Authentication in the Cloud
Cloud computing is changing the way we interact with devices, software, data and processes. But some things never change, and one thing that remains true across the old and new computing paradigms is the importance of authentication to confirm the identity of the user and/or system with which we're communicating.
Identity management and authentication form the basis for security whether in the cloud or on the local network. Managing identities has been enough of a challenge within the corporate network, and became more so as businesses formed federations for the purpose of sharing resources across organizational lines. Private, public and hybrid clouds are adding yet another layer of complexity.
Learn Cloud Security
Users want security to be seamless and transparent. Users' top priority is access – the ability to get the information they need to get their work done, as quickly and conveniently as possible. The problem is that security and convenience will always occupy opposite ends of a continuum; the more you have of one, the less you have of the other.
In a private cloud, to which users log on via a virtual private network, authentication can work effectively the same as on a local corporate network. Public clouds may be a different story, since it's all dependent on how the cloud vendor has implemented security.
Single Sign-On (SSO) is the holy grail of authentication. The good news is that federated identities are capable of bridging the gap and allowing users to log onto a public cloud service (for example, SalesForce.com) using the same username and password that serve as their corporate credentials. The bad news is that only some public cloud services offer this convenience.
For the most part, both IT/cloud professionals and end users are still struggling with authentication, which translates in the latter case to the need to remember multiple passwords and user names for multiple cloud services, and in the former case to supporting all those users who inevitably forget some of those passwords.
Then there's the whole problem with passwords, which is that they're crackable through brute force attacks and social engineering, or can be exposed through security breaches targeting major cloud sites and providers. Many users just recently went through the experience of having to change many of their passwords for fear they could have been accessed by exploits of the Heartbleed vulnerability.
Multi-factor authentication provides significantly more security but is being implemented slowly, even within local corporate networks, much less in the cloud. Biometric authentication has the potential to be the most secure form of single sign-on once the kinks are worked out, and solves some of the problems inherent in other forms of two-factor authentication. Users don't "forget" their fingerprints, lose them, or go off and leave them at home. And Hollywood fantasies aside, cases of the bad guys severing a finger or removing an eyeball to use it to gain unauthorized access are likely to be few and far between. However, a number of obstacles to adoption still exist, which include cost of biometric scanning equipment and users' fears of invasion of privacy.
Meanwhile, the dream of cloud-based biometric authentication has been moving forward, albeit in baby steps. In 2012, NIST developed protocols for using web services to implement biometric authentication. A crucial factor in making any form of single sign-on for the cloud work is standardization, and what better organization to set those standards than the National Institute of Standards and Technology?
Learn Cloud Security
Authentication isn't the only area in which standards are needed to enable dependable and interoperable cloud deployments, though. Check out Ricky and Monique Magalhaes' article on Standards and Good Cloud Practice
over on CloudComputingAdmin.com for a discussion of how standards relate to good cloud function.
In this Series
- Authentication in the Cloud
- The rise of cloud computing: Trends and predictions
- Understanding the basics of cloud infrastructure: What you need to know
- How cloud security, data privacy, and cybersecurity convergence drives successful careers
- Secure cloud computing: What you need to know
- Working across multiple cloud service providers: CSP security learning path
- Securing cloud-based applications training: What you need to know
- Security risks of cloud migration
- DevSecOps in the Azure Cloud
- Amazon Athena Security: 6 essential tips
- Securing cloud endpoints: What you should know
- AWS security and compliance overview
- CloudGoat walkthrough series: IAM privilege escalation by attachment
- CloudGoat walkthrough series: EC2 server-side request forgery (SSRF)
- CloudGoat walkthrough series: Remote code execution
- CloudGoat walkthrough series: Lambda Privilege Escalation
- Information security strategy for the hybrid and multi-cloud
- CloudGoat walkthrough series: Cloud Breach S3
- CloudGoat walkthrough series: IAM privilege escalation by rollback
- Working with CloudGoat: The “vulnerable by design” AWS environment
- Malicious Amazon Machine Images (AMIs)
- Key findings from Ponemon’s State of Vulnerability Management in the Cloud and On-Premises report
- Cloud Pentesting Certification Boot Camp: The ultimate guide
- Cloud Based IDS and IPS Solutions [Updated 2019]
- AWS Security Monitoring Checklist [Updated 2019]
- Amazon Inspector: A cloud-based vulnerability assessment tool
- System administrator vs. cloud administrator
- 5 key cloud security use cases
- Deep Packet Inspection in the Cloud
- Honeypots in the Cloud
- Biometrics in the Cloud
- Open-Source Intelligence Collection in Cloud Platforms
- How to Safeguard Against the Privacy Implications of Cloud Computing
- AWS Cloud Security for Beginners — Part 2
- AWS Cloud Security for Beginners — Part 1
- AWS Security Monitoring Checklist — Part 2
- Rise of the Rogue Cloud: The Fundamental Security Mistake Enterprises Make and How to Correct It
- Controlling the Risks of Cloud-Enabled End-Point Security Products
- The Ultimate Guide to CCSP Certification
- Five Reasons Why Security Professionals Need the Cloud
- Amazon S3 Buckets-Hardening
- Cloud Service Reconnaissance
- Cloud Computing Security: Be Secure Before Moving to Cloud
- Cloud Technology Bringing New Possibilities in Threat Management
- Attacking the Cloud
- Man in the Cloud Attacks: Prevention and Containment
- Cloud originated DDoS attacks
- Where Is Your Data Safer? In the Cloud Or On Premise?
- DDOS Protection for Public Cloud Customers
- Security Barriers in the Adaptation of Cloud Technology
- SIEM as a Service
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Cloud security
Cloud security