Spread-out organisations using cloud constructs may have to share information across continents, and this need for sharing creates security imperatives of its own. The identity of the persons sharing information needs to be captured, validated, and the organisation needs to satisfy itself that the sharing entities meet, at least, the minimum authentication requirements before allowing them to access or share the information. Where data is considered, mission-critical additional layers of authentication may be implemented to gain a greater degree of confidence in the identity of the entities accessing the information.
There are some best practices that are generally followed in the development of a layered authentication system for cloud computing. The components generally used for authentication are often described as: what you know, what you have, or what you are. When two factors are used, the authentication system is called a “two-factor” authentication, and when all three factors are used, the system is known as “multi-factor” authentication.
What You Know
“What you know” is the user name and password. The type of user name and password used may be dictated by the policy of the organisation. The user name may be required to be of a specified length—say eight or ten characters. The password may have to include numbers, symbols, upper and lower case characters that total up to a specified length. The password cannot be a dictionary word or same as the user id. Some organisations may enforce expiry of the password within a specified period of 60 or 90 days. Users cannot use the same password twice. The password will not be displayed to the user when it is entered.
What You Have
“What you have” may be a token or smart card issued by the organisation to the individual employee. The token or smart card may contain network information, user information, positive device identification, user profiling or challenge or response questions that identify the user. This type of second level authentication is very dynamic and allows the organisation the leeway to use a variety of mechanisms in accordance with the needs of the organisation or the level of the personnel being authenticated.
What You Are
“What the user is” is a biometric authentication. The user’s fingerprint or iris scan is pre-loaded into the authentication database. The user fingerprint or Iris scan will be matched with the data already available in the system before the user is authenticated and permitted access.
The cloud adopts a consumption service approach to computing. The cloud separates the application layer from the underlying resource layer and introduces an extraordinary level of flexibility to computing. Resources can be requisitioned on the fly and resource utilisation can be maximised. Resource capacity levels can be set to meet aggregate needs and utilisation levels can be maximised to reduce the cost of infrastructure deployment. Business users can ask for and use the right amount of technology at the right time for the right activity.
This is true irrespective of the fact that, cloud computing is delivered through a variety of configurations on demand. The cloud can be a private cloud that resides inside a firewall. The cloud can be a public cloud that is hosted on infrastructures owned and managed by the service provider and used by multiple enterprises collectively. Hybrid clouds are clouds that bridge public and private resources and use resources that exist inside and outside the enterprise firewall. Each of these models allow users acquire or discard additional resources on demand.
However, this promised flexibility has not been achieved overnight. It has evolved gradually, with a lot of interaction between the provider and the end user and an extraordinary understanding of the needs of the other. Three decades of intense efforts that have paid off. Organisations and cloud vendors that were initially focused on cost efficiency moved on to focus their attention on quality and then on to business agility and further reduction of operating and capital costs. Vitalisation has enabled the aggregation and consolidation of data centres and promoted the creation of large elastic pools of computing resources.
Standardisation and automation of applications and services have given the users freedom to deploy or use applications when wanted. Simplification and centralisation have freed administrators from repetitive troubleshooting, patching, and change management. Policy based workflows empower the workforce access and use information from wherever they are , and on whatever device they may choose to use. All this translates into cost savings on an extraordinary scale and opportunities for businesses by reducing time to service.
In short, the flexible computing paradigm will create a revolution in the way people work. The cloud may enforce standardisation, pre-packaging of services and evolution of “no-touch” concepts. Management will no longer avoid change, but embrace it and work with it, so that business flexibility and agility is exploited effectively and efficiently.