By: Bassam Al-Khalidi

Cloud is no longer just a trend – it’s a business necessity and has transformed how we save and share data. It’s no surprise that public clouds became increasingly popular due to the Covid-19 pandemic, with enterprise cloud spending increasing by over 30% last year. As we transition to a post-pandemic world and many companies implement permanent hybrid working policies, it looks like the popularity of the cloud is here to stay – spending is likely to double to around $500 billion by 2023.

However, the move to the cloud has also transformed our cybersecurity, leaving enterprises open to damaging and costly attacks. With large amounts of data flowing between employees and cloud systems, hackers have more to gain than ever if they can break through your defenses. This issue is exacerbated by the shared infrastructure of cloud applications, especially if you’re considering moving your credentials to the cloud.

As your applications and data move to the cloud, what about your credentials?

Until a few years ago, most enterprises stored their identity credentials on-prem, but in recent years have transitioned to cloud-based identities and authentication platforms. This is great news in terms of convenience for your users and your IT team, especially as you look toward a hybrid working future. But why could it also be a problem?

No matter how much you invest in new cybersecurity tools, you could still face threats simply by being in a shared infrastructure. To understand the danger of keeping your credentials in the cloud, let’s imagine you’re moving into a high-rise apartment building. You want to keep your valuables secure, but the apartment only comes with a basic lock and key. For increased security, you buy an expensive padlock for your front door, put up a security camera, and set up an alarm system. With all these protections, there’s no way anyone is breaking in, right? Wrong.

No matter how well you protect your front door, you share walls with multiple other apartments. They might not have as many valuables as you that they’d like to protect, and so might not have invested in the same security equipment. If someone breaks into their apartment, they can easily break down the wall to get to your valuables which you tried so hard to secure. Many burglars might even purposefully break into your neighbor’s apartment as an easier way to get into yours.

The same is true for protecting your identity credentials as it is for protecting your apartment. As a larger company, you likely have already invested in powerful cybersecurity tools. Hackers rarely use brute force to try to hack large companies, as they know it would be futile. However, they might realize you store your credentials in a cloud-based system. If they know of another smaller company using the same system that doesn’t have the same cybersecurity resources, you have just made these hackers’ day. They can break into the smaller company’s network, access their cloud, and then host jump into your network. Once they have access to your credentials, it’s game over – this data crossover gives them access to everything you wanted to protect.

So how can you prevent this?

Despite the risk of this shared infrastructure, the cloud’s agility and flexibility mean that few companies would consider going back to on-prem solutions. You can’t turn back on the cloud, but you need to find a way to completely secure it.

Enter: the virtual private cloud (VPC). If a multi-tenant cloud infrastructure is a large apartment building, a VPC is your very own castle. It has stone walls, a moat, guard towers – everything you need to protect your valuables. And the best part is that you’re not sharing with your neighbors, so the threat of host jumping into your castle is gone.

Our Axiad Cloud VPC might not be a real castle, but it is your way to gain the benefits of the cloud without compromising your security. Your traffic flows from your organization through a dedicated IPsec tunnel that only your company has access to. Any other organization outside that site-to-site tunnel can’t access the data within. The VPC serves as an extension of your data center, storing all your sensitive information in a FIPS-certified hardware security module, without the hassle of an on-prem solution.

Your VPC with Axiad Cloud also allows you to keep control of your data. When you use a mutualized system on the cloud, if you then want to switch to another platform or return to an on-prem solution, the cloud vendor may not be able to extract all your data and give it back to you due to the shared infrastructure on the backend. With the virtual private cloud, we give your data back to you, and then delete it on our end.

Why aren’t virtual private clouds more common?

For many enterprises, the concept of a virtual private cloud comes as a surprise. They are not offered by most IAM cloud solution providers and are not commonly used by businesses. Why is this?

The main reason is that VPCs need to be deployed and maintained for each individual customer. This requires a lot of effort and complexity on the part of the vendor. For larger vendors, this can become extremely difficult and expensive, as it’s hard to create a VPC for each of their customers.

At Axiad we have developed our own IP that would allow us to automate the creation of each individual VPC, therefore removing most of the complexity out of this process. We deploy a VPC for every single customer – something most of our IAM competitors are unable to offer.

There’s also a misconception among enterprises that a virtual private cloud requires increased time and resources from their IT teams. However, with the right VPC solution, you shouldn’t have to maintain it yourself. With Axiad we do all the heavy lifting, so your IT team doesn’t need to manage the solution. Our team works with each customer and then gets your new VPC up and running in under an hour.

What will a VPC mean for your business?

For large enterprises investing heavily in all aspects of cybersecurity, a virtual private cloud is worthwhile to avoid a costly data breach. It’s also hugely beneficial for organizations facing strict mandates and regulations. Industries that require compliance to specific security protocols, such as aerospace and defense, healthcare, financial services, etc., can add an extra layer of trust to their business with a VPC. The solution can also operate with I-TAR, making it regulation-ready for the many businesses that require that.

The Axiad virtual private cloud is currently used by a range of Fortune 500 companies. No matter their industry, the feedback we receive is the same:

• Peace of mind that their credentials are safe: For enterprises that have adopted the latest cybersecurity tools but are still concerned about the shared infrastructure of their cloud-based credentials, a VPC means that their other investments are not wasted.

• Audits are a breeze: By storing their credentials in a virtual private cloud, across the board our customers pass their audits and meet their necessary regulations without worry, and without heavy lifting on their end.

• Their employee experience isn’t compromised: On the user end, your employees won’t know the difference between a VPC and a public cloud. They’ll gain the security their data deserves without compromising on security.

As cloud applications become increasingly essential, it’s important to consider what risks you’re taking on with a shared infrastructure. The virtual private cloud enables you to maintain the agility required to operate in the digital world of today, while ensuring you’re prepared for the security threats of tomorrow.

About the Author

Bassam has over 15 years of experience in designing and deploying identity and access management solutions across large government, enterprise, and healthcare organizations. He is a leading expert in CAC/PIV smart card and PKI deployment, and has been involved in multiple enterprise-class ID badge deployments over the last several years. He has held a variety of management and senior technical roles for established industry leaders, including ActivIdentity.