Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, applications, and data to realize the benefits
of commoditization. But successful transfer of control implies trust–and
trust isn’t something we bestow easily onto external providers. We will
only build this trust if we change our approach to managing cloud security.
Cloud’s biggest problem isn’t securi... (more)
Despite all our advances in communications—from social networking, to
blogs, to actual functional video meetings—the trade conference is still a
necessity. Maybe not as much for the content, which makes the rounds pretty
fast regardless of whether you attend the show or not, but for the
serendipitous meetings and social networking (in the pre-Facebook sense).
I find something comforting in the rhythm and structure a handful of annual
conferences bring to my life. The best ones stay rooted in one location,
occurring at the same time, year after year. They are as much defined by tim... (more)
Security Journal on Ulitzer
So you’ve bought into the idea of service-orientation. Congratulations.
You’ve begun to create services throughout your internal corporate network.
Some of these run on .NET servers; others are Java services; still others are
Ruby-on-Rails—in fact, one day you woke up and discovered you even have a
mainframe service to manage. But the question you face now is this: how can
all of these services be made available to consumers on the Internet? And
more important, how can you do it securely?
Most organizations buffer their contact with the outside world u... (more)
Security, Management & Compliance Track at Cloud Expo
Register Today and Save $550 !
Explore Sponsorship Opportunities !
Today marks the beginning of RSA conference in San Francisco, and the Cloud
Security Alliance (CSA) has been quick out of the gate with the release of
its Top Threats to Cloud Computing Report. This peer-reviewed paper
characterizes the top seven threats to cloud computing, offering examples and
The seven threats identified by the CSA are:
Abuse and Nefarious Use of Cloud Computing Insecure Application Programming
Interfaces Malicious Insider... (more)
This year’s VMworld conference saw the announcement of VMware’s new
vCloud Director product, a culmination of the vision for the cloud computing
the company articulated last year and a significant step forward in providing
a true enterprise-grade cloud. This is virtualization 2.0—a major rethink
about how IT should deliver infrastructure services. VMware believes that the
secure hybrid cloud is the future of enterprise IT, and given their success
of late it is hard to argue against them.
vCloud Director (vCD) is interesting because it avoids the classic
virtualization metaphors ... (more)