Part three of my three part series on Cloud Security Standards is available on the Intel blog (Part 1, Part 2, Part 3)
Part 1 examines four Identity and Access Anti-Patterns that occur regularly with enterprises moving to Cloud include:
- Low/no access control - we'll see if it works and add security later
- Replicating user accounts - copying enterprise directory in full or extract to Cloud Provider
- Copying credentials - copying or hardcoding credentials to Cloud based services
- “Trusted” proxy - Gateway is a pass through lacking support for security standards and services
Part 2 looks at how SAML, oauth and other standards help enterprises retain control of user management whilst leveraging Cloud services. Part 3 looks at how XACML can be used to close out some of the gnarlier Anti-Patterns through improved integration and granular, dynamic authorization.
Gateways are ideal for providing the Policy Enforcement Point function, to intercept requests before they reach the resource and ensure the request is authorized.
Posted by: james | January 27, 2012 at 02:45 AM