Comments for Fast Lane UK Blog http://www.flane.co.uk/blog Sharing Ideas and Knowledge Sun, 23 Sep 2012 20:42:33 +0000 hourly 1 http://wordpress.org/?v=3.3.2 Comment on 3 in Demand Skills required for the DoD 8570 Cyber Security / IA Workforce by creatine http://www.flane.co.uk/blog/2010/06/04/3-in-demand-skills-required-for-the-dod-8570-cyber-security-ia-workforce/comment-page-1/#comment-454 creatine Sun, 23 Sep 2012 20:42:33 +0000 http://www.fastlaneus.com/blog/?p=156#comment-454 <strong>Title...</strong> Wonderful website. A lot of useful info here. I am sending it to several friends ans also sharing in delicious. And obviously, thanks for your effort!... Title…

Wonderful website. A lot of useful info here. I am sending it to several friends ans also sharing in delicious. And obviously, thanks for your effort!…

]]> Comment on New Forum on Secure Borderless Networks by creatine monohydrate http://www.flane.co.uk/blog/2011/01/20/new-forum-on-secure-borderless-networks/comment-page-1/#comment-453 creatine monohydrate Sun, 23 Sep 2012 20:30:42 +0000 http://www.fastlaneus.com/blog/?p=238#comment-453 <strong>Title...</strong> Wow that was strange. I just wrote an really long comment but after I clicked submit my comment didn't appear. Grrrr... well I'm not writing all that over again. Anyways, just wanted to say fantastic blog!... Title…

Wow that was strange. I just wrote an really long comment but after I clicked submit my comment didn’t appear. Grrrr… well I’m not writing all that over again. Anyways, just wanted to say fantastic blog!…

]]> Comment on Cisco believes in cloud networking future by creatine monohydrate http://www.flane.co.uk/blog/2010/06/30/cisco-beliefs-in-cloud-networking-future/comment-page-1/#comment-452 creatine monohydrate Sun, 23 Sep 2012 20:04:09 +0000 http://www.fastlaneus.com/blog/2010/06/30/cisco-beliefs-in-cloud-networking-future/#comment-452 <strong>Title...</strong> You really make it appear so easy along with your presentation but I find this topic to be really something that I believe I would by no means understand. It kind of feels too complex and extremely wide for me. I am looking ahead in your subsequent sub... Title…

You really make it appear so easy along with your presentation but I find this topic to be really something that I believe I would by no means understand. It kind of feels too complex and extremely wide for me. I am looking ahead in your subsequent sub…

]]> Comment on NetApp Storage Efficiencies: Flexible Volumes by NetApp Storage Efficiencies: FlexClones – Fast Lane US Blog http://www.flane.co.uk/blog/2010/04/28/netapp-storage-efficiencies-flexible-volumes/comment-page-1/#comment-46 NetApp Storage Efficiencies: FlexClones – Fast Lane US Blog Fri, 20 Aug 2010 15:11:50 +0000 http://www.fastlaneus.com/blog/?p=92#comment-46 [...] to install the FlexClone license. If you are not familiar with Flexible Volumes, please visit my Flexible Volumes blog post. FlexClone clones are based on Snapshots. Because snapshots share blocks with the active file [...] [...] to install the FlexClone license. If you are not familiar with Flexible Volumes, please visit my Flexible Volumes blog post. FlexClone clones are based on Snapshots. Because snapshots share blocks with the active file [...]

]]> Comment on Top 10 concerns facing Cloud Cyber Security Warriors by Barry Kaufman http://www.flane.co.uk/blog/2010/06/16/top-10-concerns-facing-cloud-cyber-security-warriors/comment-page-1/#comment-40 Barry Kaufman Tue, 06 Jul 2010 16:07:07 +0000 http://www.fastlaneus.com/blog/?p=180#comment-40 Hi Cloud Ninja, I would say that the updated BP doc on the Azure Solution does in fact answer my concerns. I will keep an eye on how Azure fairs in terms of Cloud Security. Thanks, Barry Hi Cloud Ninja,

I would say that the updated BP doc on the Azure Solution does in fact answer my concerns. I will keep an eye on how Azure fairs in terms of Cloud Security.

Thanks,

Barry

]]> Comment on Cisco Cius, next generation tablet by World Wide News Flash http://www.flane.co.uk/blog/2010/06/30/cisco-cius-next-generation-tablet/comment-page-1/#comment-37 World Wide News Flash Wed, 30 Jun 2010 18:25:01 +0000 http://www.fastlaneus.com/blog/2010/06/30/cisco-cius-next-generation-tablet/#comment-37 <strong>Cisco Cius, next generation tablet ? Fast Lane US Blog...</strong> I found your entry interesting do I've added a Trackback to it on my weblog :)... Cisco Cius, next generation tablet ? Fast Lane US Blog…

I found your entry interesting do I’ve added a Trackback to it on my weblog :)

]]> Comment on Top 10 concerns facing Cloud Cyber Security Warriors by Cloud Ninja http://www.flane.co.uk/blog/2010/06/16/top-10-concerns-facing-cloud-cyber-security-warriors/comment-page-1/#comment-35 Cloud Ninja Fri, 25 Jun 2010 20:10:10 +0000 http://www.fastlaneus.com/blog/?p=180#comment-35 Barry - you raise some great points - here's a refreshed Security BP doc [June 2010] & addresses them. Let me know. -cn http://www.globalfoundationservices.com/security/documents/SecurityBestPracticesWindowsAzureApps.pdf Barry – you raise some great points – here’s a refreshed Security BP doc [June 2010] & addresses them. Let me know.
-cn
http://www.globalfoundationservices.com/security/documents/SecurityBestPracticesWindowsAzureApps.pdf

]]> Comment on Top 10 concerns facing Cloud Cyber Security Warriors by Barry Kaufman http://www.flane.co.uk/blog/2010/06/16/top-10-concerns-facing-cloud-cyber-security-warriors/comment-page-1/#comment-29 Barry Kaufman Thu, 17 Jun 2010 14:45:02 +0000 http://www.fastlaneus.com/blog/?p=180#comment-29 And to follow up on the standards issue raised in the previous post, for a couple of good looks at Vendor Neutral approaches to securing the cloud: 1. The CSA's Cloud Security Controls matrix does a nice job of attempting fill in the gaps regarding compliance initiatives like PCI and HIPAA, with this Matrix that guides cloud providers and customers on how to vet security controls in place: http://www.cloudsecurityalliance.org/cm.html 2. The Cloud Audit group released some of this info as recently as last week, focused on the unique aspects of auditing the cloud: http://bit.ly/cN9lnR And to follow up on the standards issue raised in the previous post, for a couple of good looks at Vendor Neutral approaches to securing the cloud:

1. The CSA’s Cloud Security Controls matrix does a nice job of attempting fill in the gaps regarding compliance initiatives like PCI and HIPAA, with this Matrix that guides cloud providers and customers on how to vet security controls in place: http://www.cloudsecurityalliance.org/cm.html

2. The Cloud Audit group released some of this info as recently as last week, focused on the unique aspects of auditing the cloud: http://bit.ly/cN9lnR

]]> Comment on Top 10 concerns facing Cloud Cyber Security Warriors by Barry Kaufman http://www.flane.co.uk/blog/2010/06/16/top-10-concerns-facing-cloud-cyber-security-warriors/comment-page-1/#comment-27 Barry Kaufman Thu, 17 Jun 2010 14:34:44 +0000 http://www.fastlaneus.com/blog/?p=180#comment-27 Hi Cloud Ninja, thanks for adding the MS dimension to the discussion. Certainly MS security controls are a key part of the overall picture, and I am a big fan of the work done by MS on SDL and threat modeling. I worked with your guys David LeBlanc and Michael Howard on turning their seminal work, Writing Secure Code, into several different courses. On the project I had the good fortune of having Dinis Cruz, thought leader of OWASP on my team, and we all had robust discussions over a year or so on Application Security within the context of MS environments. At the time, one contentious issue was perhaps a precursor to my key concern with Cloud Security: the Secure Multi-Tenancy issue. Back in those days (2003/2004) Dinis and others expressed a great deal of concern with the insecure design inherent in the Full Trust ASP.NET model, particularly as it relates to co-hosting of entities on the same servers (see http://bit.ly/aTbkBY for more info on this MS Security melodrama). From the links you sent me, I see your services are following general best practices, many that MS has had a good part in developing and evangelizing, but I am not seeing any detail beyond the generalities on how the physical aspects of MS cloud services are secured. How do you deal with the lower layers of the IP stack? What standard are you working with in terms of the architecture in the data center? Is there any VMware behind the platform, or is it all HyperV? How is MS dealing with the differences inherent in the cloud? I also see that the documents you referred to bragging about being SAS 70 and ISO 27001 compliant, both of which, as I mentioned in the blog are not up to date in terms of Cloud Security's different set of concerns. Again, thanks for adding your comments, and hopefully we can keep a dialogue going. Barry Hi Cloud Ninja, thanks for adding the MS dimension to the discussion. Certainly MS security controls are a key part of the overall picture, and I am a big fan of the work done by MS on SDL and threat modeling. I worked with your guys David LeBlanc and Michael Howard on turning their seminal work, Writing Secure Code, into several different courses. On the project I had the good fortune of having Dinis Cruz, thought leader of OWASP on my team, and we all had robust discussions over a year or so on Application Security within the context of MS environments.

At the time, one contentious issue was perhaps a precursor to my key concern with Cloud Security: the Secure Multi-Tenancy issue. Back in those days (2003/2004) Dinis and others expressed a great deal of concern with the insecure design inherent in the Full Trust ASP.NET model, particularly as it relates to co-hosting of entities on the same servers (see http://bit.ly/aTbkBY for more info on this MS Security melodrama).

From the links you sent me, I see your services are following general best practices, many that MS has had a good part in developing and evangelizing, but I am not seeing any detail beyond the generalities on how the physical aspects of MS cloud services are secured. How do you deal with the lower layers of the IP stack? What standard are you working with in terms of the architecture in the data center? Is there any VMware behind the platform, or is it all HyperV? How is MS dealing with the differences inherent in the cloud? I also see that the documents you referred to bragging about being SAS 70 and ISO 27001 compliant, both of which, as I mentioned in the blog are not up to date in terms of Cloud Security’s different set of concerns.

Again, thanks for adding your comments, and hopefully we can keep a dialogue going.

Barry

]]> Comment on Top 10 concerns facing Cloud Cyber Security Warriors by Cloud Ninja http://www.flane.co.uk/blog/2010/06/16/top-10-concerns-facing-cloud-cyber-security-warriors/comment-page-1/#comment-26 Cloud Ninja Wed, 16 Jun 2010 22:03:40 +0000 http://www.fastlaneus.com/blog/?p=180#comment-26 This is a great outline of important security issues. IMHO, when considering security, 2 items need to be addressed: 1) Physical security of the hardware 2) Security of the Data - here are some resources I've found that discuss this and act as guidelines when considering security and the cloud: Physical security: http://www.globalfoundationservices.com/security/index.html http://www.globalfoundationservices.com/security/documents/SecuringtheMSCloudMay09.pdf Data Security: http://www.research.microsoft.com/en-us/projects/cryptocloud/ http://www.research.microsoft.com/en-us/projects/secpal/ thoughts? hope that helps -cn This is a great outline of important security issues. IMHO, when considering security, 2 items need to be addressed:
1) Physical security of the hardware 2) Security of the Data – here are some resources I’ve found that discuss this and act as guidelines when considering security and the cloud:

Physical security:
http://www.globalfoundationservices.com/security/index.html
http://www.globalfoundationservices.com/security/documents/SecuringtheMSCloudMay09.pdf

Data Security:
http://www.research.microsoft.com/en-us/projects/cryptocloud/
http://www.research.microsoft.com/en-us/projects/secpal/

thoughts?

hope that helps
-cn

]]>