|By Sean Rhody||
|August 29, 2008 03:12 PM EDT||
There's a biblical story about a walled city called Jericho. In the story, the walled city was under siege, and the folks who wanted in blew their horns for seven days and then the walls all fell down.
The Open Group has an initiative based on this story, called Jericho Security, which is based on the premise of security without walls. This is at odds with most current concepts of security, and yet it appears almost vital to the concepts Web 2.0 espouses such as collaboration, open discussions, and the free flow of information.
The conventional approach to security has been and to a certain extent remains one of putting up walls around things - organizations, servers, etc. Even the concepts and terms we use have a militarist bearing - firewalls, demilitarized zones - that connotes borders and maintaining integrity.
But the old saw about generals always being ready to fight the last war may also be apropos here. We're not fighting an external enemy in many cases - a good number of costly security breaches have been internal. There are no clear battle lines, no solid borders in today's corporations, just a mesh of various individuals and ecosystems working together.
Web 2.0 and social networking have further compounded the issue. I've had numerous conversations with organizations recently regarding the adoption of social computing and other Web 2.0 technologies. One uniform response from the corporate world is that blogs are bad. Whether it's with respect to legal, regulatory, or privacy issues, invariably someone has decided that blogs are the latest incarnation of the Wild Wild West. Some big bad blogger is going to come along and say something so dreadful that it will cause massive disruption to the business and drive it into bankruptcy.
Never mind that we've all dealt with an electronic document mechanism for close to 20 years that serves as a model of how to deal with this challenge - it's called e-mail. Policy, practice, and governance have been put in place to deal with the same challenges over the years and solutions exist.
Security has become a larger challenge - not only must we address the issue of protecting data at the source, we also must be able to address legislated concerns about communications and free expression. It's become inexorably linked to social and governance issues such as HIPPA, Sarbanes-Oxley, and PCI. In this context, the concept of putting a wall around the organization becomes increasingly irrelevant. Security can't be at the edge; it has to be part of the data, an integral part. And the definition of data, which in most cases means structured data in a database, has to undergo a rapid transformation. Data is not in the database anymore; it's everywhere.
Recent data theft disclosures drive this point home. I suffered some credit card fraud recently. When I looked into the organizations I had credit with, it startled me that there were multiple incursions at different companies in which my identity may have been compromised. It frightens me that instead of possibly identifying where the breach had occurred, what I saw was a pattern of breaches throughout the industry. Yet all of these organizations have firewalls and IT security groups. Obviously that's not really helping to solve the problem. Since many of the breaches in security have occurred within the firewall, it's clear to me that security at the perimeter is not the answer to our problems. Without protection of the data, at the source, secured so that internal theft is pointless, we're all at risk.
The plus side to all this is that once data is secure in this manner, the concepts of a wall around our organizations - you know, the one IT clamps down that prevents you from visiting Facebook or using instant messaging and generally interferes with you operating as efficiently at work as you do at home - vanishes. Then, finally, the walls can come down.
Security is one the more prominent of the application service categories, likely due to its high profile impact. After all, if security fails, we all hear about it. The entire Internet. Forever. So when one conducts a survey on the state of application delivery (which is implemented using application services) you kinda have to include security. Which of course, we did.
Apr. 28, 2015 11:30 AM EDT Reads: 2,083
In 2015, 4.9 billion connected "things" will be in use. By 2020, Gartner forecasts this amount to be 25 billion, a 410 percent increase in just five years. How will businesses handle this rapid growth of data? Hadoop will continue to improve its technology to meet business demands, by enabling businesses to access/analyze data in real time, when and where they need it. Cloudera's Chief Technologist, Eli Collins, will discuss how Big Data is keeping up with today's data demands and how in t...
Apr. 28, 2015 11:00 AM EDT Reads: 1,525
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
Apr. 28, 2015 11:00 AM EDT Reads: 3,668
Choosing between BIG-IP and LineRate isn't as difficult as it seems.... Our recent announcement of the availability of LineRate Point raised the same question over and over: isn't this just a software-version of BIG-IP? How do I know when to choose LineRate Point instead of BIG-IP VE (Virtual Edition)? Aren't they the same?? No, no they aren't. LineRate Point (and really Line Rate Precision, too) is more akin to an app proxy while BIG-IP VE remains, of course, an ADC (Application Delivery ...
Apr. 28, 2015 11:00 AM EDT Reads: 1,099
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
Apr. 28, 2015 11:00 AM EDT Reads: 2,648
No, not the head-banging, gritty, heavy metal Metallica song (though that's certainly awesome too.. excuse me for a moment while I turn it up to 11) but the Puppet as in automation kind of master. The importance placed on APIs - which are key to automation - in our State of Application Delivery 2015 survey was high, with 40% of respondents saying it was important to them that their infrastructure be API-enabled. Automation using those APIs is generally being accomplished through a variety of m...
Apr. 28, 2015 11:00 AM EDT Reads: 1,645
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch ...
Apr. 28, 2015 11:00 AM EDT Reads: 2,956
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
Apr. 28, 2015 11:00 AM EDT Reads: 2,169
So I guess we’ve officially entered a new era of lean and mean. I say this with the announcement of Ubuntu Snappy Core, “designed for lightweight cloud container hosts running Docker and for smart devices,” according to Canonical. “Snappy Ubuntu Core is the smallest Ubuntu available, designed for security and efficiency in devices or on the cloud.” This first version of Snappy Ubuntu Core features secure app containment and Docker 1.6 (1.5 in main release), is available on public clouds, ...
Apr. 28, 2015 10:45 AM EDT Reads: 1,564
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. In his session at 16th Cloud Expo, Haseeb Budhani, CEO and Co-founder of Soha, will share five common approaches that DevOps teams follow to secure access to applications deployed in AWS, Azure, etc., and the frict...
Apr. 28, 2015 10:30 AM EDT Reads: 1,750
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists will discuss how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations m...
Apr. 28, 2015 10:15 AM EDT Reads: 2,139
A few weeks ago, SmartBear hosted API Craft Boston with the folks from Akana, Ian Goldsmith and Laura Heritage, to talk about microservices. It was an extremely informative presentation of where microservices came from, what it solves, and considerations around how it might fit into an organizational API strategy. It’s one thing to read everyone else’s opinions on blogs, twitter, etc. It’s great to go to workshops and conferences, but this was so intelligently presented (and for a meetup too)...
Apr. 28, 2015 10:00 AM EDT Reads: 872
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? Join this panel of experts as they peel away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you’ll have no problem filling in your buzzword bingo cards.
Apr. 28, 2015 10:00 AM EDT Reads: 2,283
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Ras...
Apr. 28, 2015 10:00 AM EDT Reads: 3,099
SYS-CON Events announced today that Column Technologies, a global technology solutions company, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Established in 1998, Column Technologies is a leader in application performance and infrastructure management for commercial and federal markets. The company is headquartered in the United States, with a diverse and talented team of more than 350 employees around th...
Apr. 28, 2015 10:00 AM EDT Reads: 1,851
The only place to be June 9-11 is Cloud Expo & @ThingsExpo 2015 East at the Javits Center in New York City. Join us there as delegates from all over the world come to listen to and engage with speakers & sponsors from the leading Cloud Computing, IoT & Big Data companies. Cloud Expo & @ThingsExpo are the leading events covering the booming market of Cloud Computing, IoT & Big Data for the enterprise. Speakers from all over the world will be hand-picked for their ability to explore the economic...
Apr. 28, 2015 10:00 AM EDT Reads: 4,281
As a company making software for Continuous Delivery and Devops at scale, at XebiaLabs we’re pretty much always in discussions with users about the benefits and challenges of new development styles, application architectures, and runtime platforms. Unsurprisingly, many of these discussions right now focus on microservices on the application side and containers and related frameworks […]
SYS-CON Events announced today that CodeFutures, a leading supplier of database performance tools, has been named a “Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. CodeFutures is an independent software vendor focused on providing tools that deliver database performance tools that increase productivity during database development and increase database performance and scalability during production.
Apr. 28, 2015 10:00 AM EDT Reads: 3,350
SOA Software has changed its name to Akana. With roots in Web Services and SOA Governance, Akana has established itself as a leader in API Management and is expanding into cloud integration as an alternative to the traditional heavyweight enterprise service bus (ESB). The company recently announced that it achieved more than 90% year-over-year growth. As Akana, the company now addresses the evolution and diversification of SOA, unifying security, management, and DevOps across SOA, APIs, microser...
Apr. 28, 2015 09:15 AM EDT Reads: 2,477
An explosive combination of technology trends will be where ‘microservices’ and the IoT Internet of Things intersect, a concept we can describe by comparing it with a previous theme, the ‘X Internet.' The idea of using small self-contained application components has been popular since XML Web services began and a distributed computing future of smart fridges and kettles was imagined long back in the early Internet years.
Apr. 28, 2015 09:15 AM EDT Reads: 2,641