Secure what you put into the cloud, pt. 2

IaaS includes services such as Rackspace and Amazon EC2. In contrast to SaaS, enterprise IT has complete ownership of what applications are deployed in an IaaS environment, and a good degree of flexibility for securing them at the edge of the cloud. You should start with a micro-perimeter that can be deployed in the cloud and spun up and down elastically, and protect REST/JSON-style APIs.

For IaaS environments accessed exclusively via VPN, you can treat cloud applications like on-premise applications. But instead of deploying an agent as the policy enforcement point (PEP) for each application, use a more scalable and secure API gateway as a proxy-based PEP. If your applications need to be accessible to third parties, consider using a federation model instead of requiring VPN access.

For data security, on-premise DLP technology can work equally well for IaaS applications if it is made available as a standardized service that can be automatically provisioned.

Learn more here.

Secure what you put into the cloud, pt. 1

Multi-factor authentication is a popular option, especially with software tokens such as Verisign ID Protection (VIP). Many SaaS vendors also provide SAML-based integration with IAM platforms including CA SiteMinder, IBM Tivoli Access Manager, and Oracle Access Manager. And OAuth-based federation is quickly catching on for enterprise use.

At the very minimum, use your API micro-perimeter to protect the API keys used to authenticate applications calling SaaS APIs. Avoid the unsecure and non-scalable practice of distributing keys that can be hard-coded into applications; instead, consider using a DMZ-based solution (commonly referred to as an API gateway or cloud service broker) to securely manage and store the API keys and broker the authentication of on-premise applications to SaaS.

These technologies can also monitor data traffic going to the cloud in order to block, mask, or encrypt sensitive data.

Learn moreĀ here.