Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. - -

Tuesday 26 January 2010

Cloud Security: Controlling PaaS Information Flows

There is a lot of confusion today about what Cloud security means, and how security is related and different from other technologies. While a lot of infrastructure security is already required to make Cloud computing secure and compliant with regulations, a particular challenge is how to also make the applications running in the Cloud (i.e. on Platform-as-a-Service, PaaS) compliant. For example, if your organization deals with customer information, PaaS applications - just like traditional applications - need to include policy management and enforcement to ensure information usage is in line with regulations and policies.
PaaS applications are best integrated using a model-driven approach (e.g. using business process modeling, BPM). For example, Intalio|Cloud offers such a BPM PaaS enabled Cloud platform.
ObjectSecurity has integrated their OpenPMF model-driven authorization management product with the model-driven BPM integration tools that come with Intalio|Cloud. The integration allows PaaS developers to reliably manage and enforce consistent, human-understandable security policies for their agile applications (in just the same automated way OpenPMF does this for Service Oriented Architecture and virtualization platforms).
Please contact ObjectSecurity if you would like to discuss this, and know more about Cloud security and PaaS security policy automation. ObjectSecurity offers free trials, free webinars, consulting, and eBooks to help you. Future-proof your Cloud roadmap - you can only take the right roadmap decisions if you have all the information you need!