yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Reinventing the Handshake | @CloudExpo #Cloud #Security
The concept of brokered or arbitrated connection management has taken hold in the form of the connectivity model

My father used to tell me that the key to success in life was to look people in the eye and give them a firm handshake. But the art of the handshake seems to have died in my generation. I grew up in the era of high fives, forearm smashes and fist pumps. I played baseball, so there were also a lot of butt pats, (but let's not go into that). It seems like the importance of handshakes and eye-to-eye contact have diminished even further in my daughter's generation. Every day I watch her friends look down at their smartphones while texting each other "omg hi bff" as they greet each other at school or at the mall.

My father is gone now. But he wouldn't like that.

It seems like the nature of handshakes is changing in the world of networking security as well, but in this case it is a good trend.

To explain that, let me provide some background. We all know that TCP/IP-based networking has proven to be hugely scalable and flexible. There are several reasons for that. One is the separation of responsibility between the network layer (IP) and the connection layer (usually TCP, sometimes UDP). The network layer focuses on efficiently moving packets from point A to point B on a large scale. The connection layer focuses on establishing and optimizing data transfer between point A and point B. Has it worked? Hundreds of millions of connected endpoints, moving steadily towards tens of billions, would tell you it has.

Up until now, the trick at the connection layer was to allow point A and point B to create a connection between them using a bi-directional handshake. That way, billions of different point A's across the world can independently be connecting with billions of different points B's across the world with no shared resource getting in the way other than the luck of the draw of common path elements (e.g., common network links, shared servers).

This has created great scale. But ... it has also led to almost all of the network-related cybersecurity issues we struggle with today.

This is why the concept of brokered or arbitrated connection management has taken hold in the form of the connectivity model. Named Software Defined Perimeter (SDP), this model is being promoted by Cloud Security Alliance. Using SDP, applications, services, and servers are isolated from users (or other servers or IoT devices) by an SDP Gateway, which is a dynamically configured TCP Gateway. There is no connectivity that can be directly created via the traditional bi-directional handshake. The Gateway rejects all attempts at establishing connectivity unless users and endpoints are "pre-approved" by a third-party arbitrator. This third-party role is played by the SDP Controller. Endpoints desiring connectivity to a destination protected by an SDP Gateway don't bother to send a connection request to that destination. Instead they "apply" for connectivity to the SDP Controller, who determines if they are trusted.

Trust assessment means device authentication, user authentication, and a set of context-based information that will continue to expand over time - location, BYOD vs. managed device, software posture, software integrity, etc. The goal is to evaluate overall trust as much as possible before allowing connectivity. If satisfied, the SDP Gateway dynamically configures the TCP Gateways to allow connectivity to trusted authorized users. The systems isolated and protected by the SDP gateways are never exposed to attackers who have stolen credentials. They are also exposed to unauthorized users looking to exploit server or application vulnerabilities, trying to move laterally in a persistent search for access to sensitive data, or just want to deny service to others via bandwidth or resource starvation attacks.

Call it what you will; three-way handshake, arbitrated connection control, brokered connection management. Vocabulary may vary until the world agrees on some common terms. But no matter what you call it, one adjective applies - powerful.

My father would be happy that the handshake is back and even better than ever.

About Mark Hoover
Mark Hoover is CEO of Vidder Security. He has been involved in the technology and market development of security and networking technologies over a period of almost 30 years, including Firewalls, VPNs, IP routing, ATM, Gigabit Ethernet Switching, and load balancers.

Most recently, he has been a Venture Partner at Woodside Fund for two years. Prior to that he was the president of Acuitive, a strategic marketing consulting firm that helped define product and market strategies for start-ups, including Brocade, Alteon Websystems, Netscreen, Maverick Semiconductor, Redline Networks, and many others. He started his career at AT&T Bell Labs and moved to SynOptics/Bay Networks before founding Acuitive.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to inte...
Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, and innovation. But in order to get to that collaboration rainbow, you need the cloud! In this presentation, we'll cover three areas: First - the rainbow of benefits from cloud co...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the prem...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers