No Software. No Hardware.

Salesforce.com Journal

Subscribe to Salesforce.com Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Salesforce.com Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


XML Security at Cloud Expo

OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing.

The three taxonomies that have become part of our vernacular are:

  1. Infrastructure as a Service (IaaS): Set of virtualized components that can be assembled to build a application.  Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS where you can rent "virtual" hardware and software as a "pay-as-you-go" services.  If you need 5 Linux servers running MySQL Database for 3 months, you'd subscribe to an IaaS provider and using their REST or Web service-based API (or command line if you're too cool) to provision, de-provision and monitor your instance.
  2. Platform as a Service (PaaS): A runtime environment for application developer to deploy their applications in their desired programming environments with production issues such as scalability, security and reliability already addressed by the Platform.  Google App Engine, the support Java and Python is a good example of PaaS. Using PaaS developers can code applications locally on developer machines and push them to the cloud.  The developed applications can automatically scale to millions of invocations and thousands of users.  The developers do not have to concern themselves with managing threading, concurrency and load balancing issues for such almost unbound scalability.
  3. Software as a Service (SaaS): Fully functional application with potentially and API for external application integration.  SugrarCRM, Netsuite and Salesforce.com are classic examples of SaaS in the CRM space.  SugarCRM can be used as an fully functional enterprise CRM systems and can also be accessed through Web services APIs for integrating on-premise application.  See for example:  Web services Testing SugarCRM.

For more details on Cloud Taxonomies and Security, see Understanding Implication of Clouds on Application Security.

More Stories By Mamoon Yunus

Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, he pioneered XML Security Gateways & Firewalls and was granted a patent for XML Gateway Appliances. He has spearheaded Forum's direction and strategy for eight generations of award-winning XML Security products. Prior to Forum Systems, Yunus was a Global Systems Engineer for webMethods (NASD: WEBM) where he developed XML-based business integration and architecture plans for Global 2000 companies such as GE, Pepsi, Siemens, and Mass Mutual. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group.

He holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology. InfoWorld recognized Yunus as one of four "Up and coming CTOs to watch in 2004." He is a sought-after speaker at industry conferences such as RSA, Gartner, Web Services Edge, CSI, Network Interop, and Microsoft TechEd. Yunus has the distinction of showcasing Forum Systems' entrepreneurial leadership as a case study at the MIT Sloan School of Management. He has also been featured on CNBC as Terry Bradshaw's "Pick of the Week."