The evolution of software security from SOA to cloud computing

The state of cloud security depends on its view. Alarmist view is "Wild West" (Wildwest), but the cloud supporter thinks these concerns are excessively exaggerated.

Jeff Schmidt, a global advisor on information security and JAS, believes that, from a security standpoint, the cloud is more or less inherently insecure than a machine on the desktop or a machine operated by it. The problem is only different. "Generally we think cloud is safer in http://www.aliyun.com/zixun/aggregation/13746.html" > Economies of scale because of the professional managers, The theory is related to the high level of integrity of management practices and a good maturity model, "he said. This means that cloud providers should be above basic security practices, such as updating patches and compliance, "in many cases, it's hard to get if you don't do it yourself, unless the company is big and complex." "However, the tradeoff is to lose control," including technology, sometimes even business and legal control, "he said. This is where cloud computing is sometimes an adventure.

In fact, Adrianlane points out that while cloud services and traditional SOA overlap in some things, like how ID management services are handled, there are differences. For example, lane points out that usually each cloud provider uses its own method architecture. Providing a federated ID management system or Key management systems that handle encryption for other types of authentication is a challenge, as these will run in the cloud.

He says most customers end up using a hybrid approach, such as a customer's traditional infrastructure that communicates directly with the cloud. The goal is to ensure that IDs are consistent between the two. "The use of SAML seems to be more compelling; it allows the enterprise to create authentication and to assert it across different Web services and using some of the same ID services," he said. This requires administrative IDs and access control. "This is our common method, but it is not clear which person has adopted and acquired it unilaterally." ”

and exception handling. For example, he points out that through Microsoft's cloud approach Azure, everything "is more encapsulated through Microsoft's technology, at least compared to Rackspace and Amazonaws services, where the main thing is to build a service environment in its own way," he said.

Lane once again emphasizes that the API for ID governance in cloud service uses differences in SOA. In particular, he noted the existence of OpenStack, an Open-source project funded by Rackspace and other cloud companies, with the goal of supplying an Open-source cloud platform. "In this project, a number of visits and authorization software have been built," he said. "All cloud providers will have a mechanism that has been built up, but where they may not reach the use of hope or demand, especially in conjunction with identity identification," he added. This means that you will still need to "add some material" to support the cloud infrastructure.

"People will be able to choose between the completion of their differences, but where they will be used like SAML or OpenID," he said. This means that software architects can demand a differentiated design for cloud peace service. "When we teach, we start with the structure, and then it's what the independent vendors supply, but you need to make the final decision about what you need to practice," he said.

The decisions you make are driven by the kind of cloud you want to accomplish. For example, he points out that some companies are willing to adopt a private cloud approach. "This means that they can put existing instruments into the cloud and then profit from more flexible capital, and the Pay-as-you-go approach does not require a solution cloud," he said. Where it means using the same software, there is no fundamental change in architecture.

On the other hand, if you migrate to a public cloud like Amazon, work can be more complicated. "You can simply use any method to set up a variety of connections, from open to public and perhaps closed, to only visit your own data," he revealed.

Although in essence, it's good to start with SOA. "Saml and OpenID have been around for a long time," he said. The industry has started to collect things that can deal with many of the fundamental issues of empowerment. "The way we choose to use that is completely open up, but it can become very complicated," he added.

(Responsible editor: The good of the Legacy)