As more and more business move their primary IT and other functions to the cloud there is one issue that is always present; security. It is similar to the early days of online shopping and banking when many consumers were concerned that anyone could gain access to their credit card number or bank account information. But, over the years we have learned that while online banking and shopping is not 100% bullet-proof (frankly nothing really is); it really is quite secure.
With the move to the cloud, security is an ever-present topic for conversation, and it should be. There is a certain leap of faith that occurs when an organization moves a system or function off their premise or control to someone else’s data center and custody. Recently, however, there was a report issued that sent a pretty strong message surrounding the cloud and security.
On May 15th, the White House’s National Security Telecommunications Advisory Committee (NSTAC) issued a report on cloud computing to the president. The main topic of discussion was should the government consider moving vital systems to the cloud and what are the implications for areas such as national security (NS) and emergency preparedness (EP)?
The report weighs in at over 100 pages but the overall message direct from the report’s executive summary says “Conceivably any NS/EP process, including the most sensitive matters, could be moved to “some kind of” cloud, given proper attention to architectural and security decisions. The key qualifier in this judgment relates to the choice of deployment and service model, each seen in the context of the specific mission to be migrated.”
Additionally, the report adds, “At the highest level of summarization, the NSTAC’s response is that if and when cloud computing can demonstrate a regime of policy, legal authority, security, and oversight that is comparably rigorous, complete, and trustworthy relative to those currently in place for NS/EP activities via legacy means, then the response is “yes.” In so doing, efforts must focus on implementing recommendations designed to permit cloud computing to operate at that level in regard to NS/EP.”
As one reads through the report it becomes quite clear that the government is taking the cloud seriously and sees its application for redundancy, disaster recovery, and flexibility as its key strengths. One could simply stop there and say, if it’s good enough for the government, it’s good enough for me! Clearly that is not a strategy that any organization will find acceptable for vetting their system security in the cloud.
Let’s take a look at video conferencing and visual collaboration. What are the areas of concern and security implications for these systems?
- Network – a major concern for any network administrator is a hacker or other outside influence gaining access to a private network. With infrastructure and other technology in the cloud, secure VPNs and other connections may be established, virtually linking your locations with the cloud data center. To ensure that there are no intrusions, proper firewalls must be in place and security policies must exist that prevent the exposure of IP addresses and other network information.
- The Room – there have been more stories about conference rooms being hacked. This was accomplished by gaining access to room IP addresses in addition to the auto answer feature being enabled on individual conferencing systems. When hosted in the cloud, the network measures mentioned above can help to reduce or likely eliminate any security threats to the room.
- Infrastructure – Organizations want to ensure that outsiders can’t simply gain access and start using ports for their own nefarious reasons, especially with a bridge. A strict policy of IP address security, conference pins, and authentication can ensure that bridges are locked down and only used for the purpose that they were intended for.
Visual collaboration is only one of thousands of functions that can be moved to the cloud. With the government looking so closely at the cloud, it makes sense to examine your organization’s systems in the same way the White House did. When taking all of these considerations into account you can feel confident that your cloud hosted system is secure and will perform to the highest standards possible.