Cloud computing is here to stay, and the buzz throughout industry and government is that hybrid clouds will become the new norm going forward. Hybrid clouds, according to industry experts, can offer the security of on premise, private clouds and the flexibility and agility of commercial public clouds. The Gartner research firm predicts almost half of all large, global enterprises will have deployed hybrid clouds by the end of 2017, with 2016 being a defining year where they will start to move away from private into hybrids.
As inevitable as the cloud is to most organisations, this migration could challenge the management of identity and access privileges of users on your networks and IT systems. There are a few things to keep in mind as your company decides to push forward into a hybrid cloud and the necessary unified management framework that doing so will require.
The Virtualization Process
Virtualization is a means of positioning computing resources (e.g. servers, operating systems, storage, networks) so they may maximise the use of physical computing resources across multiple users. It’s a huge step in the journey toward the hybrid cloud. Thankfully, over the past few years, virtualization technology has expanded from simply running virtual machines on supercomputers to offering all levels and types of virtualized services and networks.
Moreover, virtualization allows a single physical server to run multiple guest operating systems as a way of making more efficient use of the hardware. The technology allows organisations to free up data center space and achieve greater IT operational and energy efficiencies.
In fact, many organisations have been engaged in server virtualization projects for a number of years and are moving on to client, desktop and storage virtualization projects. Part of the formula for success is evaluating capacity planning and other infrastructure assessment tools that can give IT managers a sense of their resource utilisation and help them decide which applications to virtualize.
But like most powerful tools, this is a double-edged sword. Remote access to online resources can effectively negate perimeter defenses and extend the domain of the insider threat worldwide.
Systems need to be able to authenticate the identity of users, and in some cases also the devices being used for access together with the location and type of networks or resources being used. Only then can access privileges be securely granted, based not only on identity, but also the user’s role in the organisation and the circumstances of the connection. An employee connecting to a system during business hours over a secure network might be given wider privileges than when connecting from the other side of the world in the middle of the night, for instance. Hypersocket Software is introducing a suite of access management tools that provide a common user experience and enable organisations to enforce least privilege policies for remote users.
The Hypersocket VPN provides a cost effective alternative to IPsec or Point-to-Point Tunneling Protocol for secure browser-based remote access with the ease of use of SSL. It lends itself well to Bring Your Own Device scenarios, because the client has no direct access to the network. The ability to have connections to multiple sites at the same time enables secure access to a corporate LAN and other resources such as a private cloud without the need for a permanent bridge between them.
The VPN comes in two editions, a free Open Source version that provides basic connectivity under the GNU General Public License v3 and an Enterprise Edition that provides the additional features required by security-conscious organisations. The server can be installed on any operating system supporting Java and client support currently is available for Windows and Apple OS X.
To enable access, the administrator defines one or more Network Resources using the HSF resource architecture, which identifies individual TCP/IP services that can be assigned to users through their roles.
The Enterprise Edition adds further support, including support for users logging in from Active Directory, branding, auditing, accessing file systems over WebDAV and extended file system support such as Amazon S3, SFTP. It allows for configurable authentication flows and new authentication mechanisms. An Audit Log records all events, which are searchable by event type, session or user. Reports can be exported as CSV, XML or PDF, and administrators have full control over how long the server keeps the data before it is archived.
Lee David Painter, software entrepreneur