Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, applications, and data to realize the benefits
of commoditization. But successful transfer of control implies trust–and
trust isn’t something we bestow easily onto external providers. We will
only build this trust if we change our approach to managing cloud security.
Cloud’s biggest problem isn’t securi... (more)
I’ll be speaking this Tuesday, Nov 16 at the Gartner Application
Architecture, Development and Integration Summit in Los Angeles. My talk is
during lunch, so if you’re at the conference and hungry, you should
definitely come by and see the show. I’ll be exploring the issues
architects face when integrating cloud services—including not just SaaS,
but also PaaS and IaaS—with on-premise data and applications. I’ll also
cover the challenges the enterprise faces when leveraging existing identity
and access management systems in the cloud. I’ll even talk about the
thinking behind Dar... (more)
Promotion is a problem faced by every API developer. Long nights of coding
have given form to the stroke of genius you had six months ago in the cafe.
You’ve just written the API that will serve as the front door into your
application. But how do you document this so that your peers will use
it—and hopefully make you rich in the process?
Java had Javadoc, an innovation that managed to strike a surprisingly
effective balance between ease of use and systematization (three cheers for
strong typing and static binding). Web services “solved” the interface
definition problem with WSDL... (more)
Everyone wants his or her government to be better. We want more services,
better services, and we want it delivered cheaper. Politicians come and go,
policies change, new budgets are tabled, but in the end we are left with a
haunting and largely unanswerable question: are things better or worse than
they were before?
One thing that is encouraging and has the potential to trigger disruptive
change to the delivery of government services in the US is the recent
publication Digital Government: Building a 21st Century Platform to Better
Serve the American People. The word to note her... (more)
It's a problem as old as networked computing. Consider two applications. They
negotiate a level of trust. How can that trust - or security context - be
transferred to a third application, one that may exist in an entirely
different security domain from the first?
This problem has been solved before, but is limited by proprietary solutions
that resist integration. The challenge now, which is a significant one, is to
solve it again, but this time for Web services - a task complicated by the
need to accommodate a broad range of established security procedures and
legacy technologie... (more)