The Cloud Security Alliance (CSA) published Version 2.1 of its Guidance for
Critical Areas of Focus in Cloud Computing with a significant and
comprehensive set of recommendations that enterprises should incorporate
within their security best practices if they are to use cloud computing in a
The Guidance provides broad recommendations for operational security concerns
including application security, encryption & key management, and identity &
access management. In this article, we will consider security implications of
REST- and SOAP-based communication between consumers and specifically,
Infrastructure as a Service (IaaS) providers.
Cloud Application Security
Cloud application security requires looking at classic application security
models and extending these models out to dynamic and multi-tenant
architectures. While planning for cloud-based applic... (more)
Looking down my blogroll earlier today, I see "A message from Jamie Lewis".
Jamie is the CEO of Burton Group, and always worth listening to, especially
at his Catalyst talks.
So, I click on the link and read that Burton has been acquired by Gartner!
Analyst consolidation continues into 2010...
Congratulations to all at Burton, especially Richard Watson who spoke at
Vordel's conference last November, Anne Thomas Manes whose views on SOA are
quite literally a matter of life and death, and Phil Schacter who has been
tracking Vordel since 2001.
XML Magazine on Ulitzer
These days, XML Gateways are a core infrastructure component of any
enterprise SOA deployment. XML Gateways provide the ability to integrate
services securely with granular access control, data-level encryption,
integrity through signatures and XML threat mitigation. XML Gateways can be
deployed as a hardware appliance or as a software gateway ( also as cloud
based instances). Both of these form factors have their advantages and
disadvantages. This article provides readers with a quick synopsis of the
pros and cons of each form factor.
XML Gateway Ha... (more)
It is very rare today to find a business application that has not exposed its
interface via SOAP/XML. XML is the building block that enables business or
consumer applications to exchange data in a standard structured format. The
exchange of XML data typically takes place through an SOAP/XML interface
based on the Web Services standard or through the REST-based standard.
These flexible standards that richly describe interface functions of an
application also introduce a host of XML and Web Services security
vulnerabilities. This article is a quick guide to most common XML and W... (more)
If you're having trouble getting your head around a single cloud deployment,
please feel free to skip this article.
Now if you're someone who thinks that most IT resource will eventually live
in a private or public cloud-based domain, you're not alone, and you may
start looking into how best to work in a multi-cloud environment.
Paul Krill's article "Cerf urges standards for cloud computing" highlights
cloud interoperability and portability issues discussed by Vint Cerf,
co-designer of the TCP/IP protocol that forms the back bone of modern
It behooves us to conside... (more)
Looks like Forum Sentry, the pioneer and leader of XML Gateway and XML
Firewall technology has announced its latest product that now addresses the
growing need for handling not just XML/Web services traffic, but also
From a technology standpoint, this is not a revolutionary jump, but a gradual
evolution of the XML Gateway that now handles HTTP/HTML-header information,
which is by far easier than looking deeper into the XML packets.
However, the business implication of this is significant since companies can
now use a single platform for HTML and XML processi... (more)