Did You Lock The Back Door, To The Cloud?

As Cloud Computing continues to grow in adoption, management of the network and security components is increasingly being outsourced to the provider.  From a standpoint of capital investment, scalability and flexibility, cloud computing is a winner; it makes sense.

Regardless of the operational model your business subscribes to, you need to be able to maintain control of your infrastructure.  Security and availability are critical components to a successful Cloud operational paradigm.  As you relieve your business of the burden of operational management, it’s important that you ask a few key questions when assessing the state of affairs of your network:

  • How is secondary network access (Out-of-Band) secured by the service provider?  If you have a large network under management, there will be a combination of network based facilities as well as dial up circuits attached to switches, routers and firewalls.  What are the security protocols used by service provider in accessing these devices?  If your business processes credit cards, these “back door” connections need to be protected by Strong Authentication.  The adherence to this level of security is typically diluted as network asset get further from the “core” of operations.
  • Do you have remote access to your core infrastructure if the primary network path is unavailable?  Maintaining access control to network elements should be critical.  If your Cloud model is one of SLA reliance and lassiez-faire network operations, how does your service provider control access to network locations?  Who has access to network facilities and are their movements being tracked (logged)?  For operational security and auditing purposes it’s critical to know these details.

With few exceptions, more businesses are moving toward Cloud based arrangements.  Networks have always been managed by the provider with little or no thought paid to any lack of control.  As increasing amounts of business critical data are managed and maintained by the service provider, companies need to ask the appropriate questions of their business partners.  Check with your service provider as to how they handle network security, with a critical eye to the often overlooked Out-of-Band management solution.