McAfee Reference Architecture: Securing Cloud Applications

There’s an interesting phenomena happening. IT professionals who normally look after infrastructure and are accustomed to accommodating new business initiatives are now scrapping whole projects. According the recent CIO Insight Research Exclusive Where the IT Dollars are Headed in 2012, innovation is now coming from spending on mobility and cloud-related investments. New platforms and development are being budgeted for mobile, cloud-based and mobile device-specific applications.

Cloud applications provide many benefits for both end-users and IT. Not only are you able to provide a higher level of service, but you can also capture who’s accessing the applications, what devices they are using, and control how they interact with the data. These benefits help IT ensure valid authentication, maintain corporate policy, and control access and data from lost or stolen devices.

An accessible application from the cloud reduces barriers for the business that easily scale and support transactions 24×7. Moving forward with cloud-based development requires coordination with internal or third party developers, as well as the infrastructure, platform or software-as-a-service provider to ensure security is considered throughout the process.

When developing for in-house infrastructure, you have implicit trust with all of the components that will be used to support the lifecycle of this application. When developing or relying on others to develop for the cloud, trust boundaries completely change, and the defensive approach should be to trust no one.  Verify infrastructure – provide encryption at rest, encryption in transit. Auditing, logging, authentication and authorization should not be taken for granted. Ensure good coding, and that application vulnerabilities are uncovered through enhanced application testing.  This application is no longer within the friendly confines, and therefore needs to rely on the battleground that is the Internet – assume all inputs are untrusted until verified.

Cloud computing and applications are taking off, because many believe they will have significant cost savings. While they can be more effective, organizations need to consider the additional costs of development and allocate some of the savings to annual audits of cloud providers to ensure compliance, privacy and security.

Take a look at McAfee’s reference architecture for solutions that can span across traditional IT infrastructure and cloud, providing visibility and an optimized approach for assessing and taking action where it is most critical.  IT leaders will be forced to balance innovation aspirations with business reality in the coming years. Learn how McAfee can help protect your information as well as other aspects of your environment with a cost effective and holistic security framework.

-Kim Singletary

Leave a Comment

1 × 3 =