Security Journal on Ulitzer
So you’ve bought into the idea of service-orientation. Congratulations.
You’ve begun to create services throughout your internal corporate network.
Some of these run on .NET servers; others are Java services; still others are
Ruby-on-Rails—in fact, one day you woke up and discovered you even have a
mainframe service to manage. But the question you face now is this: how can
all of these services be made available to consumers on the Internet? And
more important, how can you do it securely?
Most organizations buffer their contact with the outside world using a DMZ.
Externally facing systems, such as web servers, live in the DMZ. They mediate
access to internal resources, implementing—well, hopefully implementing—a
restrictive security model. The DMZ exists to create a security air gap
between protocols. The idea is that any system deployed ... (more)
Practically on the anniversary of Anne Thomas Manes now-famous SOA-is-Dead
pronouncement, David Linthicum suggests we convene the vigil for design-time
service governance. Dave maintains that cloud technology is going to kill
this canonical aspect of governance because runtime service governance simply
provides much more immediate value. Needless to say, rather than a somber
occasion, Dave’s started more of a donnybrook. I guess it’s about time to
get off of the bench and join in the fun.
The incendiary nature of is-dead statements often conceal the subtle but
important ideas b... (more)
The Cloud Security Alliance (CSA) needs your help to better understand the
risk associated with cloud threats. Earlier this year, the CSA convened a
working group with the mandate to identify the top threats in the cloud. This
group brought together a diverse set of security and cloud experts, including
myself representing Layer 7. Our group identified 7 major threats that exist
in the cloud, but now we would like to gauge how the community as a whole
perceives the risk these threats pose.
I would like to invite you to participate in a short survey so we can get
your input. This... (more)
Security, Management & Compliance Track at Cloud Expo
Register Today and Save $550 !
Explore Sponsorship Opportunities !
Today marks the beginning of RSA conference in San Francisco, and the Cloud
Security Alliance (CSA) has been quick out of the gate with the release of
its Top Threats to Cloud Computing Report. This peer-reviewed paper
characterizes the top seven threats to cloud computing, offering examples and
The seven threats identified by the CSA are:
Abuse and Nefarious Use of Cloud Computing Insecure Application Programming
Interfaces Malicious Insider... (more)
Christian Perry has an article in Processor Magazine that I contributed some
quotes to. The article is about the ongoing debate about the merits of public
and private clouds in the enterprise.
One of the assertions that VMWare made at last week’s VMWorld conference is
that secure hybrid clouds are the future for enterprise IT.
This is a sentiment I agree with. But I also see the private part of the
hybrid cloud as an excellent stepping stone to public clouds.
Most future enterprise cloud apps will reside in the hybrid cloud; however,
there will always be some applications, such as... (more)