| By Mamoon Yunus |
Article Rating: |
|
| December 30, 2009 05:00 PM EST |
Reads: |
1,941 |
XML Security at Cloud Expo
OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing.
The three taxonomies that have become part of our vernacular are:
- Infrastructure as a Service (IaaS): Set of virtualized components that can be assembled to build a application. Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS where you can rent "virtual" hardware and software as a "pay-as-you-go" services. If you need 5 Linux servers running MySQL Database for 3 months, you'd subscribe to an IaaS provider and using their REST or Web service-based API (or command line if you're too cool) to provision, de-provision and monitor your instance.
- Platform as a Service (PaaS): A runtime environment for application developer to deploy their applications in their desired programming environments with production issues such as scalability, security and reliability already addressed by the Platform. Google App Engine, the support Java and Python is a good example of PaaS. Using PaaS developers can code applications locally on developer machines and push them to the cloud. The developed applications can automatically scale to millions of invocations and thousands of users. The developers do not have to concern themselves with managing threading, concurrency and load balancing issues for such almost unbound scalability.
- Software as a Service (SaaS): Fully functional application with potentially and API for external application integration. SugrarCRM, Netsuite and Salesforce.com are classic examples of SaaS in the CRM space. SugarCRM can be used as an fully functional enterprise CRM systems and can also be accessed through Web services APIs for integrating on-premise application. See for example: Web services Testing SugarCRM.
For more details on Cloud Taxonomies and Security, see Understanding Implication of Clouds on Application Security.
Mr. Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, Mr. Yunus pioneered Web Services Security Gateways & Firewalls. He has spearheaded Forum's direction and strategy for six generations of award-winning Web Services Security products. Prior to Forum Systems, Mr. Yunus was a Global Systems Engineer for webMethods (NASD: WEBM) where he developed XML-based business integration and architecture plans for Global 2000 companies such as GE, Pepsi, Siemens, and Mass Mutual. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group.
Mr. Yunus holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology. InfoWorld recognized Mr. Yunus as one of 4 "Up and coming CTOs to watch in 2004." He is a sought after speaker at industry conferences such as RSA, Gartner, Web Services Edge, CSI, Network Interop, and Microsoft TechEd. Mr. Yunus has the distinction of showcasing Forum Systems' entrepreneurial leadership as a case study at the MIT Sloan School of Management. He has also been featured on CNBC as Terry Bradshaw's "Pick of the Week."
Subscribe to Salesforce.com Journal Email News Alerts
Subscribe via RSS
Ulitzer content is offered under Creative Commons "Attribution Non-Commercial No Derivatives" License.
For any reuse or distribution, you must make clear to others the license terms of this work.
The best way to do this is with a link to this web page.
Any of the above conditions can be waived if you get written permission from Ulitzer, Inc., the copyright holder.
Nothing in this license impairs or restricts the author's moral rights.