Favorite Quote

"..the market seems to have come to the conclusion that cloud computing has a lot in common with obscenity-- you may not be able to to define it, but you'll know it when you see it." James Urquant

Wednesday, December 30, 2009

Cloud computing may exacerbate security and file transfer issues

Here is an interesting article by Rob Barry titled: "In SOA, cloud resources may exacerbate security and file transfers issues." It highlights significant requirements for Federated SOA especially around large file transfer using SOAP Attachments. The article makes the following interesting points:

With increasing cloud adoption, there is an increase of large file transfers to external cloud providers such as Amazon S3 or Rackspace CloudFiles or to a company's internally hosted cloud.  The file size increase is driven by the a low-hanging use case for S3 and CloudFiles:  securely archiving rarely used corporate data in the cloud.  The result of such archiving of batch data is an ever-growing file transfer over HTTP as a MIME of MTOM attachments.  Consider the opposite scenario:  if the data is real-time the transaction rate is higher but the files sizes are usually small.  According to Frank Kenny,  Gartner Research Director:  "As we start to use more cloud-based services, the problem is going to exacerbate itself because we're dealing with bigger data, bigger attachments," said Kenney. "But we want the same performance that we've always been able to maintain."

MTOM and MIME are now widely used for real-time file transfer of large files over web services instead of legacy FTP (still the dominant, dirty protocol for batch data transfer).  Files are now readily transferred over SOAP with content-based security (XML-Security) as well as protocol security (SSL). Watch Managed File Transfer (MFT) vendors start to add HTTP-SOAP/XML stacks to their offerings and edge appliance vendors such as Forum Sentry start to encroach on the MFT space.  Such XML gateways already support FTP, sFTP, FTPs, AS/2, PGP, etc. for managing file transfers in addition to XML messaging. Standards such as MIME and MTOM are now being heavily deployed. For a deeper understanding regarding how MTOM works, see "Intro to MTOM."

Identity is critical to Federated SOA. SOA deployments are usually executed within "Domains" with distinct business and technical owners for a set of services that are provided internally or to external Domains. SOA Domain Jumping requires establishing establishing trust through identity token exchange. For cloud computing to succeed, identity management has to succeed and so does successful deployment of a Federated SOA model.

No comments:

Post a Comment