“Good enough” RESTful protocols and standards have the momentum from my perspective and that would include passing basic security information. Looking at what’s next — I believe we’ll need more than single site authentication as as applications span on-premises and Cloud-based environments. We need security federation capabilities and SAML (which is not a WS-* standard per se but can be carried within it) has the most momentum and can be implemented using RESTful or SOAP-based protocols.

My vision of web connection security has a specific flavor given that MCF Tech is an organization of business professionals who provide technology services as opposed to being purely technologists. From this perspective, my leaning is strongly toward REST interfaces, where authentication is contained in the HTTP header and the content communicated in the multi-part body, ideally as XML.

My challenge with WS is that it’s quite difficult to decipher the requirements and it’s not really widely adopted. If I had to make a prediction, I see REST as the way forward due to it’s simplicity and wider current use, even if it may be technically less sound.

One of the big questions/challenges of security is how much is enough. We have been working recently to connect the PaaS to QuickBase to Docusign and Equifax using Talend as an ETL intermediary. The biggest challenge in connecting services is navigating the security nuances.

It may be overly idealistic, but it would be great to see sokme basic cloud security standards that address the critical security needs but support the ability to easily create authorized connections.

http://my.gartner.com/portal/server.pt?open=512&objID=256&mode=2&PageID=2350954&resId=1116613&ref=Listen

The key word here – for us and our customers – is secure. The Internet has been deemed “the Wild West” – home to porn, predators, viruses and petty crime. So how could it possibly be a suitable replacement for the LAN? Well, it can and it is. And to make sure IT people around the world know how to identify and implement secure cloud computing solutions, the Cloud Security Alliance was announced earlier this year at the RSA Conference.

The CSA is a collection of the finest minds on cloud security in the world, including leaders from Symantec, Dell, and Salesforce.com. I reviewed the initial draft of the CSA’s Security Guideline document and found it to be well thought out and very broad in it’s spectrum of domains being covered. So I decided to become involve and help further develop details within the guideline. With my background in security and working at a SaaS provider I have some pretty good insight in to the trials and tribulations of working within the cloud model.

Basically, when version 2.0 of the guideline is complete around October, IT managers around the world will know what to look for in a cloud computing vendor. The guideline will cover domains from Governance and Legal, to Datacenter Operations and Business Continuity. It will include provisions and guidelines for Compliance and Audits as well as Incident Response and Remediation. It will also cover areas of Storage, Encryption and Identity Management among others. Basically it’s going to be the foundation for how cloud vendors should function and what IT managers should look for in a strong reliable cloud solution. Yes, this will upset those trying to build cloud solutions quickly and cheaply. It’s a small price to pay.

Imagine a time before medical school and licensed doctors – you would never know if the surgeon you were seeing practiced legitimate medicine or was actually a witch doctor. Not exactly the way any of us would operate. The same is true with cloud computing. If you’re going to move your valuable assets into the cloud (because the productivity, cost, energy, etc. advantages are really that great) you better be able to recognize the professionals. The Cloud Security Alliance intends to be the source of resources needed so even the most inexperienced person will have the tools they need to securely move into the cloud.