Protecting truckloads of data on the information superhighway

SSL Journal

Subscribe to SSL Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SSL Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

I saw this tweet this morning and I thought "+1" (I guess I am a geek if I am thinking in Digg/Slashdot shorthand). The problem is that in Information Security, "security" is all-too-often used to mean only encryption. A line is considered "secure" if it's encrypted. But often, the real "security" requirements are much broader and include management (as in access management, identity management), business continuity defense against denial-of-service, and privacy. I think language is a big issue here. I've always found it interesting that in German, the words for "security" and "certainty" (sicherheit, literally "sureness") are the same. In French, the words for "safety" and "security" are also the same (sûreté, again literally "sureness"). So, in those languages, "security" has a broad definition, incorporating senses of dependability, management, and safety. I can s... (more)

How to Enable Service Virtualization Across Hosts

One of the core patterns for a Gateway is "Service Virtualization". Service Virtualization means that an organization can expose virtual services in front of its infrastructure. These virtual services can take the form of lightweight REST APIs or heavyweight SOAP Web Services. The Service Virtualization pattern enables you to do neat things, like expose a REST service in front of a SOAP service, and convert REST to SOAP dynamically at the Gateway. You can also use the Gateway to deploy a virtual service in front of a database, or a message queue, or an ESB. But how does it work? The answer comes down to how the virtual service is advertised to the client. Remember that service interfaces are generally advertised using WSDL (and as of WSDL 2.0, this applies to REST API interfaces as well as SOAP). WSDL includes the address of the service provider host. When the Gatew... (more)

It's Like Load Balancing. On Steroids

What is this application delivery thing that everyone keeps telling me I need? Isn’t that just the latest marketing term for load balancing? A recently released Forrester report concludes that “firms must develop and integrated strategy for application delivery.” We don’t disagree with that, or with the Gartner report claiming that “Load Balancing is Dead, Time to Focus on Application Delivery.” Application delivery is the next step in the logical evolutionary path from the tactical solution of load balancing to a comprehensive application infrastructure strategy. Forrester’s research indicates that despite the fact that application delivery makes sense, many organizations are still operating in a very tactical, problem-resolution oriented manner. Application Delivery Takes Center Stage Top infrastructure initiatives — like consolidation and virtualization — are fo... (more)

If Load Balancers Are Dead Why Do We Keep Talking About Them?

Commoditized from solution to feature, from feature to function, load balancing is no longer a solution but rather a function of more advanced solutions that’s still an integral component for highly-available, fault-tolerant applications. Unashamed Parody of Monty Python and the Holy Grail Load balancers: I'm not dead. The Market: 'Ere, it says it’s not dead. Analysts: Yes it is. Load balancers: I'm not. The Market: It isn't. Analysts: Well, it will be soon, it’s very ill. Load balancers: I'm getting better. Analysts: No you're not, you'll be stone dead in a moment. Earlier this year, amidst all the other (perhaps exaggerated) technology deaths, Gartner declared that Load Balancers are Dead. It may come as surprise, then,  that application delivery network folks keep talking about them. As do users, customers, partners, and everyone else under the sun. In fact, with the... (more)

How to Secure vCloud Director and the vCloud API

This year’s VMworld conference saw the announcement of VMware’s new vCloud Director product, a culmination of the vision for the cloud computing the company articulated last year and a significant step forward in providing a true enterprise-grade cloud. This is virtualization 2.0—a major rethink about how IT should deliver infrastructure services. VMware believes that the secure hybrid cloud is the future of enterprise IT, and given their success of late it is hard to argue against them. vCloud Director (vCD) is interesting because it avoids the classic virtualization metaphors rooted in the physical world—hosts, SANs, and networks—and instead promotes a resource-centric view contained with the virtual datacenter (VDC). vCD pools resources into logical groupings that carry an associated cost. This ability to monetize is important not just in public clouds, but for ... (more)

Advanced Load Balancing for Developers

It has been a while since I wrote an installment of Load Balancing for Developers, and now I think it has been too long, but never fear, this is the grad-daddy of Load Balancing for Developers blogs, covering a useful bit of information about Application Delivery Controllers that you might want to take advantage of. For those who have joined us since my last installment, feel free to check out the entire list of blog entries (along with related blog entries) here, though I assure you that this installment, like most of the others, does not require you to have read those that went before. ZapNGo! Is still a growing enterprise, now with several dozen complex applications and a high availability architecture that spans datacenters and the cloud. While the organization relies upon its web properties to generate revenue, those properties have been going along fine with y... (more)

The Encrypted Elephant in the Cloud Room

Anyone who’s been around cryptography for a while understands that secure key management is a critical foundation for any security strategy involving encryption. Back in the day it was SSL, and an entire industry of solutions grew up specifically aimed at protecting the key to the kingdom – the master key. Tamper-resistant hardware devices are still required for some US Federal security standards under the FIPS banner, with specific security protections at the network and software levels providing additional assurance that the ever important key remains safe. In many cases it’s advised that the master key is not even kept on the same premises as the systems that use it. It must be locked up, safely, offsite; transported via a secure briefcase, handcuffed to a security officer and guarded by dire wolves. With very, very big teeth. No, I am not exaggerating. At least ... (more)

Windows 8 Notifications: Leveraging Azure Storage

When incorporating images into your toast and tile notifications, there are three options for hosting those images: within the application package itself, using an ms-appx:/// URI, within local application storage, using an ms-appdata:///local URI, or on the web using an HTTP or HTTPS URI. The primary advantage of hosting images on the web is that it insulates the application from changes to those images.  The images hosted on the web can be modified or refined without requiring an update to the application, which both necessitates a resubmission to the Windows Store and relies on users to update the application. Windows Azure, Microsoft’s public cloud offering, can be an incredibly convenient and cost effective way to manage the images used in notifications. The easiest way to serve image content from Windows Azure is via blob storage, which provides highly scalabl... (more)

The HIPAA Final Rule and Staying Compliant in the Cloud

The HIPAA Omnibus Final Rule went into effect on March 26, 2013.  In order to stay compliant, the date for fulfilling the new rules is September 23, 2013, except for companies operating under existing “business associate agreements (BAA),” may be allowed an extension until September 23, 2014. As healthcare and patient data move to the cloud, HIPAA compliance issues follow.  With many vendors, consultants, internal and external IT departments at work, the question of who is responsible for compliance comes up quite often.  Not all organizations are equipped or experienced to meet the HIPAA compliance rules by themselves.  Due to the nature of the data and the privacy rules of patients, it is important to secure the data correctly the first time. HIPAA and the Cloud Do you have to build your own cloud HIPAA compliance solutions from scratch?  The short answer is no. ... (more)

Server Based Computing Network in Just a few Mouse Clicks

BERLIN, February 9 /PRNewswire/ -- - The 2nd Edition of the Remote Desktop Suite has a Best Practice Wizard and innovative sales concept to enable setup of a secure Remote Desktop environment within minutes In front of 200 partners at the fourth ThinPrint International Channel Conference in Berlin, ThinPrint, the experts for infrastructure solutions and for printing in distributed networks, announced the Second Edition of the Remote Desktop Suite Standard. The software targets small and middle- sized businesses that want to set up a low-cost, secure server based computing architecture using Microsoft Terminal Services with Windows Server 2003. The Best Practice Wizard is an extremely easy-to-use program that allows businesses to turn a Windows Server 2003 into a secure Remote Desktop environment incl. print management and certificate based SSL encryption in only 5-... (more)

Considering the SOA Reference Model

(SYS-CON Media) - The main drivers for SOA-based architectures are to facilitate the manageable growth of large-scale enterprise systems, to facilitate Internet-scale provisioning and the use of services, and to reduce the cost of organization-to-organization cooperation - SOA RM When approaching a SOA implementation, I would like to consider two fundamental questions that many developers ask: 1)  What's the difference between service-oriented and service-based architectures? 2)  What special architecture elements are defined by the SOA RM? In my opinion, the answer to the first is in the difference between the words oriented and based. I believe that smart IT organizations offer a lot of services already because the technical benefits of services have been well known for a while. However, the applications based on these services are still monolithic and don't provide ... (more)