Friday, October 26, 2012

Cloud Computing Dangers: Incident Detection

This posting is Part 2 of the Case Study in Cloud Computing Dangers.

At around Noon U.S. Eastern Daylight Time (EDT) on Wednesday, May 9, I forwarded a calendar invite from my corporate account to my VA address. The message included some important attachments that originated from a prime-contractor colleague. I also responded to several email messages from the same colleague, sending mail to both his corporate and his VA accounts. Everything that seemed to have worked fine a few minutes prior was about to blow up in my face.

A Case Study in Cloud Computing Dangers

"A cloud computing approach could save 50 to 67 percent of the lifecycle cost for a 1,000-server deployment." Kevin Jackson - Forbes.

It's not hard to understand why business executives are completely intoxicated by cloud computing.  For the uninitiated, cloud computing essentially allows organizations to outsource just about any IT processing to a third party. If you need new servers, then you can just go to Amazon to quickly and cheaply procure new server capacity that's available immediately. Sick of managing your internal email system? Go to Microsoft to get Exchange email, calendaring, instant messaging, and SharePoint with the click of a button. Want to gain access to enterprise-class back office accounting and support system? Check out Google Apps for Business and all of the add-ons that it makes available. An organization can get instant satisfaction by moving to the cloud while paying a small fraction of what it would cost to procure the equipment, software, and people to do it all internally.

Sounds great, right?  Look closer and you may not be so convinced.

Wednesday, October 3, 2012

Mozilla Persona: Future of Authentication?

While doing research for a new analysis of modern authentication last week, I discovered that Mozilla had released the beta distribution of Persona, a new authentication system Mozilla describes as "an easy way to sign in to a website." I become so enamored with Persona that I figured that it deserved a quick posting rather than get buried into an analytical perspective that will not look too favorably on modern authentication mechanisms. Consider yourself teased.

This posting introduces Persona as an authentication mechanism, discusses the advantages that organizations and individuals could gain from using Persona, and some of the new vulnerabilities that they should consider before using Persona.