The Path to the Public Cloud

One of the presentations that I delivered this year at TechED Brazil was about On-Premise Security while Migrating to the Cloud. There are many reasons to migrate to the cloud and during this presentation I emphasized the three core elements below:


New Economics

  • Pay for what you use
  • Lower and predictable costs
  • Accelerate speed to value
image Reduced Patch Management
  • No patching, maintenance
  • Faster deployment
  • Robust multi-layered security
  • Reliability and fault-tolerance
image Increase Productivity

  • Latest software for users
  • Internet collaboration
  • Anywhere access
  • Instant self-provisioning

While those core elements sounds very good, we must also be alert for the new challenges that comes with this adoption, such as:


New Threat Landscape

  • Internal Threats
  • On-premise Security
  • Endpoint Protection
  • Trusting Vendor’s Security Model
  • Obtaining Support For Investigation
  • Indirect Administration Accountability

The presentation was really focus on the second bullet (on-premise security). Some of the reasons why this is still an important point to address include:

  • Key parts of the overall solution still remain on premises
    • Parts which, if broken, would compromise the security of the entire solution
  • The customer organization is very likely the weakest link in the security model
  • Attackers know this and are actively targeting end users and on-premise servers

The misconception that the migration to the cloud means offloading your security to the cloud provider is just plain wrong. You need to be diligent because at the end of the day it is your data that could get compromise if you relax the on-premise security. You should adopt a defense in depth approach. All the elements from the endpoint to the cloud must be secure, not only the hosts, but the path and the remote clients. Here is a typical example of how this will look like:


There are five key elements in this diagram

  • Internal client security: you must continue the effort to protect your on-premise client. Nowadays the end user is way more exposed to social engineers attacks and one mistake from them can compromise your company’s data.
  • Server Security: most likely there will still be some servers running on-premise (such as legacy application, file servers, etc). You must adopt security policies and best practices to protect those servers.
  • Edge Security: regardless of which edge solution you use, always try to identify a solution that can offer the elements described in the diagram above.
  • Remote Client Security: while most of your internal clients will take a lot of advantage of accessing cloud services without having to connect to the internal network, there will still be scenarios where the internal client will access some kind of resource located in the internal network. You must validate this access before allowing the client computer to access those internal resources.

In summary the path to the cloud requires a lot of planning to make sure that your users can have a seamless experience while you keep your data secure.

Comments (4)

  1. Indeed Marc !! Thanks for visiting the blog and have a great 2012 !!

  2. Hi Ahmet,

    This presentation is in Portuguese, I plan (but don't have an ETA) to translate it to english 🙂

    Thanks for your comments !

  3. Anonymous says:

    Nice and usefull but do you possible that see full presentation 🙂

  4. Marc Grote says:

    Hi Yuri,

    nice to see that UAG/TMG is still part of your Technet Blogs

    greetings Marc

Skip to main content