Core Security Patterns Weblog

Absolutely…Security cannot be an afterthought when it comes to hosting on Cloud.

That’s is the true reality of real-world adoption of Cloud….

Jim Seward (@VersionOne) asked me to take a look at this research study (by Version One, UK) about the confusion surrounding cloud computing amongst senior IT professionals -  I’m not sure it includes your boss . This high-level study was conducted with a group of 60 Senior IT professionals at UK….. has revealed some interesting findings:

1. 41% of senior IT professionals admit that they “don’t know” what cloud computing is.
2. 59% of IT professionals who profess to know what cloud computing, that include:
   • 17% of these understand cloud computing to be internet-based computing
   • 11% believe it is a combination of internet-based computing, software as a service (SAAS), software on demand, an outsourced or managed service and a hosted software service
   • The remaining respondents understand cloud computing to be a mixture of the above.

More interesting to note, Only 2% of respondents mentioned that their company is “definitely” going to invest in cloud computing in the next 12 months…. I would suggest you to read the complete study visiting VersionOne and their findings are right here.

I just had a chance to read this article at DarkReading….it enumerates the following six common security mistakes found with businesses while adopting to Cloud infrastructure based services :

1. Mistake #1: Assuming the cloud is less secure than your data center.
2. Mistake #2: Not verifying, testing, or auditing the security of your cloud-based service provider.
3. Mistake #3: Failing to vet your cloud provider’s viability as a business.
4. Mistake #4: Assuming you’re no longer responsible for securing data once it’s in the cloud.
5. Mistake #5: Putting insecure apps in the cloud and expecting that to make them more secure.
6. Mistake #6: Having no clue that your business units are already using some cloud-based services.

The list is very much focused to the business aspects of security not the technological pitfalls.  You may take a detailed look at the DarkReading post right here.

Coincidently, let’s not ignore the six “Dumbest Ideas in Computer Security” …it is right here.

Lately I’ve been franctically busy with couple of my ISVs and an SI helping them out on a Citizen-scale National Healthcare Identity Infrastructure solution pilot for one of the populous countries in the Atlantic region – Sorry I cannot disclose the country’s name to abide their privacy laws and to protect my job . The solution aims to deliver an Unified Desktop/Voice Infrastructure via Sun Ray environment and fortified by Biometrics and Smartcard PKI based authentication to access the exposed services.  Using Smartcard/PKI and Biometrics for Sun Rays has been deployed in production (at few customers) and in practice for a while now… but in my current project the interesting thing is the complete Sun Ray solution will be hosted as a SaaS environment (~Private Cloud) and other complexities are related to legal/privacy issues with performing citizen’s biometric enrollment and storing the biometric information with a private organization  (Especially, when the Country’s privacy laws forbids storing citizen’s biometric samples). Keeping those nail biting legal issues aside, the Govt folks are still very enthusiastic and excited about adopting to Biometric authentication for Sun Ray based desktops to access their SaaS hosted Web-based healthcare applications.

Biometric Authentication on a Sun Ray environment

Looks cool, Is’nt it.  If you are curious to know the secret sauce of the Sun Ray biometric authentication solution, here is the bill of materials, to put together in place:

1. Sun Ray Session Server 4.x or above
2. Solaris 10 X64 or SPARC
3. Sun OpenSSO (Biometric SSO for Web applications)
4. Sun Identity Manager (Provisioning Biometric Samples during enrollment)
5. Sun Directory Server
6. Sun Secure Global Desktop (Support accessing Windows, Mac, Linux, Solaris Desktops)
7. Oracle 11g or MySQL 5.x database
8. BiObex Authentication Middleware (Advanced Biometric Controls)
9. Hamster Plus – USB Biometric Scanner (SecuGen) – For supporting Desktop/Web authentication
10. CrossMatch Verifier E – Biometric Scanner for supporting Biometric enrollment

Shortly, I will update this blog entry with a detailed architecture and deployment cheatsheet… as soon as I wrap up my current project deliverables.  If you are a Sun Ray enthusiast,  I know you will be having some burning questions ! Feel free to send them, I will try to answer them quick…. otherwise please stay tuned for my unofficial deployment guide.

This stateless infrastructure could be your next generation client for securely accessing your virtual desktops hosted on the cloud

I did’nt get a chance to experience with Microsoft’s Cloud infrastructure….but it’s quite interesting to see Microsoft gone “proactive” on Security with its Cloud infrastrusture ! When everyone else is still itching the head with a burning stick ….Microsoft cloud users may breathe a sigh of relief

Recently, Microsoft Cloud infrastructure team (Global Foundation Services division)  published a document on their security features which highlights Microsoft cloud obtaining ISO/IEC 27001:2005 certification and SAS 70 Type I and Type II attestations.  At the outset, it is an excellent document…especially who don’t realize the importance of Cloud Security (rather than an afterthought), read it for yourself…the document is right here .

 Are you test driving Amazon S3 cloud as your backup storage and worried about your data security ?  Now, Amazon S3 users can have a compelling encrypted backup solution by adopting to OpenSolaris and ZFS.  Few months ago, I had my first experience with ZFS Automatic Snapshots which allows to backup and preserve the filesystem at timed intervals.  Last week I noted from Glenn Brunette that now we can store and retrieve Encrypted ZFS Automatic Snapshots to and from Amazon S3 Cloud.  Thanks to Project Kenai initiative, it just introduced the ZFS Backup To S3  and S3-Crypto tools together referred to as Cloud Safety Box (CSB) that allows to integrate the ZFS Automatic Snapshots with full-fledged encryption support using Solaris Cryptographic Framework or OpenSSL.  The solution can also take advantage of cryptographic accelerators including On-chip cryptographic acceleration provided by Sun Niagara T1/T2 platforms.

The following diagram depicts the operational model of storing and retrieving encrypted ZFS snapshots to Amazon S3 storage cloud.  You just had the highlights… if you want to try it out I suggest you to take a look at the detailed instructions here at Project Kenai.

Encrypted ZFS Automatic Snapshots (Source: Project Kenai)