Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, applications, and data to realize the benefits
of commoditization. But successful transfer of control implies trust–and
trust isn’t something we bestow easily onto external providers. We will
only build this trust if we change our approach to managing cloud security.
Cloud’s biggest problem isn’t securi... (more)
Are SOA anti-principles more important than success principles? Last week Joe
McKendrick >asked the question. The idea of anti-principles came from Steve
Jones, who a few years back did some nice work documenting SOA anti-patterns.
In a post published last fall, Steve builds on his ideas, observing:
The problem is that there is another concept that is rarely listed, what are
which is one of those good questions that should give you pause.
In the same way as Anti-Patterns give you pointers when its all gone wrong
then Anti-Principles are the ... (more)
Cloud is now mature enough that we can begin to identify anti-patterns
associated with using these services.
Keith Shaw from Network World and I spoke about worst practices in the cloud
last week, and our conversation is now available as a podcast.
Come and learn how to avoid making critical mistakes as you move into the
This year’s VMworld conference saw the announcement of VMware’s new
vCloud Director product, a culmination of the vision for the cloud computing
the company articulated last year and a significant step forward in providing
a true enterprise-grade cloud. This is virtualization 2.0—a major rethink
about how IT should deliver infrastructure services. VMware believes that the
secure hybrid cloud is the future of enterprise IT, and given their success
of late it is hard to argue against them.
vCloud Director (vCD) is interesting because it avoids the classic
virtualization metaphors ... (more)
I’m not sure who is more excited about the cloud these days: hackers or
venture capitalists. But certainly both groups smell opportunity. An
interesting article published by CNET a little while back nicely illustrates
the growing interest the former have with cloud computing. Fortify Software
sponsored a survey of 100 hackers at last month’s Defcon. They discovered
that 96% of the respondents think that the cloud creates new opportunities
for hacking, and 86% believe that “cloud vendors aren’t doing enough to
address cyber-security issues.”
I don’t consider myself a hacker (exce... (more)