Latest News from Scott Morrison

How Secure is Cloud Computing?

Thu, 03 Dec 2009 17:15:00 EST

Diffie makes a good point: taken as a whole, the benefits of commodity air travel are so high that it allows us to ignore the not insignificant negatives (I gripe as much as anyone when I travel, but this doesn’t stop me from using the service). In the long term, will the convenience of cloud simply overwhelm the security issues? The history of computing, of course, is a history full of such compromise. Right now we are in the early days of cloud computing, where all of us in the security community are sniping at the shortcomings of the technology, the process, the legal and regulatory issues, and anything else that appears suspect. But truthfully, this is the ultimate low hanging fruit. Identifying problems with the cloud is effortless; offering real solutions is considerably harder.

Visualizing the Boundaries of Control in the Cloud

Wed, 02 Dec 2009 12:15:00 EST

Cloud’s biggest problem isn’t security; it’s the continuous noise around security that distracts us from the real issues and the possible solutions. It’s not hard to create a jumbled list of things to worry about in the cloud. It is considerably harder to come up with a cohesive model that highlights a fundamental truth and offers a new perspective from which to consider solutions. This is the value of Dan’s stack.

I Went for Coffee and RDS was Waiting for Me When I Returned

Thu, 26 Nov 2009 19:06:52 EST

Here at Layer 7, we’ve been really excited about Amazon’s Relational Data Service (RDS) ever since they announced it last month. RDS is basically a managed mySQL v5.1 instance running in the Amazon infrastructure. The point of RDS to provide another basic service that we all need all of the time, managed within the AWS [...]

Webinar Available: New Security Model Requirements for the Cloud

Thu, 26 Nov 2009 18:33:09 EST

Last week, Anne Thomas Manes, Research Director from Burton and I did a Webinar entitled New Security Model Requirements for the Cloud. It’s probably generated the most feedback of any webinar I’ve done. It’s now online, so have a look at it here.

Abstracting Cloud Gateways

Tue, 03 Nov 2009 12:14:24 EST

Ben Kepes, from the excellent CloudAve blog, wrote an entry about Layer 7’s strategy in the cloud. We had a good talk about Layer 7’s new Amazon AMI image, which is available right now in the Amazon Marketplace. CloudAve has been on my blogroll for a while, and I was quite pleased to talk to [...]

Podcast: How to Ultimately Secure the Cloud

Mon, 02 Nov 2009 18:18:47 EST

I had a great discussion with Mike Vizard of CTOEdge the other day about how to secure the cloud. I was joking with Mike afterward that I had tried to avoid delivering any overt vendor message because this is such an important topic. Nevertheless, some SecureSpan specific features had leaked into the discussion. He thought [...]

Clouds May Be Big, But You Should Start Small

Fri, 18 Sep 2009 16:17:48 EDT

James Urquardt, from Cisco, published a review of the US Government’s recently announced cloud initiative. I had the pleasure of sharing a panel with James recently at GigaOm Structure, and his CNET column should be on your must-read list if clouds are of interest to you. In this article, James makes an interesting point that the [...]

eBizQ Forum Question: Is Service Reuse Overrated as a Value Proposition for SOA? Does Reuse Even Work in Real-Life Situations?

Thu, 17 Sep 2009 19:59:34 EDT

Ah, the reuse question. My thoughts are here.

Is Cloud Computing Secure? Prove It

Thu, 17 Sep 2009 17:17:29 EDT

I had a discussion with Wayne Rash the other day about security in cloud computing. He followed up with an excellent article in eWeek with the provocative title Is Cloud Computing Secure? Prove It. I’d encourage you to have a look; Wayne spoke to a number of well-known people in the industry, and they offer [...]

eBizQ Forum Question: Do You Think the Pervasive Use of Cloud Computing Will Expand or Contract the Use of SOA?

Fri, 11 Sep 2009 18:10:53 EDT

My answer is here.

SecureSpan Product Line Certified Against Red Hat’s JBoss Enterprise SOA Platform

Fri, 04 Sep 2009 18:53:50 EDT

We were at this week’s RedHat Summit/JBoss World show in Chicago to announce that the SecureSpan line is now fully certified against the JBoss Enterprise SOA Platform. We’ve seen increasing use of JBoss in our engagements, so this endorsement is important for both Layer 7 and RedHat. We’re huge fans of open source technologies here [...]

Is SOA Ready to Move from the Whiteboards and into Production IT?

Mon, 20 Aug 2007 08:45:00 EDT

Is SOA ready to move from the whiteboards and into production IT? As you might have guessed, the answer remains a disappointing sort of. The issue comes down to tools and infrastructure, and the fact that only some SOA components are mature and easy to source.

Finally, the Killer PKI Application

Wed, 22 Dec 2004 00:00:00 EST

Enterprise PKI has a bad name. Complex, costly, difficult to deploy and maintain - all these criticisms have dogged this technology since it first appeared. To the dismay of so many CIOs, few applications have stepped up to make effective use of PKI. But this may soon change: Web services promotes a security model that demands the flexibility that an enterprise PKI deployment can offer.

Propagating Security Context Across a Distributed Web Services Environment

Wed, 04 Aug 2004 00:00:00 EDT

It's a problem as old as networked computing. Consider two applications. They negotiate a level of trust. How can that trust - or security context - be transferred to a third application, one that may exist in an entirely different security domain from the first?

Policy-It's More Than Just Security - From just-in-time integration to Web services

Wed, 07 Jan 2004 00:00:00 EST

Business has long pursued the goal of making IT more of a strategic tool and less of a necessary evil. Organizations are constantly looking for easier, cheaper, and more logical ways to build applications and unite the silos of functionality they still depend on.

The Challenge of Web Services Security Inside the Firewall - A true story from the consulting trenches

Wed, 03 Dec 2003 09:59:58 EST

True story from the consulting trenches: the operations staff had left hours ago, shaking their heads and reluctantly leaving the consultants to resolve a problem with their code. It was well past midnight, in the middle of winter, in a town many time zones from home.