Larry Ellison does not like multi Tenacy

Enterprise Apps: Larry Ellison Deconstructs Fusion
http://www.crmbuyer.com/story/Larry-Ellison-Deconstructs-Fusion-70888.html

Here is the brief excerpt from the article:

Ellison also blasted Salesforce.com's approach to cloud computing, which is based on multitenancy. Multitenancy is a principle in software architecture where a single instance of software runs on a server but serves multiple client organizations.

"Multitenancy is a horrible idea," Ellison said. "What it means is, everyone's data is commingled, everyone's customer list is in a single database. That's a horrible security model. In the 21st century, the way we support multiple customers is called 'virtualization.'"

I believe that Larry Ellison certainly does not agree with NIST's definition of Cloud Computing. This is the main reason Oracle is behind in the cloud computing when compared with Google, Salsforce.com, Amazon and even Microsoft. 

Article: Wall Street Journal Recognizes Symplified for Cloud Security

Wall Street Journal Recognizes Symplified for Cloud Security
http://www.prweb.com/releases/2010/10/prweb4587944.htm

Here is the brief summary and reason why Symplified  was recognized: 


Symplified was recognized for its ability to provide access management security, Single Sign-On (SSO) and usage auditing for cloud applications. The company has developed unique technology that extends identity management and security controls from existing enterprise IT systems on private clouds to public cloud and SaaS applications.

Five cloud security trends experts see for 2011

Five cloud security trends experts see for 2011NetworkWorld.comWhat do CSOs and other IT security experts expect to be ..

Here is the brief summary:


1. Smart phone data slinging
2. Need for better access control and identity management
3. Ongoing compliance concerns
4:Risk of multiple cloud tenants.
5. Emergence of cloud standards and certifications.


. Read more

CSA Updates Cloud Security Framework

DECEMBER 20, 2010 
BY NETWORK COMPUTINGHTTP://WWW.NETWORKCOMPUTING.COM/DATA-PROTECTION/CSA-UPDATES-CLOUD-SECURITY-FRAMEWORK.PHP :FEATURED ARTICLES ON CLOUD SECURITY

The question isn't will cloud computing become the future of IT, but when. According to MarketsandMarkets (M&M), the global cloud computing market will reach $121.1 billion by 2015 ("Global cloud computing market: global forecast, 2010-2015"). Although it represents just a portion of the overall IT cloud market, public cloud providers' revenues will reach $45 billion by 2013, according to IDC. This represents a compound annual growth rate of 26 percent, more than six times the forecast growth rate for traditional IT spending. ButIDC also says that businesses are more concerned about the risks involved, including security, availability and performance, than the benefits of flexibility, scalability and lower costs.

That's where the Cloud Security Alliance, a not-for-profit organization addressing best practices for providing security assurance within cloud computing, comes in. Created last year by a coalition of industry practitioners, corporations, associations and other stakeholders, CSAhas announced version 1.1 of its Cloud Controls Matrix (CCM) Security Controls Matrix, part of the CSA GRC (governance, risk management and compliance) Stack.

Designed to provide a security framework for cloud vendors and customers, version 1.0 of the CCM--a catalog of cloud security controls aligned with key information security regulations, standards and frameworks--was introduced in April 2010. One of the key objectives was to bridge this hodgepodge of national (i.e., NIST), international (i.e., ISO 27001/27002) and industry (i.e., PCI) security regulations, standards and frameworks. Version 1.1 updates the first release to accommodate recent changes in many of the frameworks' elements.

Marlin Pohlman, one of the CCM co-chairs and chief governance officer at EMC, says that there were a number of changes that came out between versions 1.0 and 1.1, including HIPPA (Health Insurance Portability and Accountability Act) and PCI (Payment Card Industry) support. "We did remapping, so that's why its an incremental as opposed to version release." He says CCM should help companies better position themselves if they are in the cloud services space.

Cloud security is a massive undertaking, but Pohlman says there has been significant advancement since CSA was formed less than two years ago. A number of standards groups, industry associations and governments--especially in the United States, United Kingdom, Japan and Europe--have been adopting various elements, and CCM is being seen as seminal work around cloud standards for ISO. CSA has a unique change control philosophy that will be reflected in version 2.0, which Pohlman is responsible for steering. It will redefine the controls of the supply chain, on the multitenancy, multitier business model and on multijurisdictional aspects. "In 2.0 we have refocused on the tenant as the primary owner of risk," says Pohlman said. Existing controls to address those specific pain points will be revised in the next version.

Open Source Identity Management Software

The following table lists a list of representative Open Source Identity Management Products, some of those products work in the cloud environment. Readers are encouraged to do more research to see which product fit their cloud identity needs.

Open Source IAM Project	Description
WBSAgnitio	WBSAgnitio provides network services, directory services, certificate services and identity management. WBSAgnitio integrates all multiple features and components in a single physical or virtual box and comes with a browser based web interface for administrative purposes. It also has web services (based on RESTful) for easy integration of an application for remote management.
OpenAM, OpenDJ, OpenIDM	OpenAM is ForgeRock’s solution to host and continue development of Sun Microsystems' OpenSSO product since Oracle taken over of Sun. OpenDJ is ForgeRock’s solution to host and continue development of Sun Microsystems' OpenDS product since Oracle taken over of Sun. OpenIDM is created from scratch and borrowed a lot of ideas from Sun IDM and support Sun IDM features and functionalities and is based on OpenESB.
WSO2 Identity Server	WSO2 Identity Server is an open source identity & entitlement management server and has the following features: ·          Entitlement engine with XACML 2.0 support. ·          Claim based security token service. ·          Information Cards provider supporting managed Information Cards backed by user name / password and self-issued cards. ·          Information Cards support for SAML 1.1/2.0. ·          OpenID provider. ·          Multi-factor authentication with Information Cards ·          Extension points for SAML assertion handling. WSO2 offers Identity as Service and other cloud service via its WSO2 Stratos brand.
OpenIAM	OpenIAM provides three open source IAM products: ·          Identity Manager for user life cycle management, ·          Access Manager for multifactor authentication, coarse and fine grained authorization, XACML 2 support, Single Sign On, Identity Federation, and Integration with development frameworks such as Spring Security. ·         Entitlement Server for RBAC and ABAC using XACML.
SourceID	SourceID is an open source multi-protocol project for enabling identity federation and cross-boundary security and enables cross-boundary single sign-on, dynamic user provisioning and identity attribute sharing.
Shibboleth	Shibboleth is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. Key concepts within Shibboleth include: Federated Administration, Access Control Based On Attributes, Active Management of Privacy and used OpenSAML.
OpenSAML	OpenSAML is a set of open source Java and C++ libraries that are fully consistent with the SAML 1.0 and 1.1 CR specifications.
Jasig Yale CAS	The Central Authentication Server (CAS) is an single sign-on  authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS became a Jasig project in December 2004.
OpenSPML	The toolkit offers an easy-to-use interface for configuring, issuing and interpreting standards-compliant provisioning requests across diverse identity infrastructures.
OpenPrivacy	A reference implementation of the Reputation Management Framework (RMF). OpenPrivacy's core project is designed to ease the process of creating community with reputation enhanced pseudonymous entities. The RMF is primarily a set of four interfaces: Nym Manager, Communications Manager, Storage Manager and Reputation Calculation Engine (RCE).
NMI-EDIT Consortium	The primary goal of the NMI-EDIT Consortium, part of the NSF Middleware Initiative (NMI), is to improve the productivity of the research and education community through development, testing, and dissemination of architectures, software, and practices in the areas of identity and access management. The NMI-EDIT’s efforts comprise a coordinated set of core middleware tools in the areas of identity and access management architectures, standards for deployments, related directory schemas, and tools. Current major projects include the collaboration management platform, groups management toolkit, and the Shibboleth single sign-on and federating software.
Spring Security	Spring Security provides your applications with comprehensive authentication, authorization, instance-based access control, channel security and human user detection capabilities. Spring Security offers support for SAML, Kerberos, and oAuth.
JOSSO	JOSSO, or Java Open Single Sign-On, is an open source J2EE-based SSO infrastructure aimed to provide a solution for centralized platform neutral user authentication. JOSSO supports SAML and can be integrated with Spring Security for fine grained access control.
JPAM	JPAM is a Java-PAM bridge. PAM, or Pluggable Authentication Modules, is a standard security architecture used on Unix, Linux and Mac OS X systems. JPAM permits the use of PAM authentication facilities by Java applications running on those platforms.
Open Web SSO	The Open Web SSO project provides core identity services to facilitate the implementation of transparent single sign on as an infrastructure security component. The goal of Open Web SSO project is to provide an extensible implementation of identity services infrastructure that will facilitate single sign on for web applications hosted on web and application servers. This project is based on the code base of Sun Java(tm) System Access Manager product.
Higgins	This project is developing an extensible, platform-independent, identity protocol-independent, software framework to support existing and new applications that give users more convenience, privacy and control over their identity information. In addition Higgins aims on providing a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries. It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles.
OpenID4J	A library that allows you to OpenID-enable your Java web application.
Fortress	Based on OpenLDAP, Fortress is a suite of IAM products for authentication, authorization and auditing. The following is the list of the product. Fortress – (Core) Free download Commander – (Fortress Admin GUI) Sentry – (OpenLDAP Admin GUI) En Masse – (Policy Server) Perimeter  – (SSO Server) Patroller  – (Audit Viewer)
OpenRegistry	The project was initiated by Rutgers University in Mar 2008, late became a Jasig Incubator project in Jan 2009, and in late 2009, SFU joined the project. The project has solid data model and its major focus is on User Provisioning and De-Provisioning workflow.

Secure Multi-Tenancy for Cloud Architecture with NetApp, Cisco, and VMware

The following text is from cloud.com

A Secure, Enterprise Cloud Architecture
NetApp, Cisco, and VMware have partnered to create a unique enterprise cloud architecture that includes all server, storage, and networking hardware and software to facilitate sharing, reuse, and dynamic resource allocation. Our architecture takes the risk out of transitioning to a cloud infrastructure while delivering the advanced capabilities you need to succeed.

Key features include an efficient, always-on infrastructure with elastic scalability; integrated data protection; advanced automation; and the ability to transparently migrate both applications and data across the infrastructure. We've brought together years of combined experience to create a multi-tenant environment in which separate applications or customers can share the same server, storage, and networking infrastructure with complete isolation so sensitive information is never compromised.

The individual technologies are — by themselves — the best the industry has to offer. Together, these technologies offer unique synergies that greatly simplify the deployment and management of IT infrastructure and applications with:

• Unmatched end-to-end security and isolation in virtualized environments
• Simplified, unified architecture
• Lower cost
• Greater business agility
• Less risk

More details, please see: 

http://www.netapp.com/us/technology/secure-multi-tenancy.html

$13B Gov’t Cyber Security Spending by 2015

According to Input: Federal Information Security Market, 2010-2015 illustrates that demand for vendor-furnished information security products and services by the U.S. federal government will increase from $8.6 billion in 2010 to $13.3 billion in 2015 at a compound annual growth rate (CAGR) of 9.1%.