News, tips, partners, and perspectives for Oracle’s virtualization offerings

Security Challenges when moving into the Cloud

Jan Hendrik Mangold
SGD Senior Product Manager

A recent article in the Wall Street Journal described an increasing danger of companies exposing sensitive information after a move to the cloud. Services and data that used to live in tightly controlled data centers on a companies premises, often not even accessible from the open internet, have been migrated into cloud-hosted environments. Along the way, configuration mistakes might have been made, or third parties were given access to facilitate the transition.

While cloud providers offer the necessary solutions to harden network access into hosted environments, the issues highlighted in the article have more to do with the sudden need, and sometimes the inconvenience, of securely accessing data and applications that used to be local and are now remote. When something is inconvenient, we tend to create shortcuts.

For example, in order to access IaaS instances provisioned in the cloud, a public SSH key needs to be provided when instantiating the instance, since ssh access with a password is not permitted. This is done to prevent brute force password hacking attacks from the open internet. In order to manage these instances, especially by multiple people, additional public keys need to be added to allow remote access, or the private key needs to be shared between multiple people, which is not recommended. Once access is possible, individuals can login to cloud-hosted environments and transfer data in and out. To make matters worse, it is hard to monitor who is doing what with unfettered ssh access.

Here is how Oracle Secure Global Desktop can help solve this problem

With Oracle Secure Global Desktop (Oracle SGD) all access into the cloud-hosted environments, IaaS, SaaS and PaaS, can be provided through a centralized web interface over HTTPS. User authentication can be integrated with existing identity management systems, or implemented separately. Access to applications and systems, as well as the flow of data, is strictly controlled by a granular authorization system built into Oracle SGD.

A user launches applications like a terminal connection, or entire desktop environments, via a single click in the user's Oracle SGD workspace. Only authorized applications and servers will be listed. The naming of applications and servers can be abstracted as well and does not have to be the actual hostname of the system. For example, Oracle SGD lists access to your  DB production Tag Name and DB development Tag Name , instead of db01.sub09151850171.example.oraclevcn.com and db02.sub09151850171.example.oraclevcn.com , thus preventing confusion on which systems to perform certain tasks.

Oracle SGD itself is a non-intrusive, completely software based solution. No additional modules or utilities need to be installed on any IaaS, PaaS or SaaS instance. Oracle SGD sits in between the user and the actual systems the user needs to have access to, thus providing a well-managed control point. Once a user is deemed to no longer need access to a particular resource, a simple change in Oracle SGDs configuration, via web UI or command line, will remove the resource in question from a users choice, regardless of whether passwords are known or ssh public keys are had.

For customers with even more specific security requirements, our partner Amitego provides a suite of additional modules called VISULOX, implemented on top of Oracle SGD, unique in its ability to manage, monitor, document, check and approve all remote access by internal and external administrators to critical business systems. VISULOX together with Oracle SGD provides a unique solution for recording of sessions, dual control and many other features.

Customers with existing deployments of SunRay or interested in a Thin Client solution for accessing centrally provisioned resources, I want to mention our partner Stratodesk and their product No Touch OS and No Touch Center. The No Touch product pallet supports not only any x86 based platform on the market, but allows allows management of multiple, heterogeneous vendor Thin Client HW devices. Of course Stratodesk fully supports Oracle SGD.

Visit us at Oracle Open World 2017 for our presentation CON6471 Secure Application Access in the Cloud or On-Premises on Tuesday at 5:45-6:00PM in the Marriott Marquis Salon.

You can find more information at our Oracle Secure Global Desktop website.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.