Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
Tips on Evaluating Security in the Cloud
Treat the Cloud like an extension of your corporate or production network

I've received a lot of questions lately about security in the Cloud and what CTOs should be considering when they are evaluating it. Here's my advice, treat the Cloud like an extension of your corporate or production network, don't treat it or hold it to a lower standard assuming that your cloud provider knows more than you.

If you have requirements that you can't get in your Cloud solution make sure that not getting those requirements constitutes an acceptable risk or tradeoff. In evaluating a Cloud provider here are some critical questions to ask:

1. What is the Authentication and Authorization required for access into the Cloud account?

  • Many cloud providers will provide a way to authenticate into the Cloud but how will this integrate with the identity solution currently used?
  • For these Cloud accounts how will group based auth be used? Can you have security groups like you do today?
  • Any good security policy has the philosophy of separation of roles. Make sure roles, access, and accounts can be separated effectively when using the Cloud.

2. When you're using the Cloud ask yourself the question "where is my data?"

  • Do you know? Does your provider know?
  • If there are geo restrictions on the location of the data, is the data within these restrictions? For EU companies, is the data in the EU or in a Safe Harbor country or is it elsewhere?

3. What are some of the steps a network admin. should take to secure the Cloud and what are the reasons behind these steps?

  • Understand access controls and restrictions.
  • Understand IP restrictions and policies. Where can these policies be applied and how? Who has the ability to audit these policies?
  • Who has access to view these restrictions?
  • In the event of a security compromise how will one find out what happened? Audit logs, IP logs?
  • For Cloud APIs how are these secured? HMAC? Certificate based authentication?
  • Always evaluate where credentials are stored, can these be compromised?

It depends on the level of security your company is seeking but it's imperative that the Cloud has a layer of security to protect users and their content being stored. Cloud providers use two-factor authentication to protect data and accounts from being compromised.

About Charles McColgan
As Chief Technology Officer, Charles McColgan spearheads the technical development, operations, and long-term vision of TeleSign. He brings 20 years of industry experience including 10 years of experience creating and operating SAAS solutions used by thousands of enterprises in the security and messaging space.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

SOA World Latest Stories
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one l...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling independent service deployments. In this presentation we'll provide an overview of the tools, patterns and pain points we've seen when implementing contract testing in large development ...
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools ha...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder an...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portabil...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE