Story image

Securing data in the cloud

01 Oct 11

Software-as-a-service (SaaS), managed services and cloud computing offer enormous benefits to organisations. But cloud and other virtualised or shared computing infrastructures also introduce an array of security concerns that must be addressed if businesses, governments and consumers are going to trust and use them.
Recent high-profile data security and privacy breaches underscore how individuals and organisations should never assume their data is safe when they expose it to a public service.
In this environment, there is growing attention to the importance of securing user access and validating identities. With it, demand is rising for strong authentication solutions to replace simple passwords. Right now, it is being driven by managed services and SaaS applications and it will accelerate further with the adoption of cloud computing.
Expansion
As a result, the market for authentication solutions has expanded from large enterprise and government organisations – which traditionally need to manage large numbers of complex passwords – to include small to medium sized businesses (SMBs).
For all these organisations, authentication solutions can improve business control, visibility and productivity through centralised and simplified administration, deployment and manageability. Multiple passwords can all be replaced by a single token, for example, to provide a simpler and more secure method of authentication for users.
When first introduced in the early 1960s passwords were regarded as
cheap, easy to use,and secure. Fifty years and many technological developments later, this is no longer the case. Passwords are difficult to use – studies reveal that users today have on average approximately 15 password-protected accounts. One password may be easy to remember, but handling many passwords is a time consuming task and a security hazard.
Passwords are also expensive – every forgotten or lost password results in significant costs.
And passwords are not secure. To handle their multiple credentials, many users choose easy-to-guess passwords, use the same passwords for several accounts, or even write downpasswords where they can be easily found. Add to these security risks the abundance of available password cracking tools and it is easy to see that passwords are no longer sufficient.
To overcome the inherent weakness of passwords, organisations are turning to stronger multi-factor authentication solutions, including one-time passwords (OTP) and certificate-based authentication (CBA). These solutions can be deployed using a choice of hardware and/or software tokens, or conveniently on existing mobile devices.
Strong channel interest
Authentication to applications and the management of passwords will become even more onerous and potentially less secure as these points of authentication increase and move beyond the organisation’s own traditional perimeters. To meet this demand, we are currently seeing strong interest from channel organisations such as managed service providers, SaaS resellers and information security resellers.
When applications move to the cloud, employee access to core applications and the company’s most sensitive information by default becomes remote access. Organisations need to ensure that these critical assets are available only to authorised employees – even when they are no longer stored in the company’s data centre. Addressing this are out-of-the-box authentication solutions which take minutes to implement and are thus very suitable for SMB deployment. The latest solutions will also work with popular SaaS applications such as Google Mail and Salesforce out of the box. These can be supported by resellers with minimal investment in training or with back-up from a value-added distributor.
Whether you have previous experience selling them or not, now could be a good time to start examining whether your clients’ authentication solutions are up to scratch before they go looking themselves.

Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
How SMBs can use data to drive business outcomes
With the right technology, companies can capture consumer, sales, and expense data, and use it to evaluate and construct future plans.
Survey shows that IoT is RoI across Asia Pacific
A recent Frost & Sullivan survey across Australia, Hong Kong and Singapore shows that IoT deployment improves business metrics by around 12%.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.