New ITU standards on cloud computing security

By  September 17, 2013


ITU members have agreed to new international standards outlining security considerations essential to cloud computing.

Recommendation ITU-T X.1600 “Security framework for cloud computing”, having reached first-stage approval and now undergoing a final review, describes security threats in the cloud computing environment and, through a framework methodology, matches threats with the security capabilities advised to be specified in mitigating them.

ITU-T X.1600 will act as a ‘handbook’ guiding the future standardization of identified threat-mitigation techniques; in addition providing an implementation reference for systems-level cloud security.

Recommendation ITU-T X.1255 “Framework for the discovery of identity management information”, approved and soon to be freely available on ITU’s website, details an open architecture framework in which identity management (IdM) information – identifying ‘digital objects’ and enabling information sharing among entities including subscribers, users, networks, network elements, software applications, services and devices – can be discovered, accessed and represented by heterogenous IdM systems representing IdM information in different ways, supported by a variety of trust frameworks and employing different metadata schemes.

ITU-T X.1255 lays out a framework that enables discovery of identity-related information and its provenance; identity-related information attributes, including but not limited to visual logos and human-readable site names; and attributes and functionality of applications. The framework, in addition, describes a data model and protocol to enable meta-level interoperability in the management of this information across heterogeneous IdM environments.

The Recommendation is a first step towards the Digital Object Architecture (DOA) advocated by the Corporation for National Research Initiatives (CNRI), which is intended to achieve the “universal information access” possible with uniquely identifiable digital objects structured so as to ensure their machine and platform independence.

The new Recommendations were agreed at a meeting of ITU-T Study Group 17 (Security) in Geneva.

Read more ›

Posted in Cloud Computing, Frameworks, ICT

cloud computing

Published: 21 Dec 2010


Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). The name cloud computing was inspired by the cloud symbol that’s often used to represent the Internet inflowcharts and diagrams.

A cloud service has three distinct characteristics that differentiate it from traditional hosting. It is sold on demand, typically by the minute or the hour; it is elastic — a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider (the consumer needs nothing but a personal computer and Internet access). Significant innovations in virtualization and distributed computing, as well as improved access to high-speed Internet and a weak economy, have accelerated interest in cloud computing.

Read more ›

Posted in Cloud Computing, ICT

The Dangers of Cloud Computing

– Ephraim Schwartz, InfoWorld
July 07, 2008

The idea of cloud computing—designed around an architecture whose natural state is a shared pool outside the enterprise—has gained momentum in recent months as a way to reduce cost and improve IT flexibility. But the use of cloud computing also carries with it security risks, including perils related to compliance, availability, and data integrity.

Yet many companies don’t think through those risks upfront. For example, having proper failover technology in place is a component of securing the cloud that is often overlooked, notes Josh Greenbaum, principal at Enterprise Applications Consulting. Yet these same companies make sure they have failover for established services, like electricity. “If you look around, go to any major facility, what is sitting in a box outside is an alternative power supply. They don’t rely on just the grid,” says Greenbaum. He argues that cloud computing should be no different.

In some cases, the risk is too great to rely on the cloud. And where the decision is made to put some services and applications in the cloud, the business must ask how that risk should be managed.

Read more ›

Posted in Cloud Computing, ICT

Gartner: Seven Cloud-Computing Security Risks


– Jon Brodkin, Network World

July 03, 2008 

Cloud computing is fraught with security risks, according to analyst firm Gartner. Smart customers will ask tough questions, and consider getting a security assessment from a neutral third party before committing to a cloud vendor, Gartner says in a June report titled “Assessing the Security Risks of Cloud Computing.”

Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance and auditing,” Gartner says. (Compare security products.)

Amazon’s EC2 service and Google’s Google App Engine are examples of cloud computing, which Gartner defines as a type of computing in which “massively scalable IT-enabled capabilities are delivered ‘as a service’ to external customers using Internet technologies.”

Customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs. Ask questions related to the qualifications of policy makers, architects, coders and operators; risk-control processes and technical mechanisms; and the level of testing that’s been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.

Here are seven of the specific security issues Gartner says customers should raise with vendors before selecting a cloud vendor.    Read more ›

Posted in Cloud Computing, ICT

Why I’m ready to ditch my dedicated server and move to the cloud

SOURCE: Servers are big boxes of stuff just waiting to break. Over the weekend I got to play network administrator, and the experience has convinced me it’s time to get rid of my dedicated server and move everything to hosted services.

By  for The Ed Bott Report | May 13, 2013 — 14:48 GMT (15:48 BST)
Why would anyone run their own server if they didn’t have to?

Servers are big boxes of stuff just waiting to break and make their administrators’ lives miserable. If I can pay a fair price to have someone else set up, maintain, secure, and support an online service for me that eliminates the need for me to own my own hardware and manage my own server software, I will take that offer every time.

Consumers figured that out long ago, which is why the big three of free web-based mail services, Hotmail and Gmail and Yahoo, collectively have more than a billion mailboxes in use. Many of those mailboxes are provided through ISPs, who were happy to get out of the POP and SMTP business.

Read more ›

Posted in Cloud Computing, ICT

Cloud Computing : What You Need to Know? – Part 1 (The basic about Cloud Computing)

September 12, 2013

Started from this week onward, I will write more on Cloud Computing information, I will post more on the Cloud Computing concept and especially for those who interested to take Comptia Cloud Essentials Examination:

Cloud Computing is an internet- based computing solution that delivers IT as a service.

Hardware and software share resources and configured to work together providing applications their collective computing power, with the illusion of running on a single system.

Imagine massive bunch of computers linked through high-speed networks where large numbers of discrete organizations can store their applications and data on a pay-as-you-go model.


There are 3 types of Cloud Computing :

– Public Cloud : based on the standard cloud computing model, in which resources, such as infrastructure including servers, storage and even applications are made available to the general public over the Internet, by a cloud service provider.

Examples of public clouds are, Amazon Elastic Compute Cloud (EC2), IBM’s Blue Cloud, Google AppEngine and Windows Azure Services.

Read more ›

Posted in Cloud Computing, ICT

Juniper throws its hat into the open-source SDN ring

Summary: Juniper announced the commercial availability of its Juniper Contrail SDN and its open-source counterpart. Project Daylight, its open-source SDN rival, would love to integrate it.

By  for Networking | September 19, 2013 — 20:49 GMT (21:49 BST)

Software Defined Network (SDN) will revolutionize datacenter and cloud networking — if everyone can agree on how to deploy it. Alcatel-Lucent has Nuage; Cisco and a host of other companies have the open-source Project Daylight, amd now Juniper has its own take: Contrail and its open-source brother OpenContrail.

Contrail, and its open-source counterpart consist of two main components: the Contrail Controller and the Contrail vRouter.

The Contrail Controller is a logically centralized but physically distributed SDN controller that’s in charge of managing, controlling, and running analytics on the virtualized network. This exposes a set of Representational State Transfer (RESTful) application programming interfaces (APIs) to cloud orchestration tools, such as Juju, Chef, and Puppet,  and other applications. At present, the Contrail controller works with OpenStack, CloudStack, and IBM’s SmartCloud Orchestrator.

The Contrail vRouter is a forwarding plane of a distributed router that runs in the Xen or KVM hypervisor of a virtualized Linux server. It extends the network from the physical routers and switches in a datacenter into a virtual overlay network hosted in the virtualized servers. The controller talks with other vRouters by using Extensible Messaging and Presence Protocol (XMPP). They then build tunnels between virtual machine, which run over the physical network.

Read more ›

Posted in ICT, SDN
%d bloggers like this: