• Cloud Security – What Should We Be Focused On?

    30Oct
    Author: trent Categories: Security Comments: 0

    Happy Friday, and Happy Halloween!  If you’re looking for some thought provoking reading, my good friend Gunnar Peterson presented what is truly a masterpiece about information security in a cloud environment at the mnemonic RISK Conference in Oslo, Norway this week.   I wouldn’t do it justice to attempt to summarize it fully here, but he makes a number of excellent, anti-information security-establishment points about how we as a discipline really need to buck up and deal with the difficult problems in information security, rather than continue to do the same old thing that we’ve been doing, for, well, 5078 days.

    This is excellent brain food – I encourage you take the time to read and digest it.  Nice work, Gunnar!  Check it out:  Thinking Person’s Guide to the Cloud.

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags:

  • Encrypted Storage in the Cloud

    21Apr
    Author: ned Categories: Infrastructure, Security Comments: 3

    854998249_6686eb8991_m The smart folks over at Amazon Web Services just published a new white paper titled Creating HIPAA-Compliant Medical Data Applications. I’m a strong believer that it is possible to deploy Internet applications as securely “in the cloud” as in a private data center somewhere, and vendor documentation like this goes a long way toward helping others grasp this reality.

    One weakness is that the white paper barely mentions encrypting data at rest.  Here’s their accurate but incredibly concise statement:

    HIPAA’s Privacy Rule regulations include standards regarding the encryption of all PHI in
    

    transmission (“in-flight”) and in storage (“at-rest”). The same data encryption mechanisms
    

    used in a traditional computing environment, such as a local server or a managed hosting
    

    server, can also be used in a virtual computing environment, such as Amazon EC2 and
    

    Amazon S3.

    Their blog post mentions some software libraries and commercial tools for achieving encryption at rest, but generally leaves any implementation for you to figure out. There are encryption recommendations for software developers and end users, but not for system administrators (aren’t we their key demographic?). Never fear – encrypting your data at risk is easy with Linux! There are many ways to achieve encryption of data when it is stored on disk, but whole-volume encryption is often appealing because it can be implemented completely transparently to the application.

    One of the best tools for securing your data “at-rest” while it is stored on Amazon’s Elastic Block Store (EBS) is dm-crypt. It’s already built into most modern Linux kernels, and gives you extra confidence that noone else could read your EBS volumes. Anyone who’s thinking of deploying any app that stores sensitive information (in “the cloud” or in your data center) should consider implementing dm-crypt on their Linux servers. Below are instructions for creating and using an EBS volume which is protected by dm-crypt encryption…

    Read more »

    Tags: , , ,

  • Benchmarking Drupal on Amazon EC2

    15Mar
    Author: ned Categories: Infrastructure Comments: 2

    drupal_icon1One of the questions we often help clients answer is: which EC2 instance size provides the best performance-per-cost for a given application? I recently did some load testing with a few different sample web configurations, including a “stock” Drupal installation… here are the results:

    Read more »

    Tags: , ,

  • Head in the Clouds at BLUG

    04Mar
    Author: ned Categories: Infrastructure Comments: 0

    I’m really looking forward to speaking at next week’s Boulder Linux User’s Group meeting, where I’ll try to cut through some of the marketing hype and provide real-world examples of ways to use “the cloud” in a real production IT department. If you’re a Linux sysadmin in the Boulder area and haven’t yet made it to a BLUG meeting, next Thursday night is a great time to come check it out!

    Here’s the meeting information:

    Our monthly meetings are at 7:00 PM on the second Thursday of each
month at the offices of Aztek Networks., 2477 55th St, Suite 202,
Boulder, CO. A typical meeting consists of an hour-long talk followed
by a raffle for books, and then a question-and-answer period.

    And a little blurb about the talk:

    Cloud Computing for the rest of us: IT Infrastructure on the
Shoulders of Giants

Cloud computing is the new "web 2.0" - everyone's got one.  We'll
focus on Linux-specific infrastructure offerings "in the cloud" and
how you can use them in production today.  By taking advantage of
on-demand, pay-as-you-go Linux servers and related services, you can
save money today while simultaneously increasing performance and
availability.  We will get hands-on during the meeting with Linux
cloud solutions from Amazon and RackSpace.  We'll also take a step
back and look at architectures for scaling Linux services "in the
cloud".

    Hope to see you there!

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags: , , ,

Subscribe:

Popular Posts