Security Basics mailing list archives
Re: Private Cloud
From: jebber127 () gmail com
Date: Wed, 21 Dec 2011 20:38:25 GMT
Another aspect of security to consider, beyond your standard network and systems security, is access management and control for your users. Most breaches (not the publicized ones) caused by users who either don't control their credentials effectively or they use unauthorized apps without controls on that access. I'm not sure what you're running from the private cloud, but, if your customers are planning on running several cloud apps for their users from there, I'd look at access control and SSO companies. It's particularly important if you're mixing access for the same users to the private cloud and SaaS apps. One access point to internal and external apps for those users keeps them from writing down passwords that could be different for each app and it lightens the IT load fielding 'forgot my password' calls. Another key thing to consider is that since the end-users are accessing all the apps from one credential challenge you'd want to lock them down from accessing private and public cloud apps by just typing in a URL. You'd want to redirect them back to their log in entry point every time they try to do something direct. SAML is an authentication and authorization standard that some web apps are using, though, it doesn't have a large footprint with consumer SaaS apps. OAuth and OpenID are other areas you might want to look. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Private Cloud Thugzclub Thugzclub (Dec 19)
- Re: Private Cloud barat (Dec 21)
- Re: Private Cloud Sascha Siegel (Dec 22)
- <Possible follow-ups>
- Re: Private Cloud David Jackson (Dec 20)
- Re: Private Cloud jebber127 (Dec 21)