, since it allows remote users to access everything they need from a single point, but this point of access is becoming an increasingly profitable point of entry for cyber-criminals as well.
So, the two primary questions that companies adopting this approach need to ask are: who has access and, crucially, how are they doing so?
First line of defence
To answer the question of `who` has access to a system, companies should request a security audit from their service providers. It is, after all, their valuable data that is at risk should the system be breached. This audit should monitor whether access is restricted to the extent of a staff member`s duties and whether thorough background checks are being conducted.
Next is the question of `how` the system is being accessed. The first line of defence is, of course, the password and, in some respects, cloud computing makes the humble activity of password management even more critical.
Strong passwords contain random combinations of numbers and letters, which, as studies have repeatedly shown, the average person struggles to remember. Simple passwords, however, are at the mercy of determined hackers who can launch brute force attacks that decipher these passwords in a matter of hours.
Fortunately, the solution to this dilemma does not necessarily require investing in expensive technologies. Two-factor authentication, for example, can be used to provide the strength of a ten-character password without requiring remote users to memorise the sequence of numbers and characters it contains.
This elegantly simple solution works by using the user`s mobile phone to store part of the password. It divides the password into two portions. The first portion can be either the user`s existing domain password or a four-character pin that can be easily remembered and a longer, six-character pin that gets stored on the user`s mobile phone and updated regularly. When the remote user wants to login they simple recall their four-character pin and add it to the six-character pin stored on their phone to create a highly secure ten-character password.
Securing the cloud
Cloud computing is here to stay, because it is simply too advantageous to ignore. While it is unlikely we will see the technological equivalent of Pearl Harbour anytime soon, this trend does make end-user security, especially remote access security, even more decisive as an organisation`s first barrier.
Although the risks inherent in this approach are multifaceted and need to be tackled from a variety of angles, there are simple, yet elegantly effective precautions that companies should be implementing immediately. Adding two-factor authentication to remote user passwords is one such example of an inexpensive way of refining that critical first line of defence.
Share
Africa SD
Operating throughout the sub-Saharan region, AfricaSD provides organisations with a comprehensive network security service that includes security investigations, audits and threat analyses, as well as configurations and deployments.
AfricaSD supplies and supports a comprehensive range of market-leading products, covering every aspect of network security from anti-virus, authentication, content filtering, encryption, biometrics, firewalls and intrusion detection/prevention to unified threat management and wireless and mobile security.
AfricaSD also offers customers and reseller partners 24x7x365 support on all of its network security solutions. As one of the country`s foremost security training and certification centres, the company`s technical staff are all fully certified and trained on the entire product range and offer a convenient combination of one-to-one help and a wealth of technological resources.
AfricaSD offers its partners the very best products, training, support, leads and free product certifications. It is committed to keeping partners empowered and up-to-date with the latest relevant information and practices by making available, on an ongoing basis, a network of local and international third-party specialists and leaders.
For further information, visit the company`s Web site http://www.africasd.com or contact AfricaSD directly on +27(0)86-111-1737 or +27(0)12-665-2513.
Editorial contacts