Recent Contributions

Keywords:Cloud, Saas, PaaS, IaaS
Authors: Tim Crawford, Stanford University.
Abstract:
Cloud Computing means different things to different people. As an industry, we need a clear way to define the term, identify opportunities and solve real business problems. I have developed a framework that clearly defines Cloud Computing and the business problems that it will solve. As the core areas develop, niche market opportunities will open further opportunities for both providers, and customers alike. In this session, we will cover the framework, definition and future opportunities.

Keywords:Testing, Performance, Development, Web
Authors: Patrick Lightbody, BrowserMob LLC
Abstract:
The tidal wave of cloud computing is revolutionizing everyone from tiny startups to mature corporations. As these companies look towards services like Amazon EC2 to scale their business, many have overlooked the radical change that cloud computing will soon bring to the software development and testing feedback cycle.

Manual and automated testing have both relied on the traditional concept that in order to test software, it must first be set up and installed on a "test server". As tests are executed the underlying application state evolves, requiring either that the server be refreshed before the next round of testing, or that the test (human or automated script) learn to adapt to the changing state.

With cloud computing, it is now possible to clone hundreds or thousands of these "test servers", allowing testing to work in parallel. What was a 12 hour automated test run can now run in minutes, allowing developers and product managers to tighten the time between an initial concept and a QA-endorsed finish line.

This talk shows how Amazon EC2 can be used to provide parallel testing environments on both the server and the client, as well as how other services, such as Amazon Mechanical Turk, can even facilitate manual testing. We'll also take a look at some companies that are already enabling this revolution and what else we can expect in the future.

Keywords:Data Management, Virtualization, Backup Recovery
Authors: Manfred Buchmann, NetApp
Abstract:
Storage Learnings on the Example of two real Projects :
a) Software as Service Cloud Infrastructure
Building up Enterprise Software as Service Cloud from Scratch. How to integrate latest Storage Virtualization Technologies. Automation of the End to End Architecture from Provisioning up to Backup Recovery. Self service Paradigms require Organizational Changes and different Thinking.

b) Technical Test Labs running as a Cloud
Introduce Cloud and Self Service Management to Customer Proof of Concept and QA Lab.
Running 1000 Physical Servers with and without Virtualization. Tenant ready automated provisioning of different Virtual or Physical Configurations everyday, including the Server and Storage Networks.

Keywords: Security, Trust, Cloud Computing
Authors: Dennis R. Moreau, Ph.D., CTO and Founder of Configuresoft, Inc.
Abstract:
While cloud computing promises major agility, hosting and implementation advantages for an innovative class of applications and services, it also introduces some new complexities in the areas of validating security posture, assessing regulatory/statutory compliance, establishing coherent trust levels across the service stack and modeling risk across more coupled assets and service composition.

Cloud infrastructures leverage IT infrastructure that leverage the asset isolation, resource leveraging and provisioning dynamics of virtualization technology. Isolation limits the visibility of security configuration across layers of complex technology, each with emerging vulnerabilities and consequent control and remediation requirements. Intimate resource sharing creates a degree of coupling of both security posture and operational behavior of co-hosted assets. The flexible nature of workloads distribution over dynamically provisioned assets, places new demands on both configuration visibility and security policy orchestration.

Evolving regulatory controls for effective service isolation and inconsistent international privacy control requirements elevate the need for better situation awareness and more flexible provisioning control, than in traditional computing environments. Multi-tenancy and application composition, elevate the need for better infrastructure health, security posture and compliance visibility across cooperating participants.

Each of the issues described above complicate efforts comprehensively understand risk, support effective governance decisions and implement appropriate control objectives.

This session will establish the technical basis for these concerns and the informational /methodological basis for effectively addressing them in the cloud.

Bio Sketch:
As a Founder and the Chief Technology Officer for Configuresoft, Dennis Moreau is specialist in the application of leading edge technologies to the solution of complex problems in the Information Technology management domain. His primary focus is in developing enterprise scale solutions to improve IT efficiency and effectiveness for systems management, security compliance and configuration optimization. He works actively with the National Institute of Standards and Technology (NIST) and Mitre on the development of security configuration policy compliance standards.

Dennis has over than 20 years of experience in evaluating, designing and managing complex software systems. Prior to founding Configuresoft, he was the Associate Vice President and Chief Technology Officer for Baylor College of Medicine (BCM). He holds a doctorate in Computer Science and speaks regularly at IT management and security conferences.

Recent Speaking Engagements:

· “Emerging Security Issues in Cloud, Grid and Virtualization Environments”, Office of Naval Research, Richmond, VA, January 16, 2009.
· “Endpoint Virtualization and Enterprise Security”, BrightTalk Desktop Virtualization Summit Webcast, December 10, 2008.
· “Virtualization Security Solutions”, Computer Security Institute CSI 2008: Virtualization Security Summit , November 15-21, 2008, National Harbor, MD.
https://www.cmpevents.com/CSI35/a.asp?option=C&V=11&SessID=7524
· “Virtualization for Improved Security”, Computer Security Institute CSI 2008: Virtualization Security Summit , November 15-21, 2008, National Harbor, MD.
https://www.cmpevents.com/CSI35/a.asp?option=C&V=11&SessID=7524
· Expert Panel with Brad Smith: “The Fate of the secure Operating System”, Computer Security Institute CSI 2008, November 15-21, 2008, National Harbor, MD.
https://www.cmpevents.com/CSI35/a.asp?option=C&V=11&SessID=7542
· “Security Across the Virtualization Stack” Configuresoft Webinar, November 6, 2008.
· “Virtualization and Enterprise Security”, Network and Systems Professionals Association (NASPA) Webcast, November 4, 2008.
http://naspa.brighttalk.com/node/569
· “Virtualization Security”, Cyber Information Security Conference – CISCON 2008, October 21-24 2008, Helena, MT.
http://www.cyberinfosec.com/
· “Virtualization Security Enabler or Threat” Computer Security Institute Webinar Series: Seven Emerging Technologies for Highly Secure Organizations with Sara Peters, October 16, 2008.
http://online.cmptechresource.com/cgi-bin4/DM/y/eBMUu0OfvNN0XxM0GuEj0Ed
· Panel: Achieving Regulatory Compliance in Virtualized Environments, VMworld 2008, September 15-18, 2008, Las Vegas, NV.
http://www.vmworld.com/conferences/2008/
· “Virtualization: Resource Coupling and Security across the Stack”, 2008 CERIAS Security Seminar, September 10, 2008, Purdue University, West Lafayette, IN.
http://www.cerias.purdue.edu/news_and_events/events/security_seminar/
· “Security Information Standards: Current Status and Future Directions”, ISACA Security Conference 2008, September 9, 2008, Las Vegas, NV.
http://www.isaca.org/Template.cfm?Section=Home&Template=/ContentManageme...
Expert Panel: “Securing Virtual Environments”, SANS Virtual Security Summit 2008, August 7, 2008, Washington, DC
· “XEN and the Art of Virtualization Security Policy Compliance”, Linux World 2008, August 4-7 2008, San Francisco, CA
http://www.linuxworldexpo.com/live/12/
· “Virtualization and Security”, Computer Security Institute – Security Exchange, Las Vegas, April 27-May 2, 2008.
· “Security Information Standards: Current Status and Future Directions” ISACA’s 38th Annual North America Computer Audit, Control and Security Conference, 27 April-1 May 2008, Las Vegas, Nevada, April 27-May 2, 2008.
· “Virtualization and Security”, University of Wisconsin – Madison E-Business Consortium: Virtual Server Threats and Countermeasures, Madison, WI, April 23, 2008.
· “Securing Virtualization: CIS Consensus Benchmark”, with Chris Farrow and Dave Shackleford, RSA 2008, San Francisco, April 4-7, 2008.
· Panelist: “Securely Virtual or Virtually Secure?”, IX CERIAS 2008 Information Security Symposium, March 18, 2008, Purdue University, West Lafayette, IN.
· “Virtualization and Enterprise Security” Computer Security Institute Interview with Robert Richardson, Executive Director, Computer Security Institute.
· “Virtualization and Security Configuration Policy Compliance”, Core Competencies for Compliance and Data Protection, ISACA e-symposium , November 27, 2007.
· “Virtualization and Security”, CSI 2007, Computer Security Institute, Washington DC, November 5-8, 2007.
· “Virtualization and Security: Security Configuration Policy Compliance”, 2nd Annual IT Security Conference for the Oil & Natural Gas Industry”, American Petroleum Institute, Houston, Texas, November 6-7, 2007.
· “System Configuration Management: Security and Auditing Challenges”, MISTI 27th Annual Conference on IT Audit and Controls, Washington, DC, October 22, 2007
· “Virtualization and Enterprise Security”, VMworld 2007, San Francisco, CA, September 11-13, 2007.
· “Virtualization and Security Configuration policy Compliance”, ISACA North America CACS, Grapevine, Texas, April 22-26, 2007.
· “Security Configuration Compliance and Emerging Information Standards”, ISACA North America CACS, Grapevine, Texas, April 22-26, 2007.