by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2015
30 GCN JUNE 2015 • GCN.COM how to CLOUD SECURITY The Internet has a fundamental problem with security that’s part of its very DNA. And if things stay as they are, that problem — and Internet security — can only get worse. The Cloud Security Alliance (CSA) and its industry partners intend to change that. If things go as planned, within two years the partners will produce the first “black cloud” — an open-source, software-defined perimeter (SDP) that will stop distributed denial-of-service attacks and enable highly secure cloud- based applications. “We think this is a pretty big idea,” said Jim Reavis, CSA’s co-founder and CEO. “We’ve already defined a very specific framework for how you could implement this so that organizations can build the software themselves. And several government agencies are now doing that.” The current project, which CSA is de- veloping with digital risk management company Waverley Labs, will develop open-source code for one specific use case. Reavis said the goal is to create standards and start seeding the market with open-source software that infor- mation security and network providers would then embed in their solutions. “We’ve been working for a while with the [CSA] SDP Working Group and have already had several proprietary versions that have gone into different security control layers,” said Juanita Koilpillai, CEO of Waverley Labs. “So we thought why not make this an open- source project, which we’ll develop versions for multiple layers over time, the first being single packet authentica- tion that will allow [network] devices to deny all connections from anything other than the application they want to talk to.” ELIMINATING THE NEED FOR HYBRID CLOUDS Beyond applications, the goal is to only allow connections to devices that have been authorized to talk with the networks, which provides the ability to hide the organization’s resources from all eyes except those that have a spe- cific right to see them. It essentially turns the concept of the Internet as an open communications medium on its head. The fabric of the Internet is now like Swiss cheese, with so many holes that it’s all but impossi- ble to completely defend against mod- ern threats such as man-in-the-middle or SQL injection attacks. If you use the Internet, you are vulnerable. By contrast, CSA’s SDP approach makes total security the starting point and allows only those connections it can authenticate. That approach cannot be instituted for the whole of the Inter- net all at once, but with the Internet of Things looming, when millions of em- bedded computers and sensors will be connected via the Internet, “fundamen- tally, we are now at the point where we are going to have to shift from this de- fault open approach to layer on default [closure] to darken parts of the Inter- net,” Reavis said. One area in which this could be im- mediately useful is in spurring agen- cies’ move to the cloud. Despite various mandates and directives, it has been a slow process for government because of security concerns. Those concerns have prompted the rise of hybrid clouds in which some applications and services reside in a public cloud while more sen- sitive information stays behind agency firewalls in private clouds. That solution can be expensive for agencies, however, because the cost savings associated with the public cloud are blunted by having to main- tain an on-premise infrastructure. In CSA’s model, everything could be moved to a public cloud because SDP allows the creation of dark clouds in- side the public cloud infrastructure. Those dark clouds would be owned by the agency and would be invisible to everyone except for designated and authenticated users. There would be no possibility for anyone else in the public cloud to see or share the organization’s data, the main fear agencies have about moving sensi- tive applications and data to the public cloud. “‘Virtual private cloud’ is going to be A new tool rejects the open communications of the Internet in favor of a default closed approach to traffic ‘Black clouds’ block all but authorized devices BY BRIAN ROBINSON 0615gcn_030-031.indd 30 6/1/15 10:15 AM