Welcome!

Reliable and Secure Gateways to the Cloud via XML and SOA Governance

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mamoon Yunus

XML Security at Cloud Expo OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing. The three taxonomies that have become part of our vernacular are: Infrastructure as a Service (IaaS): Set of virtualized components that can be assembled to build a application.  Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS where you can rent "virtual" hardware and software as a "pay-as-you-go" services.  If you need 5 Linux servers running MySQL Database for 3 months, you'd subscribe to an IaaS provider and using their REST or Web service-based API (or command line if you're too cool) to provision, de-provision and monitor your instance. Platform as a Service (PaaS): A runtime environment for application developer to deploy their applications in their desired programming environm... (more)

Federated SOA: A Pre-Requisite for Enterprise Cloud Computing

According to Massimo Pezzini, VP and Gartner Fellow, "Federated SOA is a systematic approach to large-scale, enterprise wide SOA that enables organizations to integrate semi-independent SOA initiatives. Often used to fix an initial lack of coordination, federated SOA should be proactively pursued from the inception of major, strategic SOA initiatives." -- Divide and Conquer: Taming Complexity Through Federated SOA. Successful enterprise SOA implementations build on a set of localized, project-level efforts with services that have clearly identified and accountable business and te... (more)

MIT Technology Review Covers Cloud Security

Security at Cloud Expo MIT Technogy review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing.  Some of the interesting points in this article include: The cloud security threat is across two related dimensions: cloud resident data may be lost due to equipment/software failure or stolen by a hacker because of the shared resouce nature of cloud computing. cloud data may be mishandled by the cloud provider because of technology gaps, but more importantly, such information can be extract... (more)

Why is a Cloud Gateway Required?

Gateway Sessions at Cloud Expo Security has been on the forefront of discussion in the technology community as being the primary concern gating enterprise adoption of cloud computing. Although this is a valid concern, most cloud providers, owing to the security demands of maintaining a multi-tenant infrastructure, provide strong security provisions, perhaps better than an enterprise's own data center. Legal, compliance and process issues become more significant rather than technical security concerns. Moving into 2010, reliability will be a higher concern for enterprises. Recent ou... (more)

Strategies for Securing Enterprise-to-Cloud Communication

The Cloud Security Alliance (CSA) published Version 2.1 of its Guidance for Critical Areas of Focus in Cloud Computing with a significant and comprehensive set of recommendations that enterprises should incorporate within their security best practices if they are to use cloud computing in a meaningful way. The Guidance provides broad recommendations for operational security concerns including application security, encryption & key management, and identity & access management. In this article, we will consider security implications of REST- and SOAP-based communication between co... (more)