DR. JEFF DANIELS
  • Home
  • About
  • Publications and Speaking
  • Contact
Digital Transformation | Leader | Professor

Oracle Embracing the Cloud

10/1/2012

2 Comments

 
Picture
Larry Ellison, CEO of Oracle just announced that Oracle was launching a brand new cloud computing service.  Think for a minute how profound this is given Ellison's resistance to cloud computing since 2008.

In 2008, Ellison had some sharp words about the subject:
"The interesting thing about cloud computing is that we've redefined cloud computing to include everything that we already do. I can't think of anything that isn't cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women's fashion. Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?"

In contrast,  Vivek Kundra, CIO of the U.S. Federal Government was an advocate of cloud computing, “I believe it's the future," he says. "It's moving technology leaders away from just owning assets, deploying assets and maintaining assets to fundamentally changing the way services are delivered“ (CIO, 2008).

The excerpts above were from my ACM and ISE Security award nominated dissertation research posted here: http://scholars.indstate.edu/handle/10484/2031


2 Comments

NSF Report: Cloud Computing Research Direction

2/13/2012

1 Comment

 
Picture
On 12-February-2012, the NSF (National Science Foundation) released a report on cloud computing research.  The NSF calls cloud computing a vital area in which to continue research investments.  Among the topics highlighted by NSF:
  1. Cloud Architectures and Systems
  2. Network Support for Clouds
  3. Data Portability, Consistency, Availability, and Management
  4. Programming Models for Clouds
  5. Fault Masking in the Clouds
  6. Cloud Security, Privacy,and Auditing
  7. Cloud Debugging, Certification, Diagnosis,and Update
  8. Cloud Self-Monitoring and Autonomic Control
  9. Cloud Inter-Operability and Standardization
  10. Green Clouds
  11. Cloud test beds

From an architecture perspective, the report mentions Nebula.  "The NEBULA architecture achieves the three security properties of confidentiality, integrity and availability using a system approach."  This approach is supported by my dissertation research using the systems approach to design confidentiality and integrity into cloud based systems, specifically with respect to data privacy, authentication, and authorization.

The entire NSF report is available here: http://www.nsf.gov/pubs/2012/nsf12040/nsf12040.pdf
/jd



1 Comment

Retuning Skills for the Cloud

1/24/2012

0 Comments

 
Picture
What kind of skills will you need to be competitive in the cloud computing environment? 

CIO has an article about what changes may occur and the skills required to be a technically effective in the cloud computing domain. 

I summarized the key points below:
  1. Application Developers - learn new APIs, Non-relational DBs
  2. Systems Administrators - less about running server, more about running environment
  3. Architects - Bring together knowledge of cloud computing, enterprise architecture, storage, networking and virtualization
  4. Capacity Planners - shorter forecast, quicker turnaround
  5. Vendor Managers - Different cost models, contracts impact pricing

The gaping hole they overlooked is the "applications administrator" type role.  This the squishy layer between infrastructure maintained by traditional systems administrators, but not really managed by programmers and developers.  The role has emerged as applications administrator or middleware applications support.  The boundaries vary depending on the IT shop, skillset, management preferences, etc, but the role exists. 

Looking forward to the cloud this role will likely expand.  The ability to understand the complexities of interfaces, platforms, transactions, and data design within cloud systems will be a valuable skill to have.

Another omission from the article is security skills for the cloud.  Study after study details the caution of moving to the cloud due to security concerns.  Understanding penetration, vulnerabilities, and appropriate defenses is critical to designing and maintain cloud systems.

Finally, the cloud may be one of the more accessible technologies to learn.  The characteristics of accessibility and elasticity of the cloud lend themselves to training as well.  As mentioned in the article, a great way to learn about the cloud is find a cloud provider (AMZ, Rackspace, Eucalyptus, etc) and fire up some cloud systems.  Practice scripting, management, turning, and support on these systems at a relatively low cost (free in some cases).


0 Comments

NIST Guidelines on Security and Privacy in Public Cloud Computing

11/16/2011

0 Comments

 
Interesting draft from NIST on Security and Privacy Guidelines for Cloud Computing.  Researchers have found that "organizational identification and authentication framework may not naturally extend into the cloud and extending or changing the existing framework to support cloud services may be difficult." (Chow et al., 2009)

One alternative is to create a new "cloud" identity system.  Given the current state of information technology investment, it will likely be a "hard sell" to design, build, and support a second identity management system.  Another alternative is to adopt a combination of eXtensible Access Control Markup Language (XACML) and Security Assertion Markup Language (SAML).  The latter provides a secure mechanism to exchange "assertations" for authentication.  The former (XACML) offers the capability for a  cloud provider to control access to cloud resources in a standard/non-proprietary fashion.

The guideline paper concludes with this thought: "Many of the features that make cloud computing attractive can also be at odds with traditional security models and controls."

Source: NIST Guidelines on Security and Privacy in Public Cloud Computing

0 Comments

Top Cloud Computing Events and Conferences for 2012

11/10/2011

0 Comments

 
Brooks International has a good list of cloud computing events in 2012. 

Top Cloud Computing Events and Conferences

Events Scheduled for 2012
Cloud Expo 2012 – June 11-14- NYC – http://cloudcomputingexpo.com/

CLOUDCON 2012 – February 13-16, 2012 – Santa Clara, CA – http://www.cloudconnectevent.com/santaclara/

ICNC 2012 – January 30- February 2 – Maui, HI – http://www.conf-icnc.org/

CloudCon Expo – July 11-13, 2012 – San Francisco, CA – http://www.cloudconexpo.com/

Cloud Security Alliance Innovation Conference 2012 – January 26 – Silicon Valley, CA – https://cloudsecurityalliance.org/events/csa-innovation-conference-2012/

Cloud Identity Summit 2012 – July – Vail, CO – http://www.cloudidentitysummit.com/

IDGA 3rd Annual Cloud Computing for DoD & Government – February 21-23 – Washington DC – http://www.cloudcomputingevent.com/Event.aspx?id=619576

2012 Cloud Computing & Virtualization Conference & Expo – http://govcloudconference.com/Events/2011/Home.aspx

Parallels Summit 2012 – Profit from the Cloud – February 14-16 – Orlando, FL – http://www.parallels.com/summit/2012/

Cloud Fair Conference 2012 – April 17 – 19, 2012 – Seattle, WA – http://www.cloudfairconference.com/

Cloud/Gov 2012 – February 16, Washington DC – http://www.siia.net/cloudgov/2012/

Remaining 2011 Events

UP 2011 – Cloud Computing Conference – Mountain View, CA- December 5-9 – http://up-con.com/

CloudBeat2011 – November 30- December 1 – Redwood City, CA – http://venturebeat.com/events/cloudbeat2011/ CIO

Cloud Summit 2011 – December 8-9 – Scottsdale, AZ – http://www.ciocloudsummit.com/

Cloud Security Alliance Congress 2011 – November 16-17 – Orlando, FL – http://www.misti.com/default.asp?page=65&Return=70&ProductID=4985&LS=cloud

CloudCamp 2011 – November 19 – Chicago, IL – http://www.cloudcamp.org

If you would like to add your event to our list please contact [email protected].
Source: http://blog.brooksinternational.com/top-cloud-computing-events-and-conferences/

0 Comments

Study: IT's Future Lies with Cloud Computing, Security and Mobile

11/7/2011

1 Comment

 
Picture
CIO Magazine reports:
Cloud computing, security and the mobile space hold the most growth potential in the coming years, according to IT professionals surveyed by tech staffing firm Modis.

No kidding?
Efficient (and/or affordable), secure, accessible.  I don't really see anything new here.  We did not need a new study to confirm these are potential growth areas.  One can look at the recent and current strategic plans of the FedGov, DoD, and industry leaders to confirm.

Read entire CIO article: http://www.cio.com/article/693125/Study_IT_s_Future_Lies_with_Cloud_Computing_Security_and_Mobile?source=CIONLE_nlt_insider_2011-11-07

1 Comment

Who can you trust in the cloud? A review of security issues within cloud computing

10/25/2011

17 Comments

 
John Roberts and Wasim Al-Hamdani presented on cloud security in the InfoSecCD '11 Proceedings of the 2011 Information Security Curriculum Development Conference.
Interesting resources in the bibliography section:

  1. Y. Chen, V. Paxson, and R. Katz. What's New About Cloud Computing Security? Technical Report UCB/EECS-2010-5, Berkeley, 2010  
  2. Pianese, F., Bosch, P., Alessandro, D., Janssens, N., Stathopoulos, T., and Steiner, M. 2010. Toward a Cloud Operating System. Network Operations and Management Symposium Workshops (NOMS Wksps).  
  3. Jensen, M., Schwenk, J., Gruschka, N., and Iacono, L. 2009. On technical Security Issues in Cloud Computing. IEEE International Conference on Cloud Computing.  
  4. Geer, D. 2009. The OS Faces a Brave New World. IEEE Computer Society Volume 42, issue 10 p. 15--17.  
  5. Ertaul, L. and Singhal, S. 2009. Security Challenges in Cloud Computing. California State University, East Bay. Academic paper http://www.mcs.csueastbay.edu/~lertaul/Cloud%20Security%20CamREADY.pdf  
  6. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. "Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds." ACM CCS 2009  
  7. A. Cavoukian, "Privacy in the clouds", in Springer Identity in the Information Society, Published online: 18 December 2008. http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf

    Source: http://dl.acm.org/citation.cfm?id=2047458&CFID=57421764&CFTOKEN=12463119
17 Comments

Netflix Approach to the Cloud: Simian Army

10/20/2011

0 Comments

 
Ariel Tseitlin and Yury Izrailevsky from Netflix share their approach to cloud adoption using "Simian Army" suite of tools.
Below are the definition of the various tools Netflix engineers created:

Chaos Monkey, a tool that randomly disables our production instances to make sure we can survive this common type of failure without any customer impact.

Latency Monkey induces artificial delays in our RESTful client-server communication layer to simulate service degradation and measures if upstream services respond appropriately. In addition, by making very large delays, we can simulate a node or even an entire service downtime (and test our ability to survive it) without physically bringing these instances down. This can be particularly useful when testing the fault-tolerance of a new service by simulating the failure of its dependencies, without making these dependencies unavailable to the rest of the system.

Conformity Monkey finds instances that don’t adhere to best-practices and shuts them down. For example, we know that if we find instances that don’t belong to an auto-scaling group, that’s trouble waiting to happen. We shut them down to give the service owner the opportunity to re-launch them properly.

Doctor Monkey taps into health checks that run on each instance as well as monitors other external signs of health (e.g. CPU load) to detect unhealthy instances. Once unhealthy instances are detected, they are removed from service and after giving the service owners time to root-cause the problem, are eventually terminated.

Janitor Monkey ensures that our cloud environment is running free of clutter and waste. It searches for unused resources and disposes of them.

Security Monkey is an extension of Conformity Monkey. It finds security violations or vulnerabilities, such as improperly configured AWS security groups, and terminates the offending instances. It also ensures that all our SSL and DRM certificates are valid and are not coming up for renewal.

10-18 Monkey (short for Localization-Internationalization, or l10n-i18n) detects configuration and run time problems in instances serving customers in multiple geographic regions, using different languages and character sets.

Chaos Gorilla is similar to Chaos Monkey, but simulates an outage of an entire Amazon availability zone. We want to verify that our services automatically re-balance to the functional availability zones without user-visible impact or manual intervention.

I like the approach of the Simian Army to simulate failures and keep systems healthy, responsive, and available.  Two follow-on thoughts:
  1. Is the Simian Army a suite of COTS tools, homegrown scripts, or a combination of COTS customized.
  2. What are the results of testing and simulation using these tools?
Would be great to see this in a case study format or detailed journal paper.
Entire post (Netflix) - http://techblog.netflix.com/2011/07/netflix-simian-army.html?m=1
0 Comments

NIST Cloud Computing Reference Architecture Released (Sept 2011)

10/11/2011

0 Comments

 
National Institute of Standards and Technology cloud computing standards roadmap released Sept. 13.
Picture
0 Comments
    Picture

    Author

    Director
    @lockheedmartin
    | Professor
    @UMDGlobalCampus
    | 1st Cloud Dissertation | Top 5 #Thinkers360 #blockchain #cloud #iot #AI #AIEthics #digital #cyber #5g

    View my profile on LinkedIn
    Follow @jeffdaniels
    Tweets by jeffdaniels

    RSS Feed

    Archives

    January 2023
    December 2022
    August 2022
    March 2021
    February 2021
    January 2021
    December 2020
    September 2020
    August 2020
    February 2020
    January 2019
    October 2015
    April 2015
    January 2015
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    August 2013
    July 2013
    June 2013
    February 2013
    December 2012
    October 2012
    September 2012
    August 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011

    Categories

    All
    4h
    Acoustic
    Adele
    Adoption
    Aero
    Aerospace
    Airshow
    Alliance
    Architect
    Architecture
    Astronaut
    Augustine
    Bahill
    Book
    Books
    Boxing
    Budget
    Business
    Business Card
    Candidate
    Card
    Career
    Careerdevelopment
    Chan
    Chowder
    Cio
    Cities Names
    Clam
    Cloud
    Cloudcomputing
    Cnci
    College
    Computing
    Conference
    Connectivity
    Crowe
    Csedweek
    Cto
    Cyber
    Cybersecurity
    Deep Dive
    Defense
    Denise
    Dfw
    Digital
    Ebook
    Education
    Email
    Engineering
    Exploration
    Extreme
    F35
    Fall
    Fb
    Fedgov
    Fighter
    Flight
    Flighttest
    Florida
    Food
    Framework
    Frazier
    Get
    Gissing
    Glennis
    Google
    Haunted
    Hbr
    Heterogeneous
    History
    Homogeneous
    Horwath
    House
    Ideacast
    Identity
    Insiderhighered
    Internet
    Interview
    Joe
    Jsf
    Kindle
    Kindlefire
    Klout
    Kolditz
    Leadership
    Learning
    Linkedin
    Lm
    Martin
    Meeting
    Mentor
    Miracles
    Mit
    Mobile
    Monkey
    Mst3k
    Music
    Nasa
    Nascar
    Nelson
    Netflix
    Networking
    Nist
    Norm
    Orlando
    Phd
    Pictures
    Post
    Practice
    Process
    Pumpkin
    Put
    Quote
    Races
    Ragan
    Recipe
    Results
    Robots
    Role
    Rollinginthedeep
    Scary
    Search
    Security
    Servo
    Silence
    Simian
    Smokin
    Smoothie
    Snarky
    Socialnetwork
    Sound Barrier
    Space
    Speakup
    Spending
    Star
    Stem
    Sterman
    Strategy
    Success
    Systems
    Systemsengineering
    Teaching
    Teamtexas
    Techmgmt
    #techmgmt
    Techmgmt#
    #techmgt
    Technology
    Texas
    Tms
    Togaf
    Townhall
    Treat
    Trend
    Trust
    Tx
    Web
    Web2.0
    X1
    Yeager

    RSS Feed

Powered by Create your own unique website with customizable templates.
Photos from europeanspaceagency, ▓▒░ TORLEY ░▒▓, Lori_NY, Dean_Groom, dalecruse, Fin Cosplay & Amigurumi, Iain Farrell, erin_everlasting, palindrome6996, Easa Shamih (eEko) | P.h.o.t.o.g.r.a.p.h.y, markhillary, Matt McGee, Marc_Smith, woodleywonderworks, agustilopez, rachel_titiriga, SeaDave, cheri lucas., Caio H. Nunes, grabbingsand, Armchair Aviator, quinn.anya, Jennifer Kumar, billaday, edtechworkshop, chucknado, purpleslog, yugenro, christianeager, dground, GlasgowAmateur, expertinfantry, shixart1985 (CC BY 2.0), OiMax, Wilfried Martens Centre for European Studies, PEO, Assembled Chemical Weapons Alternatives, IBM Research, shixart1985, markus119, shixart1985, shixart1985, Wilfried Martens Centre for European Studies
  • Home
  • About
  • Publications and Speaking
  • Contact