66
are connected by 2 or 4 Mbit per second lines, these resource demands are
very significant.
Secure access
Secure access to a Cloud service provided by an internal IT department will
depend on a number of technical and/or organizational measures. The main
point is to define up front from where access will occur. If access to the
Cloud service is from your own business premises or a subsidiary, securing
access is simplified by restricting physical access to the terminal devices. In
the case of external access to a Cloud service, it is important once more to
distinguish between a VPN and the Internet. Cloud services accessible via
the Internet require more security. The focus here is on authenticating the
user of the system and on encryption of the data stream. Authentication
should include another data field, besides the username and password,
known as a one‐time password. One‐time passwords can be sent as text
messages or provided via a token system. If the one‐time password is
entered by the user correctly, and if the system can authenticate the user,
authorisation is granted. This means that a valid access privilege needs to be
granted to allow the user to access specific data and programs. Access from
the terminal device to this data will ideally use an encrypted connection to
prevent the data from being modified in transit. Encryption today typically
relies on at least 2048 bit long SSL keys and should, depending on the
state‐of‐the‐art, be easily extensible to longer key lengths or other
encryption methods.
Integrating Cloud resources with local IT ‐ Cloud Bridging
Another task for local IT is to transparently handle network traffic between
the resources at the local datacentre and the external resources
(
Infrastructure as a Service). Where could this kind of solution be necessary?
For example, in an enterprise that attempts to resort to resources in the
Amazon Elastic Compute Cloud at peak periods. Unfortunately, you cannot
just install an additional server in the Cloud and expect its performance to
be available on the local enterprise network. There a solution offered by
Amazon known as the Amazon Virtual Private Cloud, which gives companies
the ability to create a "private" network inside the Amazon Cloud service.
This instance then needs to be integrated transparently with the company
network to make sure that clients on the company network can access the
servers in the Amazon EC². Without reconfiguring all of your clients, this can
only work if the server network from the Amazon EC² Cloud appears to be a
local network. This solution is known by the manufacturers as a "Cloud