Is it possible to block employees from public cloud access?

Security concerns lead to organizations blacklisting some public cloud services as they would certain websites -- but not all blacklisting is increasing productivity.

Do all employees have to have access to my company's public cloud? Is it possible to block users?

When it comes to security and management concerns, it's important to find a happy balance with competing interests. Businesses, governments and non-profit organizations routinely block access to Web resources -- especially to sites classified as unrelated to work, explicit content or security threats. The same technologies can be used to prevent public cloud access.

For general website traffic blocking, companies can use routers to blacklist specific URLs by choosing individual sites or domains, or specifying multiple sites using regular expressions. If you want to block employees from site access, you can also deploy network filtering software. These tools have easy-to-use interfaces and predefined website categories to block. For example, selecting a single music category in one of these tools blocks Spotify, Pandora or other major music sites.

If preventing employee cloud access, define which types of clouds -- IaaS, PaaS and SaaS -- you want to block and specify any acceptable use cases.

Often, the process for blocking cloud services depends on which specific provider you are working with. Amazon Web Services' users start with the administration console. If you can't access the console, you can't interactively work with resources, such as virtual machine instances or Simple Storage Service. Users should also block access to any other URL that allows access to cloud resources, such as URLs used in cloud application program interfaces (APIs).

Cloud admins must specifically define which services are prohibited. If AWS is banned, then other infrastructure as a service (IaaS) cloud providers -- Microsoft Azure and Google Cloud -- are likely banned, too. Consider blacklisting platform as a service (PaaS) providers, as well. Programming platforms in PaaS allows developers to minimize server administration tasks.

However, on the flipside of the coin, carefully consider the need to block software as a service (SaaS) cloud providers because they can be useful to employee productivity. SaaS ranges from storage, such as Dropbox and Box, to desktop application replacements. Microsoft Office 365 also delivers online office productivity applications. As cloud continues to grow, blocking all cloud services may prohibit access to useful resources.

About the author:
Dan Sullivan holds a Master of Science degree and is an author, systems architect and consultant with more than 20 years of IT experience. He has had engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence. He has worked in a broad range of industries, including financial services, manufacturing, pharmaceuticals, software development, government, retail and education. Dan has written extensively about topics that range from data warehousing, cloud computing and advanced analytics to security management, collaboration and text mining.

Next Steps

Microsoft Office 365 outage causes a ruckus

Cloud pendulum swings from IaaS to PaaS

Hacks testing public cloud's reputation

This was first published in September 2014

Dig deeper on Data security in the cloud

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchSOA

SearchCRM

Close