Each cloud-based approach has its security strengths and vulnerabilities, and requires a strong user authentication and data encryption strategy.
Adobe may have raised some eyebrows last year when they announced they were moving their packaged Creative Suite PC software to the cloud, but most industry analysts predicted this day was coming – it was just a matter of how soon. Microsoft is moving in the same direction with their Office 365 cloud offering and other enterprise application developers are sure to follow suit. However, after the story came out recently that hackers broke into Adobe's network and stole personal information, including an estimated 2.9 million credit card numbers, the cloud may be darkening a bit.
Skeptics have pointed at data security from day one as the most serious drawback to cloud computing and Adobe's misfortune makes their case. But is that enough to break the momentum of the roll out of subscription based model to software delivery? I don't think so because the cost advantages to cloud-based software applications are too great, for both the ISV and the end user. And, end users want access to their apps from any device, from anywhere, and the cloud is the most effective way to fulfill that need.
Nonetheless, it is incumbent upon the software developer and hosting vendor to keep the data out of the wrong hands. There are three types of cloud computing scenarios that exist:
Application (SaaS): Independent software vendors (ISV) host their applications in the cloud from where the ISV customers (end users) store their data which is accessed by those applications. The ISV manages the cloud space. Example: salesforce.com.
Platform (PaaS): ISVs host their applications in the cloud but, in contrast to SaaS, the user has more flexibility in usage of the stored data by accessing development tools, databases, or web services. The ISV still manages the cloud space. Examples: force.com, windowsazure.com.
Infrastructure (IaaS): Users lease the infrastructure (a virtual computer) in the cloud, store their data there, and install, host and run applications. The cloud space is managed by the user rather than the ISV. Example: amazon.com.
Each approach has its unique security strengths and vulnerabilities and requires a strong user authentication and data encryption strategy to protect the cloud-based application. Moving from conventional perpetual licenses to subscription based licensing in the cloud also requires ISVs to consider new licensing strategies to secure the process and protect against license sharing.
In the IaaS environment, traditional software licensing control through a machine binding or a dongle is not possible and new licensing methods must be addressed.
As a provider of software protection and secure licensing solutions for over 25 years, we've been able to apply our experience to the development of the tools that our customers need to secure their software in the cloud and provide their users with the peace of mind that their data is safe.
You can learn more about our proven cloud security techniques by watching this 1-hour pre-recorded webinar, in cooperation with our partner, charismathics. We demonstrate how we protect ISVs' data and business logic in SaaS, PaaS and IaaS schemes against license counterfeiting and duplication. With the integration of charismathics CSSI, we can also guarantee user's secure access based on PKI two-factor authentication for SaaS and PaaS. Explore our complete offering for cloud security during the webinar or go to our web page for more information.