Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
The Benefits of the Cloud
Assessing and mitigating the risk posed by application vulnerabilities deployed in the cloud

Cloud computing is immensely popular with companies and government agencies in search of revolutionary cost savings and operational flexibility. According to industry research firm IDC, cloud computing's growth trajectory is, at 27% CAGR, more than five times the growth rate of the traditional, on-premise IT delivery/consumption model. [1]

Cloud computing practitioners cite numerous benefits, but most often point to two fundamental benefits:

  • Adaptability: An enterprise can get computing resources implemented in record time, for a fraction of the cost of an on-premise solution, and then shut them off just as easily. IT departments are free to scale capacity up and down as usage demands at will, with no up-front network, hardware or storage investment required. Users can access information wherever they are, rather than having to remain at their desks.
  • Cost Reduction: Cloud computing follows a model in which service costs are based on consumption and make use of highly shared infrastructure. Companies pay for only what they use and providers can spread their costs across multiple customers. In addition to deferring additional infrastructure investment, IT can scale its budget spend up and down just as flexibly. This leads to an order of magnitude cost savings that wasn't possible with 100% proprietary infrastructure.

Other benefits of the cloud include collaboration, scaling and availability, but revolutionary cost savings and the almost "instant gratification" offered by the agility of the cloud will be the key contributors to adoption of the cloud.

What Is the Cloud?
So much has been written, advertised and discussed about cloud computing, it is appropriate to define the term for common understanding. Cloud computing generally describes a method to supplement, consume and deliver IT services over the Internet. Web-based network resources, software and data services are shared under multi-tenancy and provided on-demand to customers. It is this central tenet of sharing - and the standardization it implies - that is the enabler of cloud computing's core benefits. Cloud computing providers can amortize their costs across many clients and pass these savings on to them. This paradigm shift in computing infrastructure was a logical byproduct and consequence of the ease-of-access to remote and virtual computing sites provided by the Internet.

The U.S. National Institute of Standards & Technology (NIST) defines four cloud deployment models:

  1. Private Cloud, wherein the cloud infrastructure is owned or leased by a single organization and is operated solely for that organization
  2. Community Cloud, wherein the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns, including security requirements
  3. Public Cloud, wherein the cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group
  4. Hybrid Cloud, wherein the cloud infrastructure is a composition of two or more cloud models that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability

NIST's definition of cloud computing not only defines how infrastructure is shared, but also outlines what will be shared. These service models shift the burden of security accordingly between provider and user:

Software-as-a-Service, or "SaaS," is the most mature of the cloud services. SaaS offers a "soup to nuts" environment for consumption of a common application on demand via a browser. Typically, the customer controls little or nothing to do with the application, or anything else for that matter, and is only allowed to configure user settings. Security is completely controlled by the vendor. Examples of providers include Salesforce.com, Workday, and Mint.com.

Platform-as-a-Service, or "PaaS", is an emerging cloud service model. The customer is able to develop applications and deploy onto the cloud infrastructure using programming languages and tools supported by the cloud service provider. They are not able to control the actual infrastructure - such as network, OS, servers or storage - the platform itself. Because the customer controls application hosting configurations as well as development, responsibility for software security shifts largely to their hands. Examples include Google App Engine and Amazon Web Services.

Infrastructure-as-a-Service, or "IaaS," is where even more of the infrastructure is exposed to multi-tenant users. The cloud service provider provisions processing, storage, networks and other fundamental computing resources. The customer is able to deploy and run arbitrary software, which can include operating systems and deployed applications. Software security in this deployment model is completely in the customer's hands, including such components as firewalls. Examples include Amazon Elastic Compute Cloud and Rackspace Cloud.

While SaaS gained popularity as an alternative to on-premise software licensing, the models that are driving much of the current interest in cloud computing are the PaaS and IaaS models. Enterprises are especially drawn to the alternative development infrastructure and data center strategies that PaaS and IaaS offer. At this point in time, smaller enterprises seem to have more traction with PaaS, enabling them to rapidly bring websites to market; whereas larger enterprises are more comfortable beginning their cloud deployments with an existing application moved to an IaaS cloud service.

How Do We Fully Realize the Benefits of the Cloud?
Realizing the cloud's benefits is greatly determined by the trustworthiness of the cloud infrastructure - in particular the software applications that control private data and automate critical processes. Cyber-threats increasingly target these applications, leaving IT organizations forced to sub-optimize the cloud deployments containing this software, limiting flexibility and cost savings.  Assuring the inherent security of software, therefore, is a key factor to unlock the power of cloud computing and realize its ultimate flexibility and cost benefits.

Recommended Approaches to Cloud Software Security
According to the Cloud Security Alliance, a not-for-profit organization promoting security assurance best practices in cloud computing, the ultimate approach to software security in this unique environment must be both tactical and strategic. Some of their detailed recommendations include the following:

  • Pay attention to application security architecture, tracking dynamic dependencies to the level of discrete third-party service providers and making modifications as necessary
  • Use a software development life cycle (SDLC) model that integrates the particular challenges of a cloud computing deployment environment throughout its processes
  • Understand the ownership of tools and services such as software testing, including the ramifications of who provides, owns, operates, and assumes responsibility
  • Track new and emerging vulnerabilities, both with web applications as well as machine-to-machine service-oriented architecture (SOA), which is increasingly cloud-based

The key to achieving the benefits of the cloud and to putting the above recommendations into practice is Software Security Assurance, or "SSA."  Recognized by leading authorities such as CERT and NIST, SSA is is a risk-managed approach to improving the inherent security of software, from the inside.  There are three steps to a successful SSA program:

  1. Find and fix vulnerabilities in existing applications before they are moved into a cloud environment
  2. Audit new code/applications for resiliency in the target cloud environment
  3. Establish a remediation / feedback loop with software developers and outside vendors to deal with on-going issues and remediation.

To realize the full benefits of cloud computing, organizations must assess and mitigate the risk posed by application vulnerabilities deployed in the cloud with equal vigor as those within their own data center. It is only then that they will be able to take full advantage of cloud computing to save cost and increase the efficiency of their business.

Reference

  1. Worldwide IT Cloud Services Spending, 2008-2012, IDC, October 2008

Resources

About Michael Armistead
Michael Armistead is the Founder & Vice President of Corporate Development at Fortify Software. He co-founded Fortify Software in 2003 with a conviction that information security and software development could work together in unison to secure applications at the source from common threats to the data they contain. With an extensive career in development tools and various leadership roles, Mike is a driving force of the overall strategy and has been instrumental in the aggressive market penetration of Fortify to date. Mike holds a BS and MS in Management Science & Engineering from Stanford University.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitiga...
DevOps promotes continuous improvement through a culture of collaboration. But in real terms, how do you: Integrate activities across diverse teams and services? Make objective decisions with system-wide visibility? Use feedback loops to enable learning and improvement? With tec...
"Digital transformation - what we knew about it in the past has been redefined. Automation is going to play such a huge role in that because the culture, the technology, and the business operations are being shifted now," stated Brian Boeggeman, VP of Alliances & Partnerships at ...
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery,...
"WineSOFT is a software company making proxy server software, which is widely used in the telecommunication industry or the content delivery networks or e-commerce," explained Jonathan Ahn, COO of WineSOFT, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 201...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE