You know what’s awesome? The added flexibility, speed and agility of using an Infrastructure as a Service (IaaS) cloud to get your job done more effectively. You know what’s less awesome?  Not having the same level of control or visibility over your data that you had when running on traditional systems.

Never fear though. All is not lost! There are ways of dealing with the issues that arise when you move to the cloud (especially public cloud). This four-part short blog series will cover the top four challenges and how to solve them.

The first big issue is identity.  While this is slowly starting to change, most IaaS providers today still don’t let you leverage protocols such as SAML to authenticate against any sort of centralized directory service like LDAP or Active Directory. This isn’t really a problem when you only have a few cloud users and one or two cloud accounts, but as usage scales up, this quickly becomes an operational and security issue -- and in many cases, also affects compliance.

The solution here is very cloud-like. Abstract the user away from the cloud credentials. Purchase or build a system that sits between the user and the cloud that can then act on the users’ behalf: this system can more easily be used to authenticate using either SAML or even directly against the directory itself. This has an added advantage in that not only does the cloud cease to be an IAM endpoint to be managed by IT,  the user also has no ability to login to the cloud service except through your controlled portal.  Voila - issue #1, resolved. 

In the next post, we’ll address issue #2 – access control and authorization. 

Interested in learning more about cloud security?  I'll be discussing data protection for multi-tenant cloud environments with industry analysts Paul Miller, Dana Gardner, and Caroline McCrory in a Gigaom webinar on October 14th, and will be available to answer questions from the audience at the end.  If you can't make the live webinar, it will be recorded and made available for on-demand viewing afterwards. Register here: