Cloud security:
a bilateral point of view

  • strip-0

    Data Protection

    The whole world digitalization paired with the constant development of technologies accessible to everyone brought to a very high production of data and the birth of data-driven services. In this context, Cloud services became a key element for both customers and enterprises, providing real-time access to data and services. The security infrastructure needs to be adequate to guarantee protection of sensible information and enterprise security compliances observation.

  • Spike Reply

    Spike Reply proposes a twofold sight of Cloud environments. On one hand, in the enterprise point of view, it enables companies to provide services and data to internal and external clients in a policy-related secure way. On the other hand, it started working on a possible future scenario, made by highly interconnected devices and services, that share information on the Cloud and that are able to provide a pervasive and comfortable user-experience during all the aspects of day-life in order to be able to assure a proper security and privacy posture even in highly innovative scenarios.

    strip-1

For what concern the enterprise, Spike Reply proposes the adoption of a Cloud Access Security Broker (CASB) solution, which is a new technology that already gathered the attention of sector leader vendors and at the same time consolidated its capabilities in approaching security between multiple levels inside the company’s infrastructure.

CASB’s main goal is to enforce control over security policies proposing a different, new security paradigm. This new paradigm aims to recognise a bilateral trust between Cloud Service Providers and Cloud Service Clients. This bilateral relation, which is not always assured from the security standpoint, is mandatory for allowing improved visibility, data security, compliance and threat protection at the same time.

CASB can be deployed leveraging different architectural approaches and using different technological components, realizing a modular and flexible solution that can be designed depending on specific enterprise’s needs.

To customers willing to adopt a CASB solution, Spike Reply’s proposal is to proceed with a risk-driven, iterative approach. The methodology starts with an initial assessment needed to gain visibility on the Cloud service usage, and follows with a gradual activation of specific modules and capabilities needed to regulate the usage of cloud services and to extend on-premise security countermeasure to the Cloud.

While working with CASB to protect corporate-oriented data and services, Spike Reply started addressing new scenarios, in which security will be inserted within a completely interconnected reality, where it will be increasingly difficult to separate physical and virtual world and the different entities involved will interact in a dynamic, complex and constantly evolving ecosystem.

To protect data and information collected from different connected devices, there is no need for new technological solutions, but a new conceptual model, an ecosystem approach to security. Spike Reply is working on the development of an identity-based framework, able to protect data stored in Cloud and coming from a large number of interconnected heterogeneous devices. The basic principle is to guarantee the owner of a Cloud resource the ability to monitor and govern who can access that data. This approach is based on the UMA (User Managed Access) model, which introduces in the scenario of Bilateral Cloud Security a third element, that joins the Service Provider and the Client: the owner of the resource. This scenario is able to effectively respond to current needs, but may still be not very flexible towards an interconnected, dynamic and heterogeneous reality. The solution, already planned by Spike Reply, is the development of an extension of this system, able to support the orchestration of the relations among multiple users, devices and services assigning a digital identity to each of them.
Within this paradigm, it will be easier to manage the relationships between owners of resources and the resources themselves, assuring the proper level of control over the protected data.