Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. - -

Friday 20 August 2010

New Whitepaper "Security Policy Automation: Improve Cloud Application Security ROI"

New Whitepaper: "Security Policy Automation: Improve Cloud Application Security ROI"
You have to plan ahead in terms of security when moving parts of your organization’s IT into the Cloud. Compromises and mistakes done early on when things are small and less critical will come back and haunt you later. In this article, you will learn why security automation is important to meet both regulatory compliance requirements and the financial rationale behind Cloud adoption. The financial ROI of Cloud security and compliance is judged by decision makers in end-user organizations by the same measures as is done for Cloud computing in general, i.e. by how much it cuts up-front capital expenditure and in-house manual maintenance cost. In order to reduce security related manual maintenance cost at the end-user organization, security tools need to become more automated. Unfortunately in many cases automation is easier said than done, and many security tools today offer automation at the price of trading off relevance, correctness and automation. This article discusses security policy automation challenges and solutions for Cloud applications (using an approach known as “model-driven security”), so that security practitioners can better support financial rationale behind Cloud computing, and also influence Cloud providers to provide better security tools.
Contact me if you would like a free copy.

1 comment:

Dr. Ulrich Lang, CEO, ObjectSecurity said...

An improved version of this article has also been featured article in the ISSA Journal October 2010.