|
Dwight Koop is cofounder and chief operating officer for CohesiveFT. His experience spans enterprise IT and entrepreneurial startups. Dwight was global head of data center operations and security for Swiss Banks capital markets, and O'Connor and Associates. He was one of the founders and an EVP of the Chicago Board Options Exchange during its early and rapid growth years. As COO of Bedouin, Inc, he was instrumental in its acquisition by Borland, and as a VP at Borland he played a significant role in its acquisition of Starbase. He was also COO of Signet Assurance, where he is proud to say his engineering team consisted of Eric Hughes, the noted cryptographer, and Bram Cohen, the founder of BitTorrent. Mr. Koop is also the Managing Member of Leporidae Holdings LLC, a private asset management company. Leporidae recently sold its interest in Rabbit Technologies Limited to VMWare.
|
|
In the financial industry, Modern Portfolio Theory suggests one can systemically balance investments to maximize expected return for a given amount of risk, or minimize risk for a given level return.
This paper explores similar concepts applying a portfolio strategy to achieve the desired balance between cloud computing's risks and costs.
Summary
In this paper three vectors of transferable risk are identified: Grid-geo-political, Infra Platform, and Vendor Process risks. The focus here is on transferable risks, because many IT risks are not changed by adopting cloud computing. See, IBM's "Cloud Security - A Shared Responsibility." Simply stated, a sufficiently diversified IaaS cloud portfolio can be used to manage, reduce, and/or eliminate all three kinds of transferable risk. Additionally, there is a point where further diversification has no marginal value.
In order to deploy to a portfolio of IaaS clouds, application owners need tools to converge the different cloud platforms of a diversified portfolio into a manageable solution topology. VMware's Global Connect partnership of four vCloud providers: Bluelock, Colt, Softbank, and SingTel is a cloud portfolio offering, all be it one with single vendor Infra Platform risk. Rather than a portfolio with concentrated vCloud Infra Platform risk, a cross-cloud, cross-platform portfolio is the more responsible and recommended solution.
CohesiveFT's Elastic Server Application Container is a cohesive cloud convergence solution which includes the tools necessary to manage an IaaS portfolio comprised of complementary, but non-covariant, cloud deployment choices.
What is yet to emerge is a single enterprise-grade 'one-stop-shopping' offering (like Global Connect), but with Infra Platform diversification. We anticipate a low risk "Cross- Cloud Convergence" offering from a single vendor, or federation, will be brought to market in the near future. Until then, risk averse organizations will need to engage with multiple public cloud providers, or coordinate a federation internally or among peers. |
|
Key goals for IT security are the elimination of data leaks and data corruption, and high availability of data. When running your systems in third party controlled infrastructure new approaches that leverage existing skills and technology are required.
This White Paper discusses the Infrastructure of Security and Control in Public, Private and Hybrid Clouds with particular focus on Federated Identity Management.
Summary
The ubiquity of software solutions delivered over the internet as services (SaaS) to all manner of end user devices drives a growing demand from users for login simplicity across many sources, commonly referred to as single sign-on. The corollary concern of users is of course protection of privacy when personal and financial data is shared across service suppliers. Those suppliers of services view the same issues from the point-of-view of collaboration with peers and partners in various forms of federated identity assurance.
From the simplest social network application to highly regulated industry sectors there is money to be made, savings and agility to be achieved, and greater utility to be delivered when a collection of service providers (private or public) can join an ecosystem delivering cloud computing services, and even further benefits for cross-service assurance of identity (each others identity as well as that of common users). In the days of castles-and-moat datacenters, CIO's protected their information technology with guards, guns, and glass, and limited network access to locked down networks.
Now factor in cloud computing.
Cloud computing, (private, public, or hybrid) is now the accepted solution for optimizing IT resources by leveraging automation, virtualization, and multi-tenancy. But, with the benefits of new cost models and greater agility come a loss of control and new risk surfaces and vectors.
The remainder of this paper explains how OVERLAY NETWORK techniques are used to secure and control federation across a mesh of peered networks. |
|
"Techno-Revolutionaries of 2010 - Their CLOUD Tactics and Techniques"
CLOUDS = Overwhelming Capacity to Engage + First Mover Advantage. Until now, the edge in Network Centric Warfare (NCW) has been on the side of those who build and maintain capital intensive data centers and the supporting infrastructure. Public CLOUD computing removes this competitive advantage - flattening the playing field. Today, a small group of independently-acting individuals can utilize massive commercial data center capabilities, high bandwidth networks, and on-demand hourly fees while hiding in plain sight in the fabric of the global Public CLOUD Infrastructure. All at minimal cost, and with low risk of detection alongside the business clients of the CLOUD vendors.
HOW:
1. Prepare task specific virtual server template configurations
2. Stage these templates into mission specific virtual clusters
3. Swarm the clusters across a fabric of CLOUD vendors
4. Dynamically redeploy the clusters to allude infiltration, capture, or forensics
This paper examines the tactics and techniques for conducting warfare using and in the CLOUD. Actual experience from building, deploying, and managing virtual stacks, and the role of the author's Elastic ServerĀ® Platform webservice are presented, including::
- CLOUD attack vectors
- Leveraging CLOUDS to build overwhelming capacity
- First move advantage - who has it now
- Diversification of CLOUD concentration risk
[If you do not have access to this paper, please contact Dwight directly to request a copy.]
|
|
"Methods for Leverage Cloud Computing with Assured Control & Security"
Cloud computing delivers rapid infrastructure scalability for on-demand deployments, cross data center integration, emergency backup, and survivability - all with usage-based pricing model. Cloud computing is rapidly being adopted in the commercial sector, HOWEVER, the gating factor preventing use in the special operation forces community is Cloud Control & Security.
This paper, co-authored with Peter Rung from IDRank Security, examines military applications of Cloud computing, and discusses use of CohesiveFT's VPN-CubedĀ® technology to create virtual Overlay Networks that are secure from each network end-point to each network end-point - not just - firewall to firewall security. Solutions, including:
- Encrypted communications between all virtual servers within a hyper-cloud.
- Intrusion detection and prevention.
- Extrusion detection and prevention.
- Service discovery and election, in non-multicast environments.
- Federated management of all security elements between clouds.
The paper explains techniques for deploying security as part of a cloud infrastructure to eliminate the risks of exposure to unauthorized personnel.
[If you do not have access to this paper, please contact Dwight directly to request a copy.] |
|
|
