Cloud-Tight Security: Facing SaaS’s Biggest Challenge

The term “cloud” has ridden a strange and winding path in the technology industry over the last two decades. Back in the 90’s, when I was working for a small, start-up network optimization company many companies were using a cloud to graphically illustrate the activity that took place in a WAN. It was a somewhat negative connotation representing some of the nebulousness and insecurities that existed when your company practiced remote access.

Over the years, that cloud lifted, the vagaries became less hazy, and the cloud eventually became the preferred term for software as a service, aka SaaS. The strategic and financial benefits of SaaS provided “cloud” with a much more appealing and positive connotation – yet one still met with questions about its security.

It was interesting, therefore, to see Gartner’s Daryl Plummer and Jay Heiser deliver something of a reality slap in the face to those hysterical about Cloud security. In the March 30 segment of their series being published in Financial Times, Plummer and Heiser said:

Many orgainsations have significant concerns about confidentiality when their data are stored in a cloud service. But the greater risk is data loss through an unrecoverable technical failure, a clumsy user error by a person, or a deliberate attack against a prominent cloud vendor.

In other words, like with an internal network, the greatest risk to security lies within the organization, rather than with the technology. This doesn’t mean you can let down your guard when it comes to cloud security. Plummer and Heiser note that “security breaches can happen at multiple levels of technology and use” and that a breach at one point in the process can lead to issues at another one up the line. In other words, if the breach point starts on your side of the WAN, it leaves your piece of the cloud open to being exploited at the next level.

WAN Level Security

With the right provider and architecture, enterprises are able to consolidate resources into purpose-built data centers where they can physically protect critical information and more easily track vital assets. In addition, data can be backed-up more easily and with consistent regularity, minimizing the ongoing risk of exposure.

This is why CIOs are turning to WAN acceleration as a key enabler for these strategic IT initiatives. By overcoming common WAN obstacles, such as limited bandwidth, network congestion and high latency, these devices ensure that consolidation does not come at the expense of application performance.

But it is possible for WAN acceleration to introduce new security challenges if not implemented properly. For example, deploying a WAN acceleration appliance with unencrypted drives can actually create risk where none previously existed.

The best solution incorporates the latest in encryption technology to protect data at all times — at rest and in transit across the WAN. It should also be easy to configure, enforce, and monitor security policies from a central location employing mechanisms to ensure that security does not come at the expense of network performance or scalability.

Silver Peak Secure Content Architecture

Silver Peak products are built on a Secure Content Architecture™ that enables enterprises to deploy WAN acceleration with complete confidence.  The Secure Content Architecture employs various techniques to ensure that data remains secure, regardless of where it is in the WAN acceleration process. This is achieved via the following capabilities:

  • Disk encryption: employs 128 bit AES encryption to protect all data stored on Silver Peak appliances.
  • Secure Transmission (IPsec): supports 128 bit IPsec (using AES for encryption) to ensure that data as secure as it is transferred over the WAN.
  • Secure Socket Layer (SSL) Acceleration: optimizes SSL traffic using a variety of techniques, including Quality of Service (QoS) to prioritize this traffic, TCP acceleration to overcome latency, and Network Integrity to minimize the impact of dropped/out of order packets.

Silver Peak’s Secure Content Architecture also delivers a variety of features that control the manner in which traffic traverses the WAN. These include:

  • Centralized control: Silver Peak’s Global Management System (GMS) enables advanced authentication policies to be centrally configured and enforced. This includes “peer authentication”, whereby only valid Silver Peak appliances are allowed on the network, and connectivity can only be established between trusted Silver Peak devices, protecting against session hijacking or man-in-the-middle (MiM) types of attacks that can compromise WAN acceleration solutions.
  • Advanced Application-based policy management: Silver Peak’s appliances determine which WAN acceleration techniques should be applied to individual flows of traffic to optimize performance, and choose to prioritize traffic based upon pre-established security policies.
  • Secure Access: Access to all Silver Peak devices is tightly controlled using TACACS+ and RADIUS. This ensures complete AAA protection, including user tracking and auditing per-command authorization, and group based authentication privileges.

The Silver Peak solution was designed from the ground up with secure acceleration in mind. By leveraging a variety of hardware and software components, Silver Peak provides the highest level of data protection today, while ensuring seamless support of future security technologies tomorrow.