True story from the consulting trenches: the operations staff had left hours
ago, shaking their heads and reluctantly leaving the consultants to resolve a
problem with their code. It was well past midnight, in the middle of winter,
in a town many time zones from home. The project was late. Altogether, this
was an awkward situation that you probably know well.
The consultants - falling into that murky classification of not quite
outsider, nor regular employee - worked from hobbled accounts; the security
staff were pros and took their charge seriously. By 2:00 a.m., the group was
stuck. They needed to change a properties file residing on a remote server,
but the distributed file system wouldn't allow it, rightfully sneering at the
group like the grubbiest serfs in the kingdom. But there was a Web server...
...And this server was running as root. Before you could say "ex... (more)
Cloud Expo on Ulitzer Technology Review has published an interview with
cryptography pioneer Whitfield Diffie that is worth reading. I had the great
pleasure of presenting to Whit down at the Sun campus. He is a great
scientist and a gentleman.
In this interview, Diffie–who is now a visiting professor at Royal
Holloway, University of London–draws an interesting analogy between cloud
computing and air travel:
“Whitfield Diffie: The effect of the growing dependence on cloud computing
is similar to that of our dependence on public transportation, particularly
air transportation, wh... (more)
Cloud Security Journal on Ulitzer
Two weeks ago, I delivered a webinar about new security models in the cloud
with Anne Thomas Manes from Burton Group. Anne had one slide in particular,
borrowed from her colleague Dan Blum, which I liked so much I actually
re-structured my own material around it. Let me share it with you:
This graphic does the finest job I have seen of clearly articulating where
the boundaries of control lie under the different models of cloud computing.
Cloud, after all, is really about surrendering control: we delegate
management of infrastructure, application... (more)
I recently had a great, freewheeling discussion with Daniel Raskin, Sun’s
Chief Identity Strategist. Daniel runs the Identity Buzz podcasts. We talked
about issues in identity and entitlement enforcement in SOA, compliance, and
the problems you run into as you move into new environments like the cloud.
Daniel’s post about our podcast is on his blog. You can download the
podcast directly right here.
SOA in the Cloud
It’s that time when we look back on one year and forward to the next.
Over at the eBizQ forum Peter Schooff asked about SOA’s past and future:
What Developments in SOA Are You Most Thankful For This Year?
What Do You Think Will be the Biggest Trend or Development for SOA in 2010?