Cloud

Cloud security: from perimeter protection to identity-based security

It's not just the way we work that is changing rapidly, but also the way we handle data and where it is stored. New technologies are increasingly influencing our working and private lives. Smart devices (smartphones, tablets, smartwatches) are now established work tools and are widely used. The younger generation can no longer be attracted to a company without flexible working models. The need to be able to access and share applications, information and data at any time using various devices is growing dramatically. In addition, more and more companies are taking their first steps into the cloud (e.g. outsourcing the email server to Office 365) without adapting their security concepts. Traditional security concepts are being pushed to their limits by all these trends.

From perimeter to identity

Until now, companies have protected their data with a medieval concept: a wall (firewall) was built around the company. This protected area is known as the perimeter. For employees who needed to access data from the outside, tunnels were built that transmitted the data in encrypted form (VPNs). Holes were drilled in the wall (ports) for programmes that needed to communicate internally and externally. The traditional IT architecture and data storage of companies can therefore be compared to a well-guarded castle with outer walls. This perimeter no longer exists in the cloud. The data is now outside the perimeter (in the cloud) and employees can also access the data using devices and from locations outside the perimeter. The new type of protection is based on the concept that data is stored and transmitted in encrypted form and access to the data is only permitted for secure identities. This concept is called identity-based security. See also the following graphic for illustration:

Focus on the user and their behaviour

Unlike conventional systems, identity-based security is centred around the user. However, it is not just about the person, but about the user as a "whole": the devices they use to log in, the geographical locations they are in, the apps they use to access the data, the employee's behaviour when accessing the data, etc. Public cloud services such as Microsoft are investing billions in this identity-based security and offer a whole toolset of security mechanisms. While logging into traditional systems consists of a combination of user name and password and is therefore susceptible to human error and external attacks, the use of a second factor (two factor authentication) coupled with defined access rules (conditional access) is much more secure. Conditional access can be used to detect unusual behaviour by a device or user and prevent damage. For example, if a device attempts to log in from Paris and then from New York within a few minutes, conditional access automatically recognises that this device or user could not possibly have travelled from Paris to New York in this time. Access is blocked accordingly or, for example, another security factor is requested for logging in.

Digital workplace thanks to Microsoft 365

Data in the cloud has the advantage that it can be shared with anyone from anywhere. This creates a digital workplace that is location-independent but just as functional as an office desk with a desktop computer. However, there are also risks here in terms of security. Microsoft 365 includes options for users to share data both internally and externally with the help of authorisations. Digital working in the cloud therefore offers companies many advantages, not only in terms of employee productivity and flexibility, but also in terms of costs and collaborative working on projects with suppliers, partners or customers. Identity-based security and Microsoft 365 are the answer to the challenges of working in the cloud in a digital world, with security as a top priority. The technical possibilities for a secure path to the cloud are therefore there. Designing and configuring the technologies correctly requires the expertise of professionals who know what they are doing. We at Swisscom have implemented this for ourselves. It wasn't an easy journey, during which we realised how little expertise there is in Switzerland. Now we are ready and happy to let our customers benefit from our expertise.

Andreas Schmid

Andreas Schmid

Principal Product Manager

More getIT-articles

Ready  for  Swisscom

Find the job or career to suit you. A career where you can make a difference and continue your personal development.

What you do is who we are.

Go to careers

Go to current cyber security vacancies