Canadian Federal Government Cloud

Canadian Federal Government Cloud

1,084 members
  • Join

    When you join a group, other members will be able to see your profile and message you. The group logo will be visible on your profile unless you change that setting.

  • Information and settings

Have something to say? Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.

Neil M.

Neil

For our Drummond Report on Cloud, we will focus on a very cool use case scenario of 'Enterprise Social Search' - Google-like search across social media and private Clouds.

  • Flag as Inappropriate
  • Comment (4)
  • February 23, 2012
  • Close viewer

Comments

  • Corey W.

    Corey

    Corey W.

    Systems Engineer at High Touch Technologies

    A main concern that is alleviated by a private/public IaaS integration hybrid architecture is the ability that companies and governments have to keep classified or sensitive data on premise in the private cloud while benefiting for the vast cost, social, ect benefits of the public cloud. If a SaaS application can allow users to connect into the private clouds then some may see that has a potential security threat. How has that been considered in this new "Enterprise Social Search - as a Service". I think it is great but I know my clients mainly stumble on security related issues, Real or Imagined.

  • Neil M.

    Neil

    Neil M.

    Founder of the Cloud Best Practices Network

    Hey Corey - For sure, and I'd say there's two main points to the answer to the whole "Cloud Security Issue"

    * Start becoming clear on what Real or Imagined actually refers to, so you can distinguish between them, and begin to make use of public Cloud where safe to do so.

    There is considerable FUD about what is and isn't secure/legal with regards to public Cloud, which quite simpy can be assigned to the Imagined pile and so shouldn't be the basis for technical decisions.

    However it is and that's the maturity process we're doing through. It encompasses key points like Canadian public sector hosting in USA for example, which has a default and absolute 'No', when really it should be 'for the right data under the right circumstances'.

    And organizations like public sector IT should ultimately become able and smart enough to source the right infrastructure for the right price, from both Cloud and in-house, based on these algorithms and automated procurement.

    * In the immediate while this is taking shape, there is still opportunity to keep it private, making the security decision entirely easy, but still harness and advance Cloud type concepts. Most notably the 'Hybrid SaaS' model - See :

    http://cloudbestpractices.net/2012/02/24/hybrid-saas-key-to-drummond-consolidation/

    This would enable agencies to begin enjoying the primary benefits of faster provisioning times, SaaS pricing and delivery etc., but still while hiding behind the sofa... :-)

  • Andrea K.

    Andrea

    Andrea K.

    Kaspersky Technical Architect at Softchoice

    Hi Corey, I absolutely understand your security concerns. But regardless if a SaaS is used to connect to a private, public or hybrid cloud, there is need to ensure that not just the backing data is protected from malicious users, but also that the application is protected from tampering. There are a few simple(r) things you can do immediately to protect these environments. First, put a web application firewall (WAF) protecting the application. This will act as a gate to ensure that only the right users gain access to the back end data, regardless of where it is hosted. If you are using the SaaS application to give access to a set of data that is of particular interest to other groups, I would layer on some kind of DDoS (cloud DDoS is an easy way to do this) because if the WAF doesn't kill the attempt, and the user decides to brute force it with a DDoS attack (think Hactivism), the DDoS service should kill the spamming ports and shut it down, protecting your infrastructure.

    There are other ways that you could use to secure the environments, but these 2 methods are amazing ways to start because they are highly flexible, and very effective at controlling malicious traffic.

  • Corey W.

    Corey

    Corey W.

    Systems Engineer at High Touch Technologies

    Neil and Andrea,

    Thanks for your thoughtful responses. Sorry for not responding earlier I have been on business for a bit, still am actually. I am glad to see that we all are concerned with security but dedicated to move it passed the obstacle phase. I plan to bring a security person or contractor into my company to help advise me on this issue further. Very nice responses, never really thought of either direction, Thanks. Corey W.

Your group posting status

Your posts across groups are being moderated temporarily because one of your recent contributions was marked as spam or flagged for not being relevant. Learn more.

Feedback