Archive for security

What does the string @ site subject mean?

April 19, 2010 at 5:06 am · Filed under fun, linux, opensource, script, security, shell

91d437f0fb56cfb5b64de81b60bd6738 ->

$ echo “a man on linux” | openssl dgst

or

$ echo “a man on linux” | md5sum

  • Share/Bookmark

Comments off

Gartner: Seven cloud-computing security risks

July 18, 2008 at 12:30 am · Filed under cloud, innovation, security

Source: http://www.infoworld.com/…/Gartner_Seven_cloudcomputing_security_risks_1.html

Cloud computing is fraught with security risks, according to analyst firm Gartner. Smart customers will ask tough questions and consider getting a security assessment from a neutral third party before committing to a cloud vendor, Gartner says in a June report titled “Assessing the Security Risks of Cloud Computing.”

Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance, and auditing,” Gartner says. (Compare security products.)

Amazon’s EC2 service and Google’s Google App Engine are examples of cloud computing, which Gartner defines as a type of computing in which “massively scalable IT-enabled capabilities are delivered ‘as a service’ to external customers using Internet technologies.”

[ Learn more about what cloud computing really means and the new breed of utility computing and platform-as-a-service offerings. ]

Customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs. Ask questions related to the qualifications of policy makers, architects, coders and operators; risk-control processes and technical mechanisms; and the level of testing that’s been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.

Here are seven of the specific security issues Gartner says customers should raise with vendors before selecting a cloud vendor.

  1. Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the “physical, logical and personnel controls” IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. “Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access,” Gartner says.

  2. Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are “signaling that customers can only use them for the most trivial functions,” according to Gartner.

  3. Data location. When you use the cloud, you probably won’t know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, Gartner advises.

  4. Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn’t a cure-all. “Find out what is done to segregate data at rest,” Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. “Encryption accidents can make data totally unusable, and even normal encryption can complicate availability,” Gartner says.

  5. Recovery. Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. “Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure,” Gartner says. Ask your provider if it has “the ability to do a complete restoration, and how long it will take.”

  6. Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. “Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible.”

  7. Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. “Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application,” Gartner says.

  • Share/Bookmark

Comments off

What Does Cloud Computing Mean for You?

June 26, 2008 at 4:59 am · Filed under cloud, innovation, security

I found this article published at PCMag and thought I should highlight some in red

Source > http://www.pcmag.com/article2/0,2704,2320619,00.asp
Author > John Brandon

Cloud computing is set to take over the world, or at least possibly replace Microsoft Outlook. The cloud concept is simple: It’s a way to access your data and apps from anywhere, via the Internet (or “the cloud”). Yet everyone from Gartner Group to Google has a slightly different take on cloud computing: It can be anything from storing and sharing documents on Google Docs to running your entire company operations using a remote, third-party data center. Some envision it as a way to compute without operating systems, or pesky local client programs, and with minimal hardware needs (just a basic client machine).

“The most important single characteristic of a cloud is abstraction of the hardware from the service,” says John Willis, a noted cloud-computing expert and blogger, explaining that the location of the servers is not as important as easy access to the data. “However you define it, I think cloud technology will have a footprint in every business that does IT within the next five years.”

The particular type of cloud computing that the business world could take advantage of requires massive server cluster farms and superfast network bandwidth. It also requires that companies be ready to hand over their data to a third party. A few small companies, among them Zoho.com (which offers business apps, such as word processing and task lists) and Box.net (which supplies online file storage) have established themselves as SaaS (software as a service) providers, with varying degrees of success. But SaaS is primarily a race between Google and Microsoft to provide advertiser-supported cloud applications to customers.

Security is one critical issue that both companies must address. Depending on the SaaS provider, data can be encrypted from point to point, and since services are Web-based, they’re very easy to patch. Google, for example, can respond to a new security threat without customers even being aware of the problem—or the fix. But end users essentially would have to entrust their data to an outside entity, which is a big leap of faith. Dave Girouard, a VP and general manager at Google, says that the company is working to allay the fears that make trust difficult to achieve.

“Google is investing enormous amounts of capital and sweat equity to ensure that we can protect your data better than you can do yourself,” he says. “Cloud computing will be additive. Usage patterns will change, and users will look primarily to the cloud for most of the things they turn to their PCs for today.”

Yet others aren’t as optimistic about cloud computing. Forrester Research analyst Frank Gillett cautions that it’s not quite ready for prime time. He says that the framework is in an early phase of development—it’s almost experimental, rather than a reliable and trusted computing paradigm.

Ironically, even though Google is battling to dominate the cloud, some of its apps, such as Google Earth, still cache a tremendous amount of data locally to speed up operations. Add to that the privacy, network bandwidth, and political hurdles yet to address, and it looks as if cloud computing will have to drop down to earth a bit more before it can enjoy widespread adoption by both consumers and businesses.

  • Share/Bookmark

Comments off