Jon Shende

These days when we hear the term "cloud computing" there is an understanding that we are speaking about a flexible, cost-effective, and proven delivery platform that is being utilized or will be utilized to provide IT services over the Internet. As end users or researchers of all things "cloud" we expect to hear about how quickly processes, applications, and services can be provisioned, deployed and scaled, as needed, regardless of users' physical locations. When we think of the typical traditional IT security environment, we have to be cognizant of the potential for an onslaught of attacks, be they zero day, the ever-evolving malware engines and the increase in attacks via social engineering, the challenge for any security professional is to develop and ensure as secure an IT system as possible. Thoughts on Traditional Security and Risk Common discussions within t... (more)

Malware and Cloud Jacking

Malicious software or malware is a security nightmare. One can agree with the statement that malware in the internet is a growing epidemic and is costing industry billions of dollars each year. According to Microsoft Malware "is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al." Although the growth of malware may be flattening, its design sophistication is not. Per Kaspersky labs approximately 300,000 new malware programs ... (more)

Risk and Its Impact on Security Within the Cloud - Part 2

In Part 1 we discussed risk, security and cloud computing at a high level. Having been a part of design teams as a contributor as well as project manager to include security and assessment team management over the last few years, I still find the same security concerns and issues directed at the cloud. Here is my take on a few of them with respect to a private cloud environment. Remember a private cloud can be housed within the infrastructure of a service provider (more cost effective for you) or within your own in-house network. Some of these thoughts can be translated into the ... (more)

Identity Management in Cloud Computing

Web-services research and protocol applications have been around and in use for quite some time now. With the potential Capex and Opex savings enterprises can potentially realise from utilizing a cloud computing service model, there should also be added focus on ensuring that security is properly implemented either in authentication or authorization. Cloud Computing, with its foundation in the world of virtualization, can take advantage of key aspects of web service implementations and security practice; but only to a point. Web service policies are based on a static model that ... (more)

Service-Oriented Architecture and the Cloud

What is SOA?  One can say that the synthesis of Enterprise Application Integration (EAI) platforms with middleware tools and concepts evolved into what we know today as Service Oriented Architecture. SOA then represents a standards based architectural blueprint with an emphasis on business centric services and transactions rather than that of technology oriented objectives: In other words an architectural style which businesses can use to execute and align services with their business model to achieve their business strategy, goals and objectives. For instance, an end-user reques... (more)