In this IEEE article, authors Stephen Yau and Ho An talk about application development using service-oriented architecture and cloud computing technologies. They also discuss application development challenges like security in a multi-tenant environment, quality-of-service monitoring, and mobile computing.
Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.
Security concerns are the number one barrier to cloud services adoption. How do we evaluate a vendor's solution? What is an optimal security architecture? What are consumer versus provider responsibilities? What are industry standard patterns in this regard? This article answers some of these questions based on first hand experience dealing with large scale cloud adoption.
In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system architectures and their efficiency for intrusion tolerance and survivability. 3
NoSQL databases have been getting lot of attention lately but NoSQL data security is not given much emphasis. This article focuses on the security considerations in accessing NoSQL databases. 4
In this IEEE article, author Danny Dhillon discusses a developer-driven threat modeling approach to identify threats based on the dataflow diagrams for assessing and mitigating the security risks. 3
In this IEEE article, author Charlie Miller talks about mobile security vulnerabilities. He discusses how iOS and Android phones can be attacked using mobile malware and drive-by downloads.
Risk management is a crucial discipline for projects, and finding ways to do effective risk management on agile projects will spell the difference between Agile scaling into the enterprise or failing. 5
In this IEEE article, author John Diamant talks about improving security quality of software applications using techniques like security requirements gap analysis and architectural threat analysis.
In this IEEE article, author Eric Olden discusses an identity fabric that links multiple applications to a single identity to manage the volume of user identities in the cloud. 1
InfoQ spoke with Rich Caralli from SEI's Resilient Enterprise Management Team about Resilience Management Model used for managing operational resilience in complex, risk-evolving environments.
In this IEEE article, John Stouby Persson and Lars Mathiassen discuss a process for managing risks associated in managing the distributed software projects. 2