Enterprise-Grade Security for Your Cloud Part 1: Defense in Depth
Businesses large and small can now reap the benefits of cloud computing, including the availability of core business applications via the Software-as-a-Service (SaaS) model. But while the benefits of such a model are great, so is the perception of risks. Security concerns for the application delivery environment in a SaaS model are the same as many of the concerns for other application delivery models. Where we really start to see a difference in the SaaS model in terms of security practices is around multi-tenancy, identity management, data storage and location, and data transmission and flow controls. If you work with a mature SaaS vendor, you don’t have to worry about any of these security concerns – it should all be taken care of for you! CallidusCloud uses a unique multi-tenant architecture that serves hundreds of customers around the world in a secure yet cost-effective manner. For example, OnDemand Incentive Commission, a flag ship product of CallidusCloud logically segments each customer’s data at the database level. CallidusCloud has adopted one of the best defenses for cloud security risk in the industry. Called “defense in depth,” this approach combines information security best practices with layered technology. Designed to protect information confidentiality, integrity, and availability, the “defense-in-depth” strategy in CallidusCloud is multilayered, with defenses at all the touch points in the flow of data, providing complete and comprehensive privacy, transparency, and audit controls. The critical layers in a “defense in depth” approach include five key levels:
- Layer 1: The data center. To prevent downtime, whether from a power outage or illegal access, multilevel protection must begin right in the actual physical location of the data center. This can be a costly investment if done in-house, so it’s often outsourced to a trusted provider. CallidusCloud is hosted at a tier-four data center which provides environmentally controlled and secure facilities that use an integrated security management system. The embedded security measures are extensive, from electronic photo ID badging to biometrics and video surveillance. The data center facilities also include extensive safeguards that immediately act on security breaches and shield against environmental disturbances. It has also implemented technical vulnerability management in solutions to reduce the risks from the exploitation of any technical weakness.
- Layer 2: The database. Whether a database environment is a multi-instance or multi-tenant model, data must be secured while at rest, in transit, and in use – and so must access to the data during each of these occasions. CallidusCloud uses the most sophisticated security mechanisms to secure data, including an advanced method based on database schemas. CallidusCloud solutions also include load balancing, attack prevention, access control, database audits, information classification, data encryption, and back-up and restore measures.
- Layer 3: Middleware. Because the architecture of both software and hardware in cloud solutions can vary significantly from provider to provider, it’s important to explicitly understand what technologies are being used. It’s also important to understand what technical controls are in place for the security and privacy of the system throughout its lifecycle. Cloud solutions from CallidusCloud help ensure that safeguards are in place to enforce authentication, authorization, SSO and other identity and access management functions at all times.
- Layer 4: Application. The application layer must employ security measures that protect against loss, misuse, and unauthorized alteration of data. Cloud solutions from CallidusCloud include security measures to protect applications from insider threats; risky plug-ins and downloads; phishing and pharming; and improper logins.
- Layer 5: Network and communication. When securing a network infrastructure, it's important to strike a balance between security and the availability of applications. Every component of an IT network—from the point of entry on the network down to the final place where information is stored—must be meticulously configured, deployed, maintained, and continually tested for optimal performance. Cloud solutions from CallidusCloud come with functionality that reinforces security through multiple tier 1 Internet service providers (ISPs) while limiting internal network traffic to pass along only the data required by an application. All incoming requests are validated against business and security rules to protect against malicious access.
We do it – so you don’t have to! When your business is protected by a “defense in depth” security solution, you can confidently reap the benefits of a SaaS cloud computing offering. With cloud solutions from CallidusCloud, you can be assured that your data is secure at all times. We work with the best security and monitoring providers to:
- Ensure individual server performance and uptime
- Maintain a smooth user experience
- Stop network intrusions
- Prevent malicious server attacks
- Protect against potential threats
- Identify information system problems
- Verify the effectiveness of security controls and compliance
At CallidusCloud, a seasoned team of industry experts that specialize in creating secure, reliable environments will help you save on IT staffing and build-out costs to safeguard your critical applications and data while keeping your business operations intact. We relentlessly focus on security—so you don't have to. You can also check out my Part 2 post here: "Enterprise-Grade Security for Your Cloud Part 2: Information Security and Data Protection".
Vinod Choudhary | November 17th, 2014