Security Basics mailing list archives

Re: Private Cloud

From: jebber127 () gmail com
Date: Wed, 21 Dec 2011 20:38:25 GMT

Another aspect of security to consider, beyond your standard network and systems security, is access management and 
control for your users. Most breaches (not the publicized ones) caused by users who either don't control their 
credentials effectively or they use unauthorized apps without controls on that access.

I'm not sure what you're running from the private cloud, but, if your customers are planning on running several cloud 
apps for their users from there, I'd look at access control and SSO companies. 

It's particularly important if you're mixing access for the same users to the private cloud and SaaS apps. One access 
point to internal and external apps for those users keeps them from writing down passwords that could be different for 
each app and it lightens the IT load fielding 'forgot my password' calls.

Another key thing to consider is that since the end-users are accessing all the apps from one credential challenge 
you'd want to lock them down from accessing private and public cloud apps by just typing in a URL. You'd want to 
redirect them back to their log in entry point every time they try to do something direct.

SAML is an authentication and authorization standard that some web apps are using, though, it doesn't have a large 
footprint with consumer SaaS apps.

OAuth and OpenID are other areas you might want to look.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Private Cloud Thugzclub Thugzclub (Dec 19)
- Re: Private Cloud barat (Dec 21)
- Re: Private Cloud Sascha Siegel (Dec 22)
- <Possible follow-ups>
- Re: Private Cloud David Jackson (Dec 20)
- Re: Private Cloud jebber127 (Dec 21)