The technicalities in cloud computing further depend on various technical aspects, such as, the type of installation, business nature, and data sent across and received.
Identity Management and Federated Identity
The broad categories of identities in cloud computing can be the Enterprise or organization, the Internet, cloud applications. As the number of cloud services increase, the organizations need to manage more identities. Though the applications are not developed and maintained by the organization, it still needs to develop and implement policies based on role-based access. This is known as Identity Management. To be more precise, Identity Management is the managing of identities, their roles, authentication, and privileges associated with enterprises, with the aim of maintaining security and increasing the productivity.
The processes in Identity Management include the tasks such as new identity creation, providing and defining access for the roles, audit and compliance, account management, and finally the account deletion when the identity is no longer associated with the organization.The first level of identity management is the traditional method of user authentication, where the users’ digital identities are used. Identity management is important as it is the core of IT security.
Identity management is important not only from the part of the organization using the cloud, but also is looked into seriously by the cloud vendors. The users provide their sensitive data while accessing the cloud services, which must be secure with the cloud vendor. If this data is vulnerable, users will not use the services of the particular cloud vendor.
Federated Identity or Identity Federation is the resolution for Identity Management. It can be a single-sign on (SSO) or Active Directory (AD) authentication. This process allows users to keep the same identification or authentication across various applications and company networks. In a federated identity management system, the participating organizations share identity attributes based on mutually agreed standards that facilitate authentication for other members, part of the federation, thereby granting appropriate access to resources.
Standardization vs Customization
Due to the heterogeneity in the Cloud environment and services, the requirement for standardizing the cloud arises. The standardization is required for the common actions such as data transfer, quality of services, and service policies. The pace of innovation is too quick. So the cloud vendors update their offerings regularly but the standards take longer to be set in. The giant cloud providers like Amazon, Google, and Microsoft Azure have already set the standards for the new vendors to compete against. The Cloud Security Alliance (CSA) provides resources, which has become standards on the best security practices to be followed by service providers. So these standards set usually become the guidelines on which users and organizations determine which cloud service provider to choose.
Customization is another aspect which customers look at while deciding on the service provider suiting their requirements. Customization in cloud refers to the change done to an application or service to suit the needs of the customer. Technically, that means editing the programming code. In most of the situations, users may not be able to do the customizations as they have access to only the top layer of the code. The vendor gets the customizations done for the user. The benefit of this is huge for the customer. But there exists cons to it too. Altering the code sometimes means ‘unstable’ product. It can be difficult at the time of making an upgrade. All the customization is lost. And from the perspective of the vendor, some extra effort is required for the maintenance.
Challenges and Risks
Though the cloud is the buzz word now, the adoption is not that easy. There are lots of challenges and risks involved for a good cloud computing model to work without hindrances. Some of the major challenges associated with the cloud model are as follows:
The primary concern of users planning to adopt the cloud model is the security of their data. Earlier, if hackers hacked a particular organization or brand, those were targeted attacks. Now owing to the application and service sharing in the cloud, if one customer is attacked, the infrastructure of others in the cloud can be attacked as well. So the risk associated with data security is very high.
To tackle this risk factor, newer security applications are available. Some of these are data loss prevention programs and encrypted file systems. Advanced hardware and software security programs which use analytics to detect unusual or spurious behavior on servers are also now available.
Service Level Agreements
Most of the cloud vendors today do not have agreements to meet the requirements of enterprise customers. This is because the data is accessed by different users and the share allocated will not be available to server enterprise customers, of which the customer base is huge. Owing to this enterprise customers sometimes have to depend on multiple vendors. There again arises all the risks associated with cloud computing. Hence, there should be a lot of emphasis on the SLA before locking in on the vendor.
Reduced Operational Governance and Control
The level of control the users have over the applications and services is very less compared in cloud computing. It is usually only the top layer where the access is provided. Organizations, on the other hand, require more control over the applications for customizations, upgrades only as required, and data security. Setting up a private cloud is a solution for this where the user has the total control over the applications and services. But the operational cost is higher in this cloud model.
Vendor lock-in periods is a major challenge when choosing the right vendor for the service. Usually there is a service or contract period before which the customer cannot change to a different vendor. And even if the option to change is available, porting the data from the existing cloud to a different one is a challenging task. This would not be seamless and often impact the end users of the organization accessing data on the cloud.