Balancing Security and Risk in a Cloud-Connected Enterprise

All you did was click on a connection request in the morning. How does an organization balance time- to-market, cost concerns, security, manageability and risk in the move to a cloud connected enterprise?

Redefining Context

Traditional approaches to delivering IT focus on offering applications on premise within our own data centers.IT shops are bringing in cloud services to their enterprises at a rapid  pace, including Infrastructure-as-a-Service (e.g. Amazon EC2), Software as-a-Service (e.g. SalesForce.com) and Platform-as-a-Service offerings with connections back to their own data centers. To modernize our systems, we have to redefine the context upon which we think about  delivering IT around four areas;Who is the user?, What data are they trying to access?, Where is the user and  the data?, and How are they accessing the information?We can think about this approach as ‘Context Aware IT’, where the level of assurance of the data defines the required level of trust. For example, if you normally access your banking mobile application in the U.S., then find yourself in Europe the next day, do you think you should be able to access the app the same way? Due to your new, non-usual location, you should be prompted for another credential to verify your identity before getting access to your sensitive data. Similarly,let’s say you’re on your way to work with a slew of personal applications  on your phone. When you arrive at work, your company’s Mobile Device Manager (MDM) can turn off access to portions of your phone’s functionality or content leveraging geo-fencing (location), protecting  corporate assets from potential  harm. By using a Context Aware IT approach, we can determine who and what we can trust.

“Balancing a user’s needs in an ever evolving IT landscape while is covering the optimal security and risk envelope for an application requires a new way of thinking “

New Approaches and Technologies As applications are being deployed  within an organization at an exponential pace, IT shops are struggling with how to manage this new application sprawl both on and off premise. Balancing security and risk in a cloud connected enterprise requires approaches and technologies that allows IT the agility, flexibility and transparency to manage a myriad of applications across environments. A new approach has emerged that picks up where server virtualization

left off application containerization. By deploying applications into an  application container, IT shops can quickly scale applications both on and off premise, breaking the traditional one-to-one tie from system to application and allowing multiple applications to reside on the same  underlying operating system. An important additional value proposition is the ability to dynamically move applications across cloud service providers, eliminating vendor lock in. If a cloud service provider has been compromised, the application can be easily moved to another provider by simply moving the container, reducing an organization’s risk profile. Coupling Application Containerization with Virtualization and other technologies can increase an organizations’ security posture while delivering the power and value of the cloud to a consumer’s hands.

What does this all mean?

Balancing a user’s needs in an ever evolving IT landscape while discovering the optimal security and risk envelope for an application requires a new way of thinking. Coupling Context Aware IT with new technologies can enable IT to take better advantage of its on premise systems and embrace the power of the cloud. Security and Risk leveraging this approach can be quantified by understanding the level of trust based on the value of the information protected, ensuring that system security is context aware around the applications and associated data. Cloud is no longer somewhere we want to go, but somewhere we will go. How you get there is the question. Context Aware IT just might be the answer.