Cloud Security

IT has the ability to deliver almost anything that you can think of, and here is the latest entrant - The Clouds, which is now a phrase du jour in the IT coliseum already. Clouds are on the rise and so are the organizations looking ahead to capture clouds for their business practices.

Cloud Computing has changed the approach such that a cloud – user now only requires a browser for access to the company’s network. And this raises risks and compliance concerns.

Being a part of GRC, we know what matters to organizations most and here, it is their corporate data which they may put on off-premise servers. So are the clouds safe? What are the risks involved? Will the data (kept off – shore) still sync with their company's internal compliance mandates?

  

Being in the GRC domain, I had serious question in front of myself – are clouds secured and safe and what should they do to adhere with IT security norms. How can they be well-equipped to address any IT security concern raised as any organization would want clouds to be safe before putting their enterprise data on-board?

With the current economic scenario, businesses, especially mid-size, may feel the need for cost reduction and look forward to this technology to source some or all of their computing services into the cloud; but what may hold them back are the security concerns. To pass the risk and compliance test, they would need to address the following concern that comes with clouds not only for IT auditors but also for themselves. A lack of robust methodology of identifying risk areas and being compliant may derail the complete concept of clouds. 

First, we discuss the various planks which can be of major concerns to the data owners:

·      SaaS, PaaS and IaaS: Cloud providers use Software as a Service (SaaS) or Platform as a Service (PaaS i.e. providing a platform to build software applications to cloud - users) or Infrastructure as a Service (IaaS like servers) to deliver a single application through the browser serving multiple clients.

·      Use of web services: Use of web services like search engines, web portals, etc.

·      Use of Utility Computing in Clouds: Utility computing i.e. utilization of services and computing resources, such as virtual Data Centers.  

Risks Involved

·      SaaS, PaaS and IaaS: The risk of using Saas, PaaS or IaaS is that all these platforms raise issues of identifying user accounts (duplicate user accounts) and their roles and rights, misalignment of data.  In short, concerns of authorization and authentication. Here, the onus of data security lies not only on the data owners, but also majorly on the cloud providers (Cloud Service Providers), as the data is stored on any third – party software, storage blocks or platform based clouds.

·      Use of web – services: Use of web services in the clouds is crucial to IT security as traditional vulnerabilities like virus, spywares are always of concern. Apart from the traditional villains resting on the web, it is security of the enterprise data to be transmitted to these web services is also under scanner.

·      Use of Utility Computing in Clouds: Utility computing raises a high level of security concern as mission critical data of organizations are under scrutiny. The access to crucial and critical IT environments such Data Centers has always been of high concern to organizations. The fear of clouds growing dark rises, as we are actually looking into the prospects of a ‘virtual Data Center’.  

Compliance practices to tackle the risks

Addressing risk and compliance aspects is fundamental for clouds to grow. This is important as no GRC umbrella over an organization’s cloud cluster would mean a complete degradation of their enterprise data and their business practice. The best practices to tackle the mentioned risks are suggested below:

·      SaaS, PaaS and IaaS: Organizations need to focus on data security which becomes highly important as the clouds reside on storage blocks, software or platforms. User accounts and their roles and rights are absolutely crucial as well as their authorization and validation must be of primary focus to the organizations.Organizations / data owners here would also require robust cloud-based third party policies, rather than just the orthodox enterprise third party-based policies for the service providers who own the clouds (as the data now no more rest in their environment or facility).

·      Use of web services: Filtering (URL filtering) on what is to be viewed on the basis of User roles is an effective measure while using web services on the clouds. This ensures that each cloud users access what is actually necessary for their role. This takes care of access to attractive but distracting information / services, which gives an easy en-route to traditional intruders. In case web security is outsourced to a third - party, SLAs / KPIs and related policies must just not only focus on web-security and filtering concerns, but must also focus on the services to curb and prevent data loss. Here, the responsibility of these measures lies primarily with the organizations, who own the data, because it’s just not their data residing on the clouds, they actually share a room out there! What is notably important here is to realize the guidelines and policies that need to be built around these risks and consistently keep a check on them.

·      Use of Utility Computing in Clouds: To overcome security concerns related to the utilities like virtual Data Centers, it is highly recommended to locate and highlight low, medium and high-level of security concerns and risks in-depth. The policies, authorization and access to Data Centers must not only highlight but also address the risk areas and concerns that have been analyzed. The back-up and restoration methodologies adopted are of high significance too, because the Data Centers in the clouds are just not located off-shore, but are virtual as well. So, if organizations do not want the clouds to grow dark, it is important to primarily focus on the below aspects:

·         Policy management and audit capabilities for themselves and cloud-providers

·         IT security controls and the ability to transport and archive enterprise data

·         Addressing poor visibility into risk exposure properly

·         Avoiding lack of alignment from not having risk and compliance processes embedded within the business

Best practices ensure that the organizations; their corporate and enterprise data remain on cloud nine. Clouds are always pleasant to watch and GRC is all about ensuring they don’t grow dark. We won’t.

Globe is molting!

“Hi! Which is berth number 72?” – Sweet maiden voice rang my ear drums while I was still lost in this new book on IT Architecture.

I look up and answer - “The side upper is berth # 72. “

“Oh! That’s up! Gosh!” -  I just didn’t like the sigh sign on her pink cheeks. Her accent & her looks could easily tell me she wasn’t of Indian origin.

“No worries! We can change ours lady. Though the side upper doesn’t fits me in, but I’m ok! The side lower is mine”

“Oh that’s really kind of you to say that. But it’s fine”

She was probably taller than I was.  My concentration in reading was all lost once again and I started gazing out of the window. The golden lights of stations were quickly passing by, and so were the flyovers and creeks.

After putting her bag in place, ‘She’ climbed down and made herself comfortable on the seat next to me.

“So where you from?”  Backpacking in India?”

“Haha! Not really. Well, I’m from Poland.”

“Poland? That’s really interesting. ‘Cheshche’! Warsaw is a beautiful city and so are Polish people!

“Haha” Yea!  Well, I study here & thank you for complimenting Polish people.” India is beautiful country too, colorful & hospitable. What do you do?”

“I work in an IT company here in Mumbai, going home for weekend.”

..and thus started our conversation that lasted till Surat (station in Gujarat state, India) showed in. We chit-chat and then her pals sitting in the other bogie come ti check if she was set in the train, also join us. They make themselves comfortable, chais & greetings, music and then somewhere, we speak about the infamous uprising in the arab world. A passing comment just touches me ‘Nothing remains same ever mate.” Not even our body.  When we were kids we never had beards. Not just us, even the non-livings change. ‘ this was enough to spark thoughts in me. How true.

And lets realize…. World is up for changes yet again. Thank the increasing global use of internet which is bringing the globe closer with ideas from every part or Thank the ‘enough’ (read that louder within you..Kind of like.. Enooooooughhh to feel what I’m trying to say) and growing annoyance against state-corruptions, dictatorships, lack of governance or forceful governance. or thank the global meltdowns & turmoil.

Every part of the world is up for change now, just like a snake shedding skin to allow growth.

And, it’s important to realize for every nation, every citizen, people everywhere,  somewhere, somehow want it to molt.  This molting has happened in the past too and will keep happening even in the future. It’s a never ending procedure, and we witnessing that era yet again. Industrial Revolution, End of western imperialism are all result of this molting process. It’s inevitable. It will happen whenever the situation will be suffocating for people to survive, then will they show their dismay and strength to make globe a better place to live in. 

The present scenario is really interesting. There are few nations, which are looking forward to fresh aroma of life, and there are few, which are destining them to doom. The biggest example for later are Pakistan, North Korea, especially Pakistan. Pakistan was much better place to live in 1998 rather than 2011. Internal security, terror attacks every other day, growing extremism. This all because of rapidly crashing out of education & financial system due to extremism. Pakistani establishments have dug a grave for themselves by nurturing extremism & terrorism.

Let's Look at the news around the world these days:

India fasts against corruption, United States loses AAA credit rating, China’s billionaires double in numbers, Libyans, Syrians on streets and protests to bring political reforms & restore civil rights, Iranians abroad voices concern for restoration of civil rights in homeland, Ireland economy crashes, Spain, Greece looks out for bail out. 

Economic power houses today need economic reforms & the small nations need political reforms.

Global scenario is taking turns now. All the above, because we need changes! We, every one of us in every part of the world. We need new reforms, we need new governance; an environment where air is not suffocating to breathe.

Indians have been so much fed up of daily corruption charges making headlines daily and a significant rise in inflation. Lack of results by agencies against terror acts and infact sometimes accusation on the investigating agencies of being biased in corruption cases. Intolerance against corrupted ministers grew so much, that one old man of 80+ age raised a voice * demand for a quick and stringent anti – corruption bill, and nation followed the echo.

This can also be framed as a non-violent way of molting, a fact that Gandhian principles still can make a difference.  However, not related to what I’m trying to emphasis here.

Major uprising or as I’m using the word molting here, can be seen in the Arab world. Egypt, Libya, Syria are all up against dictatorial and undemocratic governance that has been tormenting their & their nation’s development. Libyans are fed up of nearly 45 years of dictatorial regime and unneeded restrictions. The air to breathe has been becoming suffocating for people in these nations.  Globe coming close through internet makes them realize they aren’t living in an environment which they deserve to. And why? Because, some guy has taken control of their nation is dictating them?

But, how long it lasts and what result it gives out is very crucial and important, because of after such unrest, the objective shouldn’t be lost. In case it does, then finding a solution is very difficult. Examples? De-unification of Korean peninsula that resulted in North & South Korea, Isreal – Palestine crisis, dismay in countries that were once a part of erstwhile Soviet Union.  

It is then important for nations with well – established institutions to assist the people of nations that are looking for reforms, without any selfish interests.  The latter is important, without any ego, greed or selfishness. Because, any shrewd process during re – establishment will come back to haunt them and everyone.

We have examples where such shrewd interests has actually caused globe disastrously. Afghanistan’s quest against Soviet’s troops in late 1980s where extremists mujahedeen were said to be supported & nurtured by nations like Pakistan & United States, came back to haunt them. Pakistan today is a completely paralyzed state infested with extremism & United States along with the world witnessed the most gruesome terrorist attack.  

Let us realize that an uprising against a present form of governance by people must be supported for a good cause.  And let us realize that people aren’t fighting today, it’s the governing establishments that actually are. So when normal people of this nations want a change, it must be supported and backed without any mutual interests.
 

If the world sanctioned Libya, it was because of Gaddaffi’s activities and not because of the people of Libya.  If the world couldn’t connect with Iraq, it was because of Saddam, & and not the Iraqis.  Korea would have been unified and there would have been no fear of nuke armaments from Korean peninsula if the then ‘well established institutions' (nations) wouldn’t have tried their own interest of governance. It should have been left with the people of Korea. Today the result is, North Koreans, afghans, & many other people in various different countries are living in a hollow world, deprived of even the basic needs. And, the problem is that the generations that are growing in these nations now, have never seen or understood what democracy is, what free thoughts is. They can’t even realize that they don’t need this kind of an environment. It's like an elephant being chained. An elephant can easily break the chain, it's an easy cake for it, but it doesn't. Because from birth, it has found itself in the chains. Elephant doesn't realizes he can break-free easily.

 

Today, Libya will go through a new process of governance. Glad that many ‘well-established’ nations are supporting the cause, they are funding Libya, but, important and very important, it shouldn’t be a derivative of ego, selfishness & greed.  Syrians are all on streets & facing harsh steps from Pres. Bashar Al Hassad who wants to ‘kill’ the uprising’ the whole of Syria wants to break free but is facing tough crackdown. Apart from sanctions, the people of Syria should be supported. Surely, Bashar Al Hassad will have to go.Sooner or later, Iran, North Korea will join the crusade for change. Russians are already rebuilding technologies & revitalizing back their economy.United States is chalking out plans to curb economic unstability.

Also alike Libya, there would be many small big rebel groups, and that’s common in every uprising. But after  the uprising finishes, each one of these groups wants to take the center stage. At that juncture, important that ‘well established countries assist in making the best for these nations, again without any greed or ego, share their democratic experiences, because if nation prospers, it will actually help these “well-established nations” like India, China, Northern America, western Europe also to prosper and so will the global scenario & economic standards. For all this, people’s desired governance is required & should be supported.

For a change, listening to Algerian song 'abdel kaider' that Polish lady shared with me. Holycow, can't understand a word, but music is enough to keep me grooving. Even the way these three singers sing, they bring tremendous energy. World is such a such a beautiful and great place to explore. Let us just keep it in our reach always.

The Pinch!!!!

This short – fiction (or probably a true) giggle - gig story of a guy named Steyn is dedicated to all those who can relate to an important event, because to be frank, my heart  really goes out to all those who have lost their loves to this magical city. Your love - whatever, a sleeky Blackberry, a smart Iphone, a hardcore Nokia, yes your phones, Cell phones, because every 1 out of 5 or 6 people living for quite a time in this city will tell you on how they lost their beloved device. 

  
The Pinch

Yes, The Pinch! That’s what this great Indian city Mumbai does to you sometimes. Mumbai, probably globe’s 5^th largest metropolitan, India’s economic powerhouse and home to a population of approximately 20.5 million has a story to tell you every day.

It was a pleasant lazy Monday morning and Steyn was still napping in the bus he took to reach Malad suburban station from where he was going to catch a ’local’ to his office in Santacruz,. Ignoring the fact that he was sitting next to the damsel whom he will stalk on the bus - station and try skip his breakfast to catch the bus the same time she did. It wasn't worth it though, an everyday affair of their eyes meeting, htne dropping, and i any of the two felt necessary, smile thrown out! That was it.

‘Holla Holla’…rang Akon…Err..I mean his month old Blackberry. He just brought new smart business phone, and infact a couple of days before changed his cellular service provider to enjoy the comfort of the services this phone offered.

“Hey Sweet Morning Steyn! Yo just missed it love. I wish you were here. It was a hell good of a weekend trip we guys had! We found a good new place to take a break off the city. Bon - fire, seek lunch..all fun! It’s better than your peacock garden, where one has to get up even before sun does. This place was full of migratory birds too and you already know you sitting in the office whole day in front of your machine  developing that fat old tummy right in front of you. So you gotta shake it and better dare it next time you miss something like this” - that was Preity, always full of life and yes, of course, the words.

“I know I did, I just checked the new pictures Niks added in there.”- I replied.

After the call, he gave a smile to the damsel sitting next to her. She smiled back. That was a routine thing that they both would do past a month. May be Steyn realizes, that it all starts and end with eyes meeting up and smiles ending it down.

He peeped out of the window. It was drizzling, it was all wet outside. The little drops entering his side. Smell of the rain - water hitting the ground, the best perfume in the world, which no French de toilette can match, brought him the freshness every being would wish for.

Beating the traffic but not the time off course, bus reaches the suburban railway station. Everyone around him is running, not exactly, but they atleast not walking. The damsel suddenly disappeared in the crowd. The everyday countdown has just begun to be witnessed. He gave a look at his wrist. It said 9.05 am already. “Gosh I gotta catch that 9.10 slow” - he murmured to himself. He turned a hungry man presented with a banquet, for whom the distance as far as his 1^st class on platform No.2 stand was his feast - a feast so staggering that everyday it completely destroyed his appetite.

After reading it with brisk walk, he prioritizes his task of reaching the 1^st class stand and accelerates himself. He walks up the steps of foot - bridge with something kinetic from crowd proportionally dragging him sometimes to his right, sometimes left.

There it is. Finally. Platform No.2 was full of life, I mean full of breathes. It was jam - packed, full of everyday business. The vendor stalls, the newspaper selling boys, the stinky fish smell, the ladies of all genre and the gentlemen, all looking hooked up. The south - bound trains passing the platforms with hancock speed, but you could feel the life, the freshness of the morning, if you could keep aside the raw stinky fish smell by blocking your nose with a perfume puffed handkerchief.

9.10 am Churchgate slow about to leave the platform, and people all ova it; the ‘no admission’ pavements, the straps of every car where hanging outside their capacity. Young bloods with handkerchief scarfed over their head were standing dangerously on the hooks in the middle of every car, ignoring the warning the sugar - coated voice from the announcement mikes was sharing especially for the commuters who loved flirting with their life, only to save some annoying 10 minutes of their day. And yes, sometimes, finding women hanging out of the cars too. The way they caught themselves

It was all a hasstle everyday. But, Steyn loved it. He loved the everyday energy this city generated. Charging up your life, spicing your life. He just loved the 25000 Volt energy this city generated and within 6 months of his new job, he was completely absorbed in loving this as always. Life was worth spicy - fast in this beach city, but he wished the climate helped the people enjoy it too. This city was dead humid, sweating you out even when you don’t feel like starting a day like that.

Message tone beeps. ‘Good Morning Steyn! From Paris, with love :-p!’

From Paris, with love..no no the message wasn’t sent from Paris, nether was it sent by some Frenchmen. It was to remind Steyn what he and the sender missed before quitting their last job. An official visit to the romantic city of Paris for a month to support clients on the applications, which they both knew was coming their way, but they still quit. After all, they gave so much of effort to earn the position they both enjoyed in their last department. But, it was cheesy rather not smart at all of them to leave that opportunity, when they knew it wasn’t easy the next time with a new start..wasn‘t it!? Steyn retaliated with a naughty smile.

“Train arriving on platform No.2 is fast local for Churchgate. This train will not halt at ….”. The honey coated voice announced.

“Holycow! My cripes! I gotta wait for the next train. I just hope I’m not late for the 10 am meeting. I never wanna walk those steep skywalk steps in Santacruz at the heist of my breathe atleast this pleasant monday morning. “ -  Steyn said to himself.  This time he was standing on the other pole - side of the platform where he usually used to, only because he thought he would catch the 9.10, which was packed in and out.

He looked at his wrist again, realizing it was 20^th May. “Oh goodness! Its Sandra’s birthday! So stupid of me. How could I miss wishing her? She would queue, tray calling me at strike 12 on my birthdays!”  - his expressions turned embarrassing suddenly.

He took the phone out and called up Sandra. After wishing her up and apologizing for some 10 odd minutes, he realized that the fast train is gone and he could see the train he was looking ahead to catch arriving slowly to the station.

He hanged up and looked around. It was a normal busy day at the platform, and this train was an old rack. Not the latest racks with 9 bogies, unlike the 12 - bogie new racks that were introduced recently. So, he knew, his fight is going to be not that easy today.

He kept the phone in his right pocket of the trouser hurriedly and jumped towards the 1^st class compartment. It was a herd of people trying to catch anything whatever they could to make some space where even a rotten would hate to place itself. The raven - voices where all over shouting to make spaces..the time was short…. Steyn used his shoulders and pushed the herd inway to make same way for him to get into the train. The was then dragged in by a large chunk of crowd from behind. Today, 1^st class seemed to be more packed up than usual, or blame the old 9 - rack train they released at this peak hour. It didn’t make any sense.

The crowd behind him dragged him more to the already no comfort zone. Already, you actually don’t look for comfort, what you look for is some air to breathe in, and unlike the new rack, old racks didn’t have the best of ventilators. It was hollow dark inside. Steyn could all see were few eyes and struggling shoulders.

After 15 minutes of  troubled drag - and  - drop, It was Santacruz station finally. The compartment still looked more packed than everyday. The train slowed down and Steyn pushed himself out of the crowded queue which was looking to get down at the station. Steyn was on the platform. He could now breathe in some air. Sigh of relief could be seen on his and everybody’s face. 

He moved his hand into his right trouser - pocket to pull out his handkerchief. The old rack - train was still about to leave the station. Hold on! Where’s the phone? Steyn moved his hand again over the pocket.  He could feel his wallet but not the phone. It took him nothing of a time to realize that he was pinched. He hurriedly looked back and gave an eye into the compartment from where he got down. But, suddenly he stopped his nerves and calmed them down. He knew now it was all over and this wasn’t going to help.  He calmed his nerves and shrugged his head. A smile drew on his face which was the most sarcastic and lost mankind could ever imagine. He knew and it didn‘t take him much time to realize his phone was picked. Pair of or even more than a pair of eyes were watching him put that sleekly black device while boarding the train. Everything and everyone looked simple silly minding their business while he was boarding the train. Hmm.. He was right; everyone looked simple silly and few did mind their business well this morning.  He was pinched like many, the Mumbai way.

Konnichiwa to the Land of the Rising Sun!

In the last company I worked for, we had an office in Tokyo, the beautiful capital of Japan. I usually got chance to interact with the Project managers, colleagues sitting in the Japan office and must say they are so beautiful people to friend up with, always warm and welcoming. That's from where I learnt the word' Konnichiwa', meaning a Hello in Japanese from one of the colleagues-cum friend. That's Japan, intelligent, intellectual, cultural, and hospitable.

But after taking a much needed off this Thursday, I reach office on Friday (March'11'2011) and google the latest news to realize that Japan has been struck by a massive earthquake measuring 8.9 on Richter scale, with a Tsunami warning. I remember just few days back also I saw a similar news saying Japan was hit by ab earthquake of some 7 richter scale(if i'm not wrong). To be honest, I couldn't frame out how intense an earthquake of almost 9 richter scale can be. By the time, I'm out for a luncheon with colleagues at 13.00 hours IST,  I watch people, stewards, all glued on the news channels streaming videos showing how Tsunami has hit Northeastern  island of Japan.

Japan - the land of the Rising Sun. Japan or as the Japanese call it - Nihon, is one of the culturally rich and one of the most wealthiest and technologically advanced countries in the world.

People of Japan have lived so much to the fact that they belong to the LAND OF THE RISING SUN, that they actually get up and defeat any event that tries to knock them down. So, true, the Land of the Rising Sun, where people actually rise to the occasion whenever there is a need. 

Today, Japan is again challenged by nature and we are all pretty confident that together can and they will again rise to the occasion and show everyone what makes them been called the people from the Land of the Rising Sun. They will rise, and get up again! That's Japan! 

And, this time they are not alone, the world is all with them, because we know what Japan can deliver and are confident that it will beat the heat it is facing post the Friday's devastating 8.8 Richter-scaled earthquake, one of the largest, that unfortunately also triggered a massive tsunami. 

Japan's geographical location has many times  been frequented with earth-quakes, and this is because the Japanese island is located in an area where many continental and oceanic plates meet. And, the people of Japan live up to this fact. They have been prepared always to defeat this natural calamity everytime it strikes them. Back in school, I used to read about the ways the people of Japan build their houses and belongings to curb the quakes. Japan's preparedness to beat this natural calamity has been outstanding. It has been in the past and many times, have faced massive earthquakes, and they have all raised themselves  to the occasion and turned life to normalcy.

Not just the natural disasters, the fact remains and the world still salutes the spirit of Japan when they actually resisted the biggest man-made disaster in the worst war ever fought on the planet. World still salutes the spirit with which Japan overcame the aftermaths of Hiroshima Nagasaki nuke bombing and made the world realize their spirit  when at once everything was thought to be over for Japan. I can bet each and every nation and the beings that know about the Hiroshima Nagasaki disaster still salutes a hats-off to the people of Japan. This island country on the pacific ocean has built themselves up as the world's one of the most powerful economy and culture. 

There are news that this unprecedented natural disaster has moved Japanese land by 8 feet. We also have been hearing the news about the blast at one of the nuclear reactors, and the leakage from them, as few generators supporting the reactors have stopped working post tsunami waves. The nuclear radiation and contamination is now a big worry for the island nation post tsunami-quake, and the nation, along with the globe is already concerned. As of now, the people  and the government's strength and courage in fighting the aftermath is amazing .

I don't know if any Japanese may be reading this, but we, the world, know and are sure of the fact, that alike past, Japan will surely defeat this unprecedented natural disaster. And please do note you're not alone, We all stand with you. the people of Japan and We support and salute your spirit to defeat any calamity that strikes you. Just like you have done in the past, everyone on this planet is  all sure of the fact that Japan will again emerge and rise more prosperous and strong nation than before. I (just another mere human being on this planet) am sure many people from  every corner of this planet have good wishes for you in their prayers, because we believe you have proved and  you are the people from the land of the Rising SUN, and will RISE just like the beautiful sun rises AFTER dark! Globe's wishes are always with you!