People, users, customers, lawyers and (possibly even) software application developers appear to have been worried about cloud security for some time now.
But many initial misgivings were quite quickly dismissed as users started to realise the proposition that the cloud vendors were coming to market with i.e. a cloud is (essentially) just a managed server… and so the data and applications that you put in it are only as secure as the security controls that you place upon them.
So can we dig deeper?
Companies such as Progress Software are championing ‘enhanced’ multi-tenancy as the killer development factor for cloud security.
As such, the firm has labeled the version 11.1 iteration of its Progress OpenEdge cloud application development platform as capable of delivering stronger security coupled with simplified user authentication.
How does it do what it says on the tin?
Progress has one of its customers on record to explain.
Phil Jones, VP of support and development at Bluebird Auto Rental Systems has clarified that the “enhanced multi-tenancy capabilities” in the latest release of the OpenEdge platform will “dramatically reduce” his administration overhead and improve application performance.
But, crucially, all this is done while keeping customer data physically separated and secure.
“The Progress multi-tenant database allows us to organise our data into regions to better align with the needs of our customers for improved reporting, streamlined maintenance, and simplified support activity,” said Jones.
Colleen Smith, vice president, SaaS, Progress Software, commented: “Before companies launch business-critical applications into the cloud, they expect the same assurances of data security and compliance that they have long expected from applications run on-premises in their own data centres.”
But what is enhanced multi-tenancy?
It’s hard to perform a search on enhanced multi-tenancy and not come back with one vendor name: Cisco.
More specifically that should be three names as Cisco, VMware and NetApp have worked together to jointly designed what they like to call a best-in-breed Enhanced Secure Multi-Tenancy (ESMT) architecture.
You can read an entire PDF on this subject here, but in brief… Cisco’s technology proposition is one of “defence in depth”
i.e. secure separation within data architecture implemented at all layers and within devices.
According to Cisco, “The Enhanced Secure Multi-Tenancy architecture supports enterprise applications from server to the desktop or virtual desktop. The architecture scales up and down as needed. It also meets the performance, availability, automation, and security service-level requirements of individual applications required to deliver IT as a service (ITaaS).”
According to Rackspace, “Public clouds are fundamentally multi-tenant to justify the scale and economics of the cloud. As such, security is a common concern. Whereas the traditional security perimeter is a network firewall, the cloud security perimeter now becomes the hypervisor and/or underlying cloud application. Thus far, security in the cloud has been good, but this is very cloud dependent and requires a solid design and operational rigor that prioritises security.”
… and the thought for the day?
Considering the supposed depth and penetration of cloud, the amount of industry discussion and analysis on this subject is comparatively scant.