Tag Archive for: SaaS

Dan Benton

Security and The Cloud

/1 Comment/in /by

Don’t worry this isn’t going to be another post on how security is holding up cloud adoption or how the cloud is destroying security.  There is already too much negativity regarding the reporting of security news (some would say all news).  I do however want to discuss how security is changing due to the cloud and cloud technologies.  In my opinion cloud computing is actually good for security.

What’s in a word

I probably use the word “cloud” too much, I realise it’s an industry buzzword for something that has been around for ages but it works.  Call it Outsourcing, Virtulisation, SaaS or Utility Computing, they are all variations of Internet computing by machines that you do not directly own and have just licensed for the time that you need.

The ring of steel

For years security experts have been saying that companies should stop using the idea of a ring of steel around their internal network. The concept that you are either connected to the internal (trusted) network or the external (untrusted) network is very outdated and just doesn’t work with today’s computing use but companies still insist on using it.

While people have tried to adopt this topology to greater granularity with “Chinese firewalls” (lets separate accounts from development) people will continue to have to move data around between areas of the business to do their work and it quickly becomes an IT vs Business battle.

With more companies needing to get company data outside the building either to access it from a smartphone or share the data with another company the whole procedure falls down altogether.

Smaller rings

One solution is to adapt the model to it’s ultimate conclusion.  A ring of steel for each machine/job/task.  Until now this has been an impossible task, from a practice standpoint but now that companies are moving to cloud and virtual environments resources can be configured in any way needed.  No longer are you required to physically move cables in the patch room to change a networks topology.  Instead of one server with one operating system running web, email and any number of other tasks you can have that same server with many operating systems all locked down to do their one job well.  Most servers in the cloud and virtual environments come with their own firewall and authentication mechanism that can be easily managed on mass.  How many hardware server rooms can say that?

Outside is inside

Given this new model there is no need to have a “corporate firewall” on the edge of your network at all.  Why not let the internet in?  This is in fact what we do at Dogsbody Technology. Every machine on the network is public and even internal switching is treated as public.  If we want to move a private file from one machine to another it needs to be done in a secure/encrypted way.  While that sounds like a lot of work it really isn’t.  You save on a lot of infrastructure from not having to worry about a locked down network and while it does take a while to setup safe transfer methods, once you are set up there is no difference between transferring a private file to the computer next to you or a computer the other side of the world.

Not the end of the story

Of course, like all security, this is not the end of the story and will not fix all your issues.  Monitoring and company policy are still required to stop, find and block exceptions but we’ll discuss that in a separate blog post.

If you have any questions or comments reading this post them please do leave a comment below or contact Dogsbody Technology for more information.

Dan Benton

What’s in a name?

/0 Comments/in /by

Cloud computing is often regarded as a horrible buzzword that is thrown around at every opportunity.  This may be true but it may also be better and easier than some of the alternatives. In this article we look at the differences between the three main types of cloud computing and why there is so much confusion.

SaaS – Software as a Service

Chances are you have been using SaaS for ages and not even known about it. Webmail anyone? SaaS allows you to use a program or software as a free (Gmail) or paid for (Salesforce.com) subscription service. Customers rely on the vendor to maintain and update the product for them saving the time and energy required to setup and run these services themselves in house. Google is really running with this concept from calendaring, word processing and even mapping being possible from any web browser. Having software run externally also allows for very easy roaming as any user can access their data from anywhere in the world.

PaaS – Platform as a Service

The PaaS layer offers savings for both the customer and the developer but at the cost of functionality and control. Examples of PaaS are Google’s App Engine and the Force.com platform.  The PaaS supplier provides a standard programming environment, usually with API’s that allow for easily utilising certain off the shelf tools such as redundant storage and databases.  Developers can quickly create tools and products that can be sold with all the advantages of SaaS services without having to get their hands dirty building fully secure and redundant systems from scratch.

IaaS – Infrastructure as a Service

Purists say that IaaS is the only one that deserves to be called Cloud Computing. For years companies have purchased or rented servers in data centres to run their applications. While it was great to have your own box it was up to you to make it robust and redundant enough to cope with everything the Internet throws at you. IaaS providers such as Rackspace and ElasticHosts virtualise their data centres and sell virtual servers with the same power as the physical server you had but with the added benefit of redundancy and a large cost saving. Because virtual machines can be turned on and off at will and with most providers billing by the hour or minute it is very easy to cope with peaks in demand. Instead of using one server to process some data over 20 hours you can use 20 servers and have your answer in one hour.

There are always exceptions

Of course no labelling would be complete without some blurring of the lines. Amazon have successfully managed to confuse things with their very popular AWS products. While their S3 service is a PaaS product, their EC2 service is sold and commonly referred to as a IaaS product.  However there are a number of proprietary tools and calls that you must use which many argue makes it a PaaS product too.

Whatever your views (and there are many), Dogsbody Technology can help you understand what is right for you and your business.  If you have any questions regarding this post or suggestions for articles on more subjects then please do comment below or drop us a line.