[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, December 26, 2024

Cloutage.org – Cloud Incidents, News, Resources

Information Security
Author: Mark Dixon
Wednesday, August 11, 2010
4:16 am

Thanks to my colleague Simon Thorpe for pointing out Cloutage.org, a website which provides up to date information about outages and security incidents in public cloud computing:

image”Cloutage exists to empower organizations by providing cloud security knowledge and resources so that they may properly assess information security risks. The project aims to document known and reported incidents with cloud services while also providing a one-stop shop for cloud security news and resources.”

 

The Cloutage home page shows this a list of “Latest Cloud Incidents”:  Here are the most recent three:

image

I was particularly interested in the Evernote data loss, because I am a heavy Evernote user.  I don’t think I lost anything, but it makes me rather nervous – and thankful for the local repository of everything stored in the Evernote cloud.

I suppose the message this brings most strongly home to me is this: Cloud Computing is not invulnerable.  Our trust in cloud computing must be based on solid evidences of sufficient information security.  We must demand (and, as security professionals help enable) auditable security technology and processes in cloud computing.  

Comments Off on Cloutage.org – Cloud Incidents, News, Resources . Permalink . Trackback URL
 

Perspectives on Identity and Cloud Computing

Identity
Author: Mark Dixon
Wednesday, May 19, 2010
9:28 am

image Dave Kearns indentified three separate focus areas for Identity and Cloud Computing in his Network World post today:

Identity-in-the-cloud, or Identity as a Service:

IdM services such as provisioning, governance, role management, compliance, etc. are hosted "in the cloud."

Identity-for-the-cloud:

Provisioning services for cloud apps provided by traditional, on-premise, provisioning vendors as well as other identity services (privileged user management, compliance, etc.) extended to the cloud from your data center.

Meshed, or integrated, on-premise/in-the-cloud:

Linking on-premises Identity Management infrastructure and cloud identity data from cloud-hosted applications.

More than anything, this points out that Identity Management and Cloud Computing is a multi-faceted issue.  “Cloud” may refer to where the Identity Management services are hosted, as well as where the applications reside that consume Identity Management services – or a combination of both.

Certainly worth further exploration.

Comments Off on Perspectives on Identity and Cloud Computing . Permalink . Trackback URL
 

Identity Services for Cloud Computing

Identity
Author: Mark Dixon
Tuesday, February 9, 2010
4:57 pm

To support recent discussions about Identity Management and Cloud computing, I divided the types of Identity Services that might be needed to support Application services into three major categories as shown in the following diagram and explained in a bit more detail below:

IDaaS

The specific services provided in each category could include:

Identity Administration Services

  • Create, update, delete identities
  • Password/credential management
  • Entitlement definition/management
  • Provision/de-provision access privileges
  • Role engineering/management
  • Policy definition/management

Identity Enforcement Services

  • Authentication
  • Authorization
  • Access control
  • Federation
  • Web services security

Identity Audit Services

  • Reporting
  • Evaluation
  • Attestation
  • Validation
  • Remediation

Did I miss any services that you think should be present?  Any input on the categories or types of services?  Any input or criticism would be most welcome.

Comments Off on Identity Services for Cloud Computing . Permalink . Trackback URL
 

Users of Cloud-based Services

Identity
Author: Mark Dixon
Thursday, February 4, 2010
9:54 am

The following chart may be helpful as we consider the different types of users that should be addressed by Identity and Access Management (IAM) technology and processes in cloud computing.

CloudUsers At the Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) layers, the only users are administrators of the platform or infrastructure services, respectively.  However, these administrative users may be either on the provider side or on the recipient or enterprise side.  End users, whether within the enterprise (employees or contractors) or external to the enterprise (customers and partners), only exist at the application layer or Software as as Service (SaaS) layer.

This illustrates how cloud computing introduces increased complexity into IAM. Not only do the different layers (PaaS, IaaS and SaaS) have unique requirements, but multiple organizations (e.g. provider and enterprise) need to be considered.

For example, the nature of PaaS services will require provider administrators to have root access to the operating system, while enterprise administrators at the SaaS level may only need access to application configuration functions and external SaaS users only need to access to selected application functions.

Hopefully, this provides food for thought as we explore IAM in cloud computing.  I’d be grateful to hear your comments.

Comments Off on Users of Cloud-based Services . Permalink . Trackback URL
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.