Cloud Security -Threat Agents

I wanted to share this discussion topic which I am currently taking in my cloud computing course.I am overwhelmed to receive superior content for this and thought must share it on my blog...

Describe the basic threat agents relevant to cloud computing, including: Anonymous Attacker, Malicious Service Agent, Trusted Attacker, and Malicious Insider.  Why is this an important Security Concern? 

The basic threat to cloud computing can be enumerated as Ease of Use, Secure Data Transmission, Insecure API’s, Malicious Insider, Shared Technology Issues, Data Loss, Data Breach, Account/Service Hijacking, Unknown Risk Profile, Denial of Service, Trusted Attacked, Anonymous Attacker, Malicious Service Agent and so on.

All these have a different way of intruding into the privacy or secure cloud platform but the end result of creating a security flaw/threat remains the same.

Below are few descriptions for threat agents:

1. Malicious Insiders: People related to an organization having details/access to their resources.
2. Insecure APIs: APIs are accessible anywhere on the Internet and malicious attackers can use them to compromise on confidentiality and integrity of enterprise customers.
3. Anonymous Attacker: on trusted threat agent that usually attacks from the outside of the cloud boundary.
4.   Malicious Service Agent: Able to intercept and forward the traffic that flows within the cloud.Trusted Attacker: Shares IT resources in the same environment as the consumer and attempts to exploit legitimate credentials. Also known as malicious tenants.

All these threats and agents pose a big concern as data and privacy can be exploited. This affects the people, organization and the business to a great extent. A small amount of modification to any of these is a huge risk to the individual and company. No one wants to lose data or be a victim of any bad circumstance and these threats I would say are widely known ones but one needs to dig to make sure unknown threats do no bind them in any way. Unknown threats can be realized based on the cloud model deployed and the security architecture built around it. Every organization should have Security concerns as their top priority to be able to carry out their day-to-day business actions smoothly. 

References:

• http://www.slideshare.net/AsmaaIbrahim2/fundamental-cloud-security
• http://resources.infosecinstitute.com/top-cloud-computing-threats-enterprise-environments/
• http://www.informationweek.com/cloud/infrastructure-as-a-service/9-worst-cloud-security-threats/d/d-id/1114085

Response to discussions on this topic

"Thanks for sharing your experience and yes security can be a far sight with our current ways of working.I agree that in our day to day work getting people adhere to certain security measures is painstaking.However I also feel this is a regional aspect.To give you an insight it is America and few more countries security is not given much weightage because of the fact things with cyber crime and other intrusions are on a scale which is not measured on a daily basis.In developing countries where security is an instinct by itself as every day one faces a attack in a small or big form.

Taking your scenario back in my place in India we used to lock computers once we step out of our desks in a software company and used passwords to open sensitive documents.Even payroll to view , you will have a long password which includes id's,birth and company details to unlock one pdf file.I used to hate it as every time I had to look up a number of mails to decode it.It is tough for my known facts to be accessed which goes to say security is inbuilt in a hard way and that is where we all should head to.

Very glad you brought this up as a balance has to be created which needs a lot of effort and others cooperation as well."

DevOps in the middle :What enterprise architects can learn

Source : Click Here

These days enterprise architects work comprise of all structures and operations within an organization.It ranges from business operations to data analysis,classification,hardware and software areas.Enterprise Architects have also come into areas of application developemnt still they find them struggling with DevOps.

DevOps is designed to strengthen communication and collaboration between developers and IT operations to accelerate the development times and deliver quality applications.Many organizations are working towards implementing DevOps and to ask enterprise architects to factor in the discipline as they implement enterprise architecture within the organization.

Enterprise Architects understand the development and operations as well as structuring the organization and IT.However it is sometimes difficult to determine where to begin and work which way.The best approach is to start in middle i.e starting both ways and working towards it.Also it is known that development is measured by speed and creativity is rewarded.Operations is measured by stability and conformance and control as critical.

Measuring success requires a top down focus so enterprise architects needs to make sure upper management is involved.DevOps is best suited in enterprise architecture .Enterprise architects are in the business of defining conceptual blueprints that eliminate inefficiency and redundancy.All these set the stage for reaping DevOps benefits of improving organizations adaptibility and accelerating the development of applications. 

Constructs for Capturing Technology Modeling

Source: Click Here

This articles introduces the technology layer and gives an overview of the main constructs available for modeling  technology architecture.The technology layer is split up into the following views of Conceptual:where we define the 'What',Logical:where we define the 'How',Physical.:captures the implementation and deployments of technology in the enterprise.

1. Conceptual:'What' technology capabilities are required to provide appropriate technology infrastructure.
• Technology Architecture Objective:A strategic goal associated
• Technology Architecture Principle:High level rules that govern the manner in which the technology capabilities are delivered.
• Technology Domain:Top level construct which provides a means of grouping technology.
• Technology Capability:What technology does what or needs to.
2. Logical:'How' the 'What' will be achieved.
• Technology Component:Describes the class of technology and what component is in the marketplace.
• Technology Function:Describes the functionality that a technology component or product can provide.
• Technology Provider:Captures a technology product or product build being used to provide components in the architecture.
• Technology Product Rule:A relationship class that enables more than one technology component.
3. Physical:Lowest level of abstraction and captures the instances of technology product.
• Technology Node:Captures the physical and virtual devices.The hostname is usually used as the name of the technology node.
• Technology Instance:A physical instance of an element.Technology Instance are sub-divided into the following:
• Application Software Instance
• Hardware Instance
• Technology Instance
• Infrastructure Software Instance
• Technology Deployment Group:Defines a template of the technology instance and node that are deployed on the node.The number of instances can be specified on the 'template'.

Clustering is a physical architecture decision that we capture in the Physical Technology Layer.How one models it depends on how the clustering technology works.This articles shows us the intricate details present in the technology layer and how it contributes to the modeling of technology.

5 Takeaways and Emerging Tech Trends From CES 2015

Source: Click Here

This article talk about the consumers are moving towards the latest trends and the old used ways are or might go away with newer technology products coming into place.Some of the emerging trends are enlisted below.

1. Technology is a killing cable bundle:Cables are becoming something of the past.With online streaming services becoming more accessible with internet connectivity makes the cable forces to die sooner or later.A visibly seen picture of the fall of the cable is coming.
2. Connected is the new catchword:Without being connected we all feel lost or helpless.This is true without being connected through phones,laptops,smart watches,fit bits and more we cannot pass anyone in this world.Connectivity has revolutionized the whole concept of being on a platform to reach anyone anywhere around the world.
3. Your next care will be more of computer than a transportation device:The amount of electronics integrated is remarkable.Latest cars are trending to have more stable internet connection,satellite connectivity and automating the car itself.A smart car will become everyones necessity one day.
4. Tech has invade health,fitness and beauty:Panasonic has one of the coolest pieces of tech this year.A smart mirror screen which shows how your make up and appearance will look.
5. Apple is still the king of consumer electronic:I know this is a sensitive topic and some agree and disagree.Apple mac book air and smart watch are the top stories.

It is interesting to see how new gadgets come into the market and very soon they are outdated with emerging technology.For more read   Click Here...

Enterprise Architecture & Innovation Management

Source: Click Here

The articles brings out the realm of having innovation management along with enterprise architecture to bring out a difference in the functioning of the business.Innovation management is effectively incorporating your organizations goals by adopting innovative ways ideas,products to maximize the value.The agile approach for EA is discussed.

Innovation is a means to get ahead of the usual working and go to the next level of creating something out of the ordinary and to be able to manage this is important.More and more organizations are moving towards agile and scrum processes for projects.EA is said to fail when targeting the entire organizations functions so agile approaches such as scrum can help to tackle the smaller pieces and specific issues.Innovation management shows users the concepts of the innovation lifecycle to improve visibility for the entire team.

It is seen that EA is not influencing innovation management effectively as it should as the innovation projects are not aligned to the transformational needs of the business.EA so far has influenced the process,business functions but needs more rigor for innovation trends.Innovation needs to be real and linking it to underlying EA to generate more ideas.Innovation management and agile enterprise architecture go hand in hand.Both are successful on their own but when brought together they can reap more consistent results and more governance over the ideas created.

Business Architecture is a part of Enterprise Architecture

Source: Click Here


The article is about how EA is applicable only in IT though it is spread across stakeholders,business information,technology and solution architecture.There are wide gaps seen in the approach of developing EA.

Some of the gaps are:

• Developing a business context:
• The IT-Investment Decision Making process
• Creating a governance and assurance mechanism

Also a common trend seen is when EA conflates the business architecture viewpoint of EA.The business context of EA is said to be formed of A vision of the future state,an anchor model and a set of guiding principles.However it is a common mis interpretation of neglecting the business context,treating the business architecture as a separate entity and narrowing down EA to only IT.

Mature practitioners understand the business context and work towards relating it with EA.They focus on the interdependencies,the relationships and how it can drive the actual process.Also experienced personnel in this field look at the view that only when business architecture is engaged does assurance and governance come in place.It is indeed necessary to understand and go into details to see how every business action has a role to play with EA frame.It is sad to see people over look these at most instances but by setting practices it can be brought into picture.Thereby it will be a very good methodology to incorporate the business architecture well inside the enterprise architecture framework or rules to be played.

A Challenge to Enterprise Architects - Think Innovation

Source:Click Here

The article highlights how Enterprise Architecture is used in many aspects of business but less thought to be a catalyst for innovation especially in the areas of SOA and cloud computing.EA is used as a measuring stick for SOA infrastructure and solutions.EA not only serves as a fundamental baseline for SOA elements but its capabilities can be extended to business process modeling,modeling,mobile and wireless.

There are three entry points into service-oriented architecture:

1. Business Process:Enabling an operation or agile process as a measuring tool to know if SOA is successful or not.
2. Governance:Aligning services to the business process and managing the services in the most streamlined and efficient way.
3. Web Services:Ea comprises of loads of artifacts which can be employed through information matrix exchange to build the web service to contribute the business goal

EA is being encouraged to become a competitive advantage and be a way to advance innovation which can optimize capabilities and minimize innovation.It serves as a means to utilize the business process as a criteria to build the services in SOA.Also using EA to determine which part of the business might be served by the cloud.

A very interesting read to know how EA is instrumental to drive the different forces of business and evolve innovation as a means to create alignment,governance and provide worthwhile services to the industry.