AVSystem Blog on Information and Communication Technology

Security in Cloud-Based Communication | The Walled Garden

Written by Katarzyna Kozłowska | 18/07/2024

The "walled garden" concept refers to an enclosed environment where the system's architecture is tightly controlled and secured. Traditionally, Communication Service Providers (CSPs) relied on local servers, offering a certain level of control and security. However, as the industry moves toward cloud-based solutions, CSPs must navigate the challenges associated with securing their systems on external servers. This article emphasizes the essential security features vendors must provide to ensure a robust and protected product with cloud infrastructure.

The Challenge: Security in the Cloud

When migrating to cloud-based systems, CSPs must ensure that their chosen vendors provide sufficient security measures. Unlike local servers, cloud servers introduce new risks, as a third party manages the system's infrastructure. Therefore, essential security features should be prioritized in order for safe system performance.

Integrated Identity & Access Management (IAM)

A robust IAM system enables secure user access control. Two-factor authentication (2FA) and single sign-on (SSO) mechanisms should be implemented to ensure that only authorized individuals can access the system. This strengthens the overall security posture by adding an extra layer of verification.

Domain-Based Data Separation

CSPs deal with sensitive and confidential user data, especially crucial, when a single installation is used to host data of multiple organisations: departments or partners. Effective domain-based data separation ensures that each tenant's data is isolated, preventing unauthorized access or accidental data leakage between different entities. This feature guarantees data privacy and confidentiality within the system.

Role/Permission-Based Feature Control

To prevent unauthorized actions and maintain the principle of least privilege, a role-based access control (RBAC) system should be in place. This allows CSPs to define specific roles and assign appropriate permissions to users. Granular control over features and functionalities ensures that individuals can only access the resources necessary for their tasks.

IP Address-Based GUI Access Rules

IP address-based access rules add an additional layer of security by allowing or denying access based on predefined IP addresses or ranges. By configuring access rules, CSPs can restrict system access to specific networks or locations, reducing the risk of unauthorized access from unknown or potentially malicious sources.

Access Rules for Incoming Devices

CSPs should implement access rules that define which devices can connect to the system. By whitelisting approved devices and blacklisting unauthorized ones, the system can prevent potential security breaches resulting in compromised or unauthorized devices attempting to access critical resources.

As cloud-based systems continue to dominate the communications service providers industry, security remains a critical concern. CSPs must partner with vendors who offer robust security features to protect their systems and safeguard sensitive user data. Integrated identity and access management, domain-based data separation, role/permission-based feature control, IP address-based access rules, and access rules for incoming devices are vital security components that vendors should prioritize. By embracing these features, CSPs can build secure and reliable cloud-based communication systems, ensuring the trust and confidence of their clients in an increasingly interconnected world.

 

Autor: Katarzyna Kozłowska

Kate is a seasoned expert in Cloud ACS. She played a key role as a team member when the product was introduced 7 years ago. Her journey began in Presales, where her meticulous attention to detail and caring approach proved crucial in the creation of the Customer Success strategy. Her personal success is evident in the continuous growth of Cloud ACS, which is only possible due to her deep understanding of customer needs. Kate goes beyond standard solutions and implements successful strategies with new partners. When she's not explaining the intricacies of our systems or highlighting their value to customers, she enjoys her leisure time with her husband, sons, a lovely dog or casually cruising stand-up paddle.