2012 Update

I had meant to update on how my plans for the year were going around June / July so this is a little late, but I have been pretty busy getting the upcoming Cloud Security Alliance (CSA) – Security as a Service (SecaaS) guidance documents.  These are due for publication at the start of September – watch this space..  It has also taken longer than expected to finalise my Masters project choice, but I think I’ve got there with that one, finally!

In January I listed some goals for the year here;


So where am I with the years goals?

1. Choose a project and complete my Masters.  Project finally chosen and extended project proposal handed in.  My proposed project title is;

‘Increasing authentication factors to improve distributed systems security and privacy’

The plan is to cover the current state of distributed systems authentication and to assess how this could be improved by adding further ‘factors’ to the required authentication.  In this instance factors refer to things like ‘something you know’ such as passwords, ‘something you have’ such as a number generating token, and something you are such as your finger print.  I have completed a project plan outlining how I’ll use the time between now and the hand in date in January 2013, and I’ll keep you posted with progress.

2. Lead / co-chair the CSA SecaaS working group.  While it has been challenging to find the time and keep everyone involved working in the same direction, we are almost ready to release the next piece of work from this research group.  The next publication will be in the form of 10 implementation guidance documents covering the 10 SecaaS categories we defined last year.  These will be released on the CSA web site around the end of August, I’ll post a link once they are available.  This has certainly been a learning experience regarding managing the output of a very very diverse set of international volunteers!

3. Become more familiar with the Xen hypervisor.  I have had limited success with this one, increasing my familiarity with virtualisation and cloud generally, and reading up on Xen.  However I have not had a chance to set up a test environment running the open source Xen hypervisor to get properly acquainted with it.  I’ll be looking to rectify this during October, at which time I’ll provide a run down of my thoughts of this hypervisor’s features and how easy it is to install and configure.

4. Brush up my scripting and secure coding.  Scripting opportunities have been limited this year, and I have not had the tine to create side projects outside of the office due to CSA and Masters related work.  Secure coding, I have reviewed both some code and some development practices against OWASP recommendations and the Microsoft secure development lifecycle (SDLC), so have made some progress in this area and will follow with an update in a future post.

Overall, not as much progress in some areas as I had hoped, but I am reasonably happy with the CSA SecaaS and Master progress, while also holding my own in full time employment.

As mentioned, keep an eye out for the upcoming publication of the SecaaS implementation guidance!


Further Cloud planning and BYOD reading

I have recently read a few interesting and useful papers relating to some of my previous posts that may also be of interest to some of the readers of this blog.  Feel free to let me know your thoughts!  Incidentally the first three papers below all originate from IBM, this is purely coincidental and I have no affiliation with IBM.

The first paper is titled ‘Defining a framework for cloud adoption’.  Please read previous posts if you need an overview of the benefits of cloud computing.  This paper introduces IBMs cloud adoption framework that is free for any organisation wishing to have a standardised reference to frame their discussions and planning around moving to the cloud.  This can be found here (free registration may be required);


The second paper worth reviewing is also around helping your company adopt cloud based services, this one is titled; ‘A logical approach to cloud adoption in your company’.  This paper seeks to aid the discussions around when and how to consider moving to the cloud and covers the fact that there isn’t actually ‘a cloud’, but multiple clouds and variations on the theme, these were covered in my previous post introducing the cloud.  This one can be found here (free registration may be required);


The third paper from IBM is titled ‘Building a successful roadmap to the cloud’.  This is a great companion to the above papers, as once you have the conversation started and people are on board with the benefits of utilising some cloud services the next step is to build the plan / roadmap for moving to and adopting these services.  This paper can be found here (free registration may be required);


All three of the above papers are definitely worth reading if your company is considering adopting cloud services, or if you want some ideas and terminology to get the conversation and planning started.

The final paper I’ll suggest you read is a balanced review of BYOD (Bring Your Own Device) that covers many of the pros and cons of this current trend.  I have briefly covered BYOD and what it is before, this paper will aid you in further understanding what BYOD is, what the potential pit falls are, and if BYOD may fit into your business at all.   This one if from PC pro, not IBM just for a bit of a change and can be found here (free registration may be required);


Happy reading, I’ll be back soon with an update on my years progress so far.