There is a talk that I've given a few times with very good response - "How
Cloud Computing -Improves- Security". We go in to detail on all the areas
where cloud providers have (or should have) gone the extra mile relative to
the datacenter a customer runs in-house, and how with a solid partnership
with your provider - a cloud can be more secure than what you have in-house.
One of the things we discuss during that talk is how users of cloud need to
be prepared to spend more on security and compliance to get the level of
comfort and risk management they are used to.
The number I like to use is 15% - that for each dollar you save by making a
move to cloud computing, you should invest 15 cents to improve security and
increase compliance efforts. The top areas of focus for most should be
application security and real-time monitoring efforts. The security levels
tha... (more)
As product manager at ScaleUp, one of my top jobs is to make sure our cloud
management platform has as much impact as possible at what we call the cloud
"point of purchase".
This is that magical spot where the consumer and provider meet. It's where
consumers locate, order and manage the resources they need. It's the spot
where providers manage their users, offer capacity, manage and monitor those
resources, charge for them, enforce and apply automation, governance,
security and other business rules and ultimately provide a service. In
other words, there's a lot going on at th... (more)
So this morning the big news is that AWS is having issues affecting customers
in US-EAST-1. So far I’ve seen 4sq, reddit, godaddy, quora and many
others on the “is down” list. What always surprises me when this happens
is that people point fingers at AWS, and I always shake my head.
If your business relies on a website to be up, why do you allow a failure in
a single availability zone to shut down your business? There are so many
tools out there at this point to simplify deployment, scaling and resiliency
across multiple availability zones or even across multiple cloud providers... (more)
Let’s say, hypothetically, that you are considering building a cloud-based
service and had come to that fork in the road where you had to think about
how to authenticate users to your API’s.
As I was thinking about that problem, it struck me that potentially you could
use the new(ish) identity and access management services from AWS. Create
users, set groups and permissions, authenticate them against IAM as an
identity provider of sorts. Of course after I read the FAQ where it asked
if you can use it on 3rd party apps, the answer was “not yet”.
But I think you can, today.
Step... (more)
Two weeks ago I spent a few days at RailsConf in Baltimore re-connecting with
my developer roots, and it gave me a fresh perspective on what developers
really think about cloud.
Background
Although I’ve spent much of my time focused on the application layer in the
past decade, it has been at the architecture and integration level for the
most part – especially recently. I’ve both personally coded (in PHP,
don’t hate me) or led development teams that have built a number of large
web and enterprise apps (in various languages) during that time. I have
attended all sorts of devel... (more)
A recognized thought leader on cloud computing, enterprise architecture and security, Scott Sanchez is a jack of all trades that has held strategy and leadership roles at Goldman Sachs, Bristol-Myers Squibb, Unisys and a number of technology startups along the way.
John Treadway
Sue Poremba
Scott Sellers
Anthony Franco
Daniel Morris
Wayne Walls
Niki Acosta
Jereme Hancock
Oren Michels
Marvin Wheeler
Douglas Kim
