Cloud computing trends: governance gateways and security

Cloud computing has many benefits, but there are also a number of unwelcome "peers" accompanying them. They are governance issues, authentication gateways (whether or not they are used), and security issues. Although these issues are similar to cross-cutting it areas, they are not exactly the same.

True, SOA governance is the first step in transformational cloud governance, says Joe McKendrick of the Joe McKendrick Institute, which spans multiple platforms and system access services as the fundamental challenge of cloud computing. "In the cloud, a service may be invoked by an application that is invoked by another application, and that application is invoked by the end user." In other words, authenticated end-users may be separated by two to four levels of service away from actual access, "McKendrick said. This poses a new challenge for authentication and access control-enterprise-class requirements, standardization interrupts access control for all degrees of separation, he said.

He also notes that the experience of cloud governance is the same as the service-oriented architecture deployed and the common enterprise architecture. However, he also says that when a cloud service is recommended or requested, it needs to flow, focus on the purpose and scope of the service, and other requirements that may exist in the enterprise. Then this is important, he says, "a step in the process that checks for other services or other assets that are already available." "In other words, you need a way to manage the lifecycle of services in an enterprise environment." In addition, McKendrick says, the end of the JBOC architecture is just a bunch of cloud services that intersect within the enterprise. "They will be replaced by more expensive systems," he said. ”

Gartner analyst Daryl Plummer thinks that's the point. The cloud assumes that you do not have to worry about architecture and design unless you are the provider, but this commitment depends on governance. "Governance needs to be responsible for two things: the system behind the service needs to be governed and the service itself needs to be governed," he says.

Plummer that service governance is typically associated with gateways. Gateways are usually four things: security, management, encryption, and identity management.

Plummer explains that the current strategy must span multiple services and multiple gateway integration alliances. API management is another specific requirement. If you are a provider like ETrade, you want to deliver APIs to partners or customers, the use of the management APIs is very important. If not properly managed, your system will be in trouble or may be attacked without knowing it, he said.

Gateways can assist in managing this type of problem, and in some cases gateways can be virtualized and Plummer introduced. "If you own a cloud gateway as a service, it simply means that some other company is responsible for running the gateway and making sure it recognizes what it is supposed to do," he explains. In this scenario, all the it runs specify their policies, they do not need to be managed or run the gateway itself.

David Linthicum, an analyst with Bick Group, argues that the challenges of cloud governance are not obvious, and that security is a new security model. "People are confused by cloud security, cloud Security has no familiar user ID and password, it is expensive and requires talented people," he said.

Governance also applies to security. "It determines what can be done with this source after it has been accessed." Governance provides policies around services, so they only allow activities within the scope of execution, and if they are exceeded, they are not allowed and will be reported to Mo individuals, "Linthicum said.

Governance can also monitor dependencies. "If I am using Amazon services to create an application that can change these services, the governance warns me that these applications have been modified so I know to change other services before they are ' destroyed '." "Linthicum points out.

Linthicum that traditional concentrations of security were not "chopped off" in the clouds. "If security doesn't execute correctly, it makes you more vulnerable to attacks, and you don't get the full value of the cloud," he said.

"People are trying to push traditional security into a world that the cloud lacks." You have to spend a lot of time to figure out how you're going to do it. Do some prototyping, learn what you can do, prepare to actually respond to the cloud, introduce SOA, and deal with security in a different way, "he added.

(Responsible editor: The good of the Legacy)