Cloud security:
a bilateral point of view

For what concern the enterprise, Spike Reply proposes the adoption of a Cloud Access Security Broker (CASB) solution, which is a new technology that already gathered the attention of sector leader vendors and at the same time consolidated its capabilities in approaching security between multiple levels inside the company’s infrastructure.

CASB’s main goal is to enforce control over security policies proposing a different, new security paradigm. This new paradigm aims to recognise a bilateral trust between Cloud Service Providers and Cloud Service Clients. This bilateral relation, which is not always assured from the security standpoint, is mandatory for allowing improved visibility, data security, compliance and threat protection at the same time.

CASB can be deployed leveraging different architectural approaches and using different technological components, realizing a modular and flexible solution that can be designed depending on specific enterprise’s needs.

To customers willing to adopt a CASB solution, Spike Reply’s proposal is to proceed with a risk-driven, iterative approach. The methodology starts with an initial assessment needed to gain visibility on the Cloud service usage, and follows with a gradual activation of specific modules and capabilities needed to regulate the usage of cloud services and to extend on-premise security countermeasure to the Cloud.

While working with CASB to protect corporate-oriented data and services, Spike Reply started addressing new scenarios, in which security will be inserted within a completely interconnected reality, where it will be increasingly difficult to separate physical and virtual world and the different entities involved will interact in a dynamic, complex and constantly evolving ecosystem.

To protect data and information collected from different connected devices, there is no need for new technological solutions, but a new conceptual model, an ecosystem approach to security. Spike Reply is working on the development of an identity-based framework, able to protect data stored in Cloud and coming from a large number of interconnected heterogeneous devices. The basic principle is to guarantee the owner of a Cloud resource the ability to monitor and govern who can access that data. This approach is based on the UMA (User Managed Access) model, which introduces in the scenario of Bilateral Cloud Security a third element, that joins the Service Provider and the Client: the owner of the resource. This scenario is able to effectively respond to current needs, but may still be not very flexible towards an interconnected, dynamic and heterogeneous reality. The solution, already planned by Spike Reply, is the development of an extension of this system, able to support the orchestration of the relations among multiple users, devices and services assigning a digital identity to each of them.
Within this paradigm, it will be easier to manage the relationships between owners of resources and the resources themselves, assuring the proper level of control over the protected data.