- Slow Release Malware — Prof. Vigna outlined scenarios in which an increasingly sophisticated and opaque breed of malicious executable will evolve to ‘mimic’ the behaviour patterns of benign software, in an attempt to avoid wasting its payload behaviour on a sandbox or virtualised environment. (via Slashdot)
- Top 10 Ways to be a Male Advocate — pass to any men in tech that you know.
- All Businesses are Now Digital Businesses (Vikram Kumar) — given that your business units are buying their own IT and thus reinventing their own business, How many CEOs and CIOs think of business units acting as tech start-ups?
- Amazon Opens First Physical Store (WSJ, paywall) — in NYC, for pickups, returns, exchanges, and same-day delivery of some items from the accompanying warehouse. I’m curious to see what of Amazon’s infrastructure, analytics, and other thin-margin tricks they can bring to substantial physical presence.
ENTRIES TAGGED "cloud"
Think your IT staff can protect you better than major cloud providers? Think again.
I just ran across Katie Fehrenbacher’s article in GigaOm that made a point I’ve been arguing (perhaps not strongly enough) for years. When you start talking to people about “the cloud,” you frequently run into a knee-jerk reaction: “Of course, the cloud isn’t secure.”
I have no idea what IT professionals who say stuff like this mean. Are they thinking about the stuff they post on Facebook? Or are they thinking about the data they’ve stored on Amazon? For me, the bottom line is: would I rather trust Amazon’s security staff, or would I rather trust some guy with some security cert that I’ve never heard of, but whom the HR department says is “qualified”? Read more…
Common behavior to watch out for when transitioning to a PaaS
Today I am going to cover 5 ways developers may be on a Platform as a Service (PaaS) but have not really embraced the new platform effectively. If you have done any of these things below while building your application hosted on a PaaS, like OpenShift, Heroku, or Google App Engine, don’t feel bad:
- PaaS is a relatively new concept in the development world and I think some of these patterns are only recently coming to light
- I have seen veteran developers making these mistakes as they move to the new paradigm
One piece of terminology I will use throughout the article is container. When I am using this word I am referring to the piece of the PaaS that hosts the application and does the work. An application can be composed of multiple containers and the PaaS will probably have a method to add your favorite server-side tech to the container. On OpenShift this is called a gear while on Heroku it is called a dyno.
So without further ado, let’s dig in on some of the code smells in the cloud.
Security in cloud environments better enhanced in other ways
With compliance becoming an ever-increasing priority and hybrid infrastructures becoming the norm, many traditional IT practices must evolve or die. Perhaps a widely used practice that hasn’t kept up with the evolution of compliance requirements in increasingly hybrid environments is the jump server, often called the jump box.
The original theory for jump boxes made a lot of sense. Set up a jump box as a bastion host inside of your environment that everybody logs into and then you can “jump” to any of the other boxes or servers. The jump box would be a heavily fortified gatekeeper, ensuring that only the correct users could pass it. Audit controls would be placed on the jump box to track all user activity. For those that wanted to level up, multi-factor authentication could be installed at the jump box to make it harder for an attacker to leverage stolen credentials.