Jon Shende

In Part 1 we discussed risk, security and cloud computing at a high level. Having been a part of design teams as a contributor as well as project manager to include security and assessment team management over the last few years, I still find the same security concerns and issues directed at the cloud. Here is my take on a few of them with respect to a private cloud environment. Remember a private cloud can be housed within the infrastructure of a service provider (more cost effective for you) or within your own in-house network. Some of these thoughts can be translated into the public cloud environments, although some additional controls may be in order. It's a given that security of data is a major concern for any entity considering a move toward a cloud computing environment. How your data will be kept secure from unauthorized access, modification or distribution ... (more)

Risk and Its Impact on Security Within the Cloud - Part 1

These days when we hear the term "cloud computing" there is an understanding that we are speaking about a flexible, cost-effective, and proven delivery platform that is being utilized or will be utilized to provide IT services over the Internet. As end users or researchers of all things "cloud" we expect to hear about how quickly processes, applications, and services can be provisioned, deployed and scaled, as needed, regardless of users' physical locations. When we think of the typical traditional IT security environment, we have to be cognizant of the potential for an onslaugh... (more)

Service-Oriented Architecture and the Cloud

What is SOA?  One can say that the synthesis of Enterprise Application Integration (EAI) platforms with middleware tools and concepts evolved into what we know today as Service Oriented Architecture. SOA then represents a standards based architectural blueprint with an emphasis on business centric services and transactions rather than that of technology oriented objectives: In other words an architectural style which businesses can use to execute and align services with their business model to achieve their business strategy, goals and objectives. For instance, an end-user reques... (more)

Standards Acceleration to Jump-Start Adoption of Cloud Computing

One major concern with the adoption of cloud computing is the lack of a defined standard or standards that are specific to operations impacting security, interoperability & mobility within the Cloud ecosystem. As most managers of security departments will attest to, there is a fine line between security and operations. While we as business managers want to ensure that we maximize the ROI on our operational investments and ensure that availability is paramount  for our users, we do not want to do so at the expense of our security measures, policies and protocols. On the other hand... (more)

So You Want to Build a Private Cloud?

As the cacophony of cloud evangelism expands into several areas of industry, one much talked about aspect is that of the private cloud. But what really is a private cloud, and once within an organization's security perimeter is such a system a pure cloud computing ecosystem? (Of course within the security perimeter - IT Security teams again have the advantage of control in lieu of that in a public cloud.) Bear in mind though once you start thinking of access from outside your "private cloud" the whole security dynamic will change. At this point your cloud security perimeter beco... (more)