Cloud computing’s multitenancy and virtualization features pose unique security and access control challenges. In this article, authors discuss a distributed architecture based on the principles from security management and software engineering to address cloud computing’s security challenges.
Managing security requirements from early phases of software development is critical. Most security requirements fall under the scope of Non-Functional Requirements (NFRs). In this article, author Rohit Sethi discusses how to map NFRs to feature-driven user stories and also how to make security requirements more visible to the stakeholders.
In this IEEE roundtable discussion article, the panelists discuss current authentication approaches, how to authenticate users on mobile devices and the future direction of authentication. 1
Building on their work on Real Options, Chris Matts and Olav Maassen are writing a graphic novel to explain the concepts and share their knowledge. They discussed the novel and the process with InfoQ.
"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language. InfoQ spoke with book authors on how these rules can help Java developers.
One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor. 3
In this IEEE article, authors Stephen Yau and Ho An talk about the advantages and challenges in application development using service-oriented architecture and cloud computing technologies. 2
This article presents a web application architecture that leverages cloud resources and an enterprise key-management infrastructure to lower costs while proving compliance to data-security regulations 8
Security concerns plague cloud consumers so how should these concerns be addressed? This article introduces the basic principles and patterns that should guide a cloud security architecture.
In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system architectures and their efficiency for intrusion tolerance and survivability. 3
NoSQL databases have been getting lot of attention lately but NoSQL data security is not given much emphasis. This article focuses on the security considerations in accessing NoSQL databases. 4