DR. JEFF DANIELS
  • Home
  • About
  • Publications and Speaking
  • Contact
Digital Transformation | Leader | Professor

Who can you trust in the cloud? A review of security issues within cloud computing

10/25/2011

16 Comments

 
John Roberts and Wasim Al-Hamdani presented on cloud security in the InfoSecCD '11 Proceedings of the 2011 Information Security Curriculum Development Conference.
Interesting resources in the bibliography section:

  1. Y. Chen, V. Paxson, and R. Katz. What's New About Cloud Computing Security? Technical Report UCB/EECS-2010-5, Berkeley, 2010  
  2. Pianese, F., Bosch, P., Alessandro, D., Janssens, N., Stathopoulos, T., and Steiner, M. 2010. Toward a Cloud Operating System. Network Operations and Management Symposium Workshops (NOMS Wksps).  
  3. Jensen, M., Schwenk, J., Gruschka, N., and Iacono, L. 2009. On technical Security Issues in Cloud Computing. IEEE International Conference on Cloud Computing.  
  4. Geer, D. 2009. The OS Faces a Brave New World. IEEE Computer Society Volume 42, issue 10 p. 15--17.  
  5. Ertaul, L. and Singhal, S. 2009. Security Challenges in Cloud Computing. California State University, East Bay. Academic paper http://www.mcs.csueastbay.edu/~lertaul/Cloud%20Security%20CamREADY.pdf  
  6. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. "Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds." ACM CCS 2009  
  7. A. Cavoukian, "Privacy in the clouds", in Springer Identity in the Information Society, Published online: 18 December 2008. http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf

    Source: http://dl.acm.org/citation.cfm?id=2047458&CFID=57421764&CFTOKEN=12463119
16 Comments

The Comprehensive National Cybersecurity Initiative

10/25/2011

0 Comments

 
Picture
12 Initiatives Outlined by the Comprehensive National Cybersecurity Initiative (CNCI) launched by President George W. Bush
in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/
HSPD-23) in January 2008.
  1. Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections.
  2. Initiative #2. Deploy an intrusion detection system of sensors across the Federal enterprise
  3. Initiative #3. Pursue deployment of intrusion prevention systems across the Federal enterprise.
  4. Initiative #4: Coordinate and redirect research and development (R&D) efforts.
  5. Initiative #5. Connect current cyber ops centers to enhance situational awareness.
  6. Initiative #6. Develop and implement a government-wide cyber counterintelligence (CI) plan.
  7. Initiative #7. Increase the security of our classified networks.
  8. Initiative #8. Expand cyber education.
  9. Initiative #9. Define and develop enduring “leap-ahead” technology, strategies, and programs.
  10. Initiative #10. Define and develop enduring deterrence strategies and programs.
  11. Initiative #11. Develop a multi-pronged approach for global supply chain risk management.
  12. Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure domains.
http://www.whitehouse.gov/sites/default/files/cybersecurity.pdf

0 Comments

16 Business Practices That Need to be Killed (Gartner)

10/25/2011

1 Comment

 
CIO shares Gartner VP Ken McGee's 16 long-held business practices that need to be discontinued:

The short list of targeted items includes:

1. Stop recommending mega projects

2. Eliminate differences between CIO/CEO projects

3. Terminate projects that do not improve the income statement

4. Abandon CIO priorities that don't support CEO priorities

5. Stop recommending mega projects

6. Terminate existing apps that do not yield measurable business value

7. End the practice of putting the enterprise IT spending within the CIO budget

8. Abolish environment of little or no IT spending accountability

9. Eliminate IT caused business model disruption surprises

10. Kill cloud-a-phobia

11. Abandon level 1,2,3 tech support

12. Kill chargeback systems

13. Stop issuing competitive bids

14. Stop holding onto unfunded projects. Stop IT hoarders

15. End discrimination against behavioral skills around social sciences

16. End unbalanced support between back and front office

http://www.cio.com/article/692130/Gartner_16_Long_Held_IT_Business_Practices_You_Need_to_Kill
1 Comment

Alliance Airshow Cancelled, 23 October, 2011

10/23/2011

0 Comments

 
The Fort Worth Alliance Airshow was cancelled on 23 October, 2011 due to weather conditions.  The weather on Sunday was fantastic, but the parking lot was soaked.  The muddy mess led to the cancellation of all performances due to unsafe conditions.
The Alliance Airshow staff does a great job planning for the event.  I've been in attendance many years at the Captain's club, Flight Deck, and met many of my friends and colleagues in Fort Worth.  The vendors, performers, and attendees wanted the show to go on.
As pilot Michael Rambo puts it, "just like flying, safety first."
See you next year!

One of my favorites from the 2006 Alliance Airshow:
Picture
0 Comments

Moppin' Sauce for Dr. Van Dewark

10/23/2011

0 Comments

 
One of my colleagues, Dr. Van Dewark is looking for a new moppin sauce recipe.  The one below is real good for pork...especially if you like
Deejay’s Infamous Dipping Sauce For Pulled Pork
2-juiced lemons,
1 teaspoon white pepper,
1 teaspoon sea salt,
1 teaspoon Cajun spice,
4 teaspoons pure Maple syrup,
4 teaspoons Tomato Based BBQ sauce

Some great guides that have helped me smoke meats, create rub recipes, etc: http://www.deejayssmokepit.net
0 Comments

Netflix Approach to the Cloud: Simian Army

10/20/2011

0 Comments

 
Ariel Tseitlin and Yury Izrailevsky from Netflix share their approach to cloud adoption using "Simian Army" suite of tools.
Below are the definition of the various tools Netflix engineers created:

Chaos Monkey, a tool that randomly disables our production instances to make sure we can survive this common type of failure without any customer impact.

Latency Monkey induces artificial delays in our RESTful client-server communication layer to simulate service degradation and measures if upstream services respond appropriately. In addition, by making very large delays, we can simulate a node or even an entire service downtime (and test our ability to survive it) without physically bringing these instances down. This can be particularly useful when testing the fault-tolerance of a new service by simulating the failure of its dependencies, without making these dependencies unavailable to the rest of the system.

Conformity Monkey finds instances that don’t adhere to best-practices and shuts them down. For example, we know that if we find instances that don’t belong to an auto-scaling group, that’s trouble waiting to happen. We shut them down to give the service owner the opportunity to re-launch them properly.

Doctor Monkey taps into health checks that run on each instance as well as monitors other external signs of health (e.g. CPU load) to detect unhealthy instances. Once unhealthy instances are detected, they are removed from service and after giving the service owners time to root-cause the problem, are eventually terminated.

Janitor Monkey ensures that our cloud environment is running free of clutter and waste. It searches for unused resources and disposes of them.

Security Monkey is an extension of Conformity Monkey. It finds security violations or vulnerabilities, such as improperly configured AWS security groups, and terminates the offending instances. It also ensures that all our SSL and DRM certificates are valid and are not coming up for renewal.

10-18 Monkey (short for Localization-Internationalization, or l10n-i18n) detects configuration and run time problems in instances serving customers in multiple geographic regions, using different languages and character sets.

Chaos Gorilla is similar to Chaos Monkey, but simulates an outage of an entire Amazon availability zone. We want to verify that our services automatically re-balance to the functional availability zones without user-visible impact or manual intervention.

I like the approach of the Simian Army to simulate failures and keep systems healthy, responsive, and available.  Two follow-on thoughts:
  1. Is the Simian Army a suite of COTS tools, homegrown scripts, or a combination of COTS customized.
  2. What are the results of testing and simulation using these tools?
Would be great to see this in a case study format or detailed journal paper.
Entire post (Netflix) - http://techblog.netflix.com/2011/07/netflix-simian-army.html?m=1
0 Comments

Chuck Yeager Breaks Sound Barrier 15 October, 1947

10/15/2011

0 Comments

 
American test pilot Chuck Yeager flew the X-1 aircraft, affectionately named "Glamorous Glennis" after his wife on October 14th, 1947.  Yeager's historic flight signaled the first manned flight to break the sound barrier, launching the USA flight program ahead of Britain and Germany.

It was more rocket than plane, developed specifically to fly through the shock waves of the sound barrier, with Yeager as pilot. "About half of the engineers gave us no chance at all of ever successfully flying beyond the speed of sound. They said it's a so-called barrier and the airplane would go out of control or disintegrate, but I didn't look at it that way."

More info @ http://www.youtube.com/watch?v=dke2i-xO1uo
Picture
0 Comments

The Role of CIO and CTO

10/11/2011

0 Comments

 
Picture
Excerpt from Andy Gravvet's 08-Sept article on GovLoop

Chief Information Officer's Role

The primary role of the CIO is to provide policy direction, maintain the IT infrastructure of the organization, ensure proper security measures are followed, and to evaluate and control capital expenditures to facilitate the portfolio management of the organization. The graphic below illustrates a more detailed list of the functions of the CIO. Clinger-Cohen defines the general responsibilities as follows:

"(1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the executive agency to ensure that information technology is acquired and information resources are managed for the executive agency in a manner that implements the policies and procedures of this division, consistent with chapter 35 of title 44, United States Code, and the priorities established by the head of the executive agency;

(2) developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the executive agency; and

(3) promoting the effective and efficient design and operation of all major information resources management processes for the executive agency, including improvements to work processes of the executive agency."



Chief Technology Officer's Role

The CTO's responsibility is to provide overall awareness of technologies that can be used to advance the mission of the organization. This role is illustrated in the graphic below and the primary functions of the CTO are described below:

  • Emerging Technologies - Must be aware of emerging technologies to select the proper capabilities to infuse into the organization
  • Market Assessment - Must be prepared to review the market to find technologies that can most efficiently meet the needs of the agency
  • External Relationships - Must work closely with government agencies and private industry to ensure that the government's needs are addressed and that the organization is aware of the latest technological innovations
  • Evolving Infrastructure - Agency's infrastructure is constantly changing and the CTO must be aware of these changes and bring technologies to the organization to enhance the agency's capabilities
  • Transparency - With the current requirement to increase transparency across the government, the CTO must understand the issues surrounding open government and seek technologies that can be used to enhance agency communications with the public
  • Security - Must be aware of security issues and what technologies are available to secure the agency's networks, data, and IT assets
Read the full article: http://www.govloop.com/profiles/blogs/the-roles-of-cios-and-ctos

0 Comments

NIST Cloud Computing Reference Architecture Released (Sept 2011)

10/11/2011

0 Comments

 
National Institute of Standards and Technology cloud computing standards roadmap released Sept. 13.
Picture
0 Comments

Battleground email: 7 Ways to Respond to Snarky emails

10/11/2011

1 Comment

 
Russell Working over @ Ragan.com shares his techniques before responding to those snarky emails.
Instead of a scorched earth policy, try these tips to avoid a "reply-all firefight":

  1. Re-Read the original message
  2. Pause before sending hostilities
  3. Respond in person, by phone
  4. No cursing!
  5. Chose words carefully
  6. Limit emoticons, acronyms
  7. Use reply all cautiously
When I get an inbox slam, I often sleep on it before responding. Generally what we think are major episodes, conflicts, or issues don't seem as big the next day. I would also add another step for assessing the value of responding with your own slam. We must think, "to what purpose does this serve? to what end?" Sometimes it's just pride and bruised egos.

Conventional wisdom holds "do not argue with an idiot, people watching [reading] may not be able to tell the difference." Sound advice for limiting a CLM (career limiting move) via email.

Have a great day

1 Comment
<<Previous
    Picture

    Author

    Director
    @lockheedmartin
    | Professor
    @UMDGlobalCampus
    | 1st Cloud Dissertation | Top 5 #Thinkers360 #blockchain #cloud #iot #AI #AIEthics #digital #cyber #5g

    View my profile on LinkedIn
    Follow @jeffdaniels
    Tweets by jeffdaniels

    RSS Feed

    Archives

    December 2022
    August 2022
    March 2021
    February 2021
    January 2021
    December 2020
    September 2020
    August 2020
    February 2020
    January 2019
    October 2015
    April 2015
    January 2015
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    August 2013
    July 2013
    June 2013
    February 2013
    December 2012
    October 2012
    September 2012
    August 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011

    Categories

    All
    4h
    Acoustic
    Adele
    Adoption
    Aero
    Aerospace
    Airshow
    Alliance
    Architect
    Architecture
    Astronaut
    Augustine
    Bahill
    Book
    Books
    Boxing
    Budget
    Business
    Business Card
    Candidate
    Card
    Career
    Careerdevelopment
    Chan
    Chowder
    Cio
    Cities Names
    Clam
    Cloud
    Cloudcomputing
    Cnci
    College
    Computing
    Conference
    Connectivity
    Crowe
    Csedweek
    Cto
    Cyber
    Cybersecurity
    Deep Dive
    Defense
    Denise
    Dfw
    Digital
    Ebook
    Education
    Email
    Engineering
    Exploration
    Extreme
    F35
    Fall
    Fb
    Fedgov
    Fighter
    Flight
    Flighttest
    Florida
    Food
    Framework
    Frazier
    Get
    Gissing
    Glennis
    Google
    Haunted
    Hbr
    Heterogeneous
    History
    Homogeneous
    Horwath
    House
    Ideacast
    Identity
    Insiderhighered
    Internet
    Interview
    Joe
    Jsf
    Kindle
    Kindlefire
    Klout
    Kolditz
    Leadership
    Learning
    Linkedin
    Lm
    Martin
    Meeting
    Mentor
    Miracles
    Mit
    Mobile
    Monkey
    Mst3k
    Music
    Nasa
    Nascar
    Nelson
    Netflix
    Networking
    Nist
    Norm
    Orlando
    Phd
    Pictures
    Post
    Practice
    Process
    Pumpkin
    Put
    Quote
    Races
    Ragan
    Recipe
    Results
    Robots
    Role
    Rollinginthedeep
    Scary
    Search
    Security
    Servo
    Silence
    Simian
    Smokin
    Smoothie
    Snarky
    Socialnetwork
    Sound Barrier
    Space
    Speakup
    Spending
    Star
    Stem
    Sterman
    Strategy
    Success
    Systems
    Systemsengineering
    Teaching
    Teamtexas
    Techmgmt
    #techmgmt
    Techmgmt#
    #techmgt
    Technology
    Texas
    Tms
    Togaf
    Townhall
    Treat
    Trend
    Trust
    Tx
    Web
    Web2.0
    X1
    Yeager

    RSS Feed

Powered by Create your own unique website with customizable templates.
Photos used under Creative Commons from europeanspaceagency, ▓▒░ TORLEY ░▒▓, Lori_NY, Dean_Groom, dalecruse, Fin Cosplay & Amigurumi, Iain Farrell, erin_everlasting, palindrome6996, Easa Shamih (eEko) | P.h.o.t.o.g.r.a.p.h.y, markhillary, Matt McGee, Marc_Smith, woodleywonderworks, agustilopez, rachel_titiriga, SeaDave, cheri lucas., Caio H. Nunes, grabbingsand, Armchair Aviator, quinn.anya, Jennifer Kumar, billaday, edtechworkshop, chucknado, purpleslog, yugenro, christianeager, dground, GlasgowAmateur, expertinfantry, OiMax
  • Home
  • About
  • Publications and Speaking
  • Contact