We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Before we dive into how things look in traditional environments versus a cloud enabled environment lets do a quick security 101 catch up. I always break security up into two challenges. To start with we have the problem of authentication, which is the task of proving the identity of the requestor. Once we are sure the request has come from a certain source then access control can be used to determine if the requested action can be performed on the requested resource. Traditionally this model has always supported role based access control. This is where access to resources depends entirely on who the requestor is.
With the huge increase in popularity of mobile devices such as smart phones and tablets the security around data accessed from the cloud has obviously received a lot of attention. Many organisations see it as a threat and a blocker to moving some business functions into the cloud. As this could be true for certain data in certain industries it is actually far less of a concern that people might imagine. It has also presented an opportunity to revisit the old role based models and develop that out into something far more powerful in context based models.
A context model takes into consideration not just who the requestor is, but under what conditions that request is being made. In it’s simplest terms it could mean providing access to data for a requestor when it originates from a corporate desktop but not when it comes from a mobile device.
However, this is just the tip of the iceberg. The model is built to take consideration of other factors and sensors that mobile devices provide by default. One primary use I have seen is the requestor’s physical location, provided by GPS or cell tower triangulation on the device.
This could feed into rules such as only allowing access to data when the request is made from a single physical location. A good use case of this would be the delivery of documents such as financial contracts or legal and evidential papers.
The user would save the documents with the mobile device but would then be unable to access them in anyway until the destination was reached. This could enforce no tamper or evidential weight requirements on documents and media whilst being moved from a lawyer’s office to court for example. It also prevents a stolen device allowing access to that sensitive information unless of course, the perpetrator would like to sit in court in order to gain access. So you can see the opportunity in the ability to track not only who the requestor is but where they are and in what context the request is being made.
Technology is supporting more and more of this vision with additions such as biometric readers, motion and environment sensors as well as more accurate positioning data. Even the increase in personal cloud technologies such as Near Field Communications (NFS) and low energy Bluetooth beacons provide context around the requestor and their circumstances.
The other technology required to support this is a data based rules engine. If performed in the traditional way, where an administrator manually sets permissions on files and directories, this would soon become laborious and unwieldy.
The alternative is to use analytics or a machine based algorithm to classify the data using a predefined taxonomy and then tag the data with the appropriate access rules.
I’ve written before about the need to change the way data is represented for cloud services with a shift toward object based data stores and away
from file systems. That is made possible following industry standards such
as the Cloud Data Management Interface (CDMI) which is maintained by the Storage Networking Industry Association (SNIA).
This same meta data based solution is the perfect agent to implement these complex rules based algorithms as not only do we now have context about the requestor, we also have context about the data objects themselves. Layering these two things together produces a rich source of clarity that can be used to make access and action decisions.
Cloud security is seen as a blocker by some organisations in the same way that virtualisation was “putting all eggs in a single basket”. I see it as an opportunity to make things more secure and embrace the focus that it forces us to put on access control and user context identification.
