Cloud Security – Part 2: The vulnerabilities and threats of the cloud, current scientific work on cloud security, conclusion and outlook

I’m glad to welcome you to the second part of two blog posts about cloud security. In the first part, we looked at the current cloud market and learned about the concepts and technologies of the cloud. Thus, we created a basis for the areas of this post in which we will now deal with the vulnerabilities and threats of the cloud, have a look at current scientific work on the topic and finally conclude with a résumé and an outlook.

Once again, I wish you to enjoy reading! 🙂
Continue reading

Cloud Security – Part 1: A current market overview and the concepts and technologies of the cloud

Welcome to the first of two blog posts, that will deal with the latest developments in cloud security.

In this post, we will initially look at the role the cloud plays in today’s market and why it is important to deal with the security of the cloud. In order to address the security aspects, we need to know how the cloud works, so we’ll then take a closer look at the concepts and technologies used in the cloud.

After we know the technologies of the cloud, we will consider their weaknesses and threats in the next post. To this end, we are trying to identify the weaknesses of the cloud as far as possible, and we will regard a list of threats that companies can face when using the cloud. After that we will observe scientific papers that currently deal with the issue of cloud security. Finally, we will summarise, draw a conclusion and look ahead to potential future developments in the area of cloud security.

And now I wish you to enjoy reading! 🙂
Continue reading

Human Error in IT failures

With the ever-increasing complexity of artificial systems that aid humans in their daily and work lives, their operation procedures have grown more complicated and the potential for mishandling is higher than ever before. In the IT world, modern systems that must serve hundreds of millions of customers simultaneously and reliably have grown so complex that no single person can grasp every detail of the software they co-created.

As IT security systems and procedures are also becoming more reliable and make attacking software harder than targeting their operators, humans are now an apparent weak link in the computing world. Consequentially, security breaches and system failures are nowadays regularly publicly blamed on human error in cases such as the recent British Airways IT chaos [1]. Moreover, a report by BakerHostetler found, that 32% of all security incidents are caused by Employee Action or Mistake and just over 10% of incidents involve phishing, making human error one of the main causes for security incidents [2].
Continue reading

Microservices – Legolizing Software Development III

Welcome to part three of our microservices series. If you’ve missed a previous post you can read it here:

I) Architecture
II) Caching
III) Security
IV) Continuous Integration
V) Lessons Learned

Security

Introduction

Today we want to give you a better understanding of the security part of our application. Therefore, we will talk about topics like security certificates and enable you to gain a deeper insight into our auth service.

Continue reading

Exploring Docker Security – Part 2: Container flaws

http://i.dailymail.co.uk/i/pix/2010/08/10/article-1301858-0ABD7881000005DC-365_964x543.jpg

Now that we’ve understood the basics, this second part will cover the most relevant container threats, their possible impact as well as existent countermeasures. Beyond that, a short overview of the most important sources for container threats will be provided. I’m pretty sure you’re not counting on most of them. Want to know more?

Continue reading

Exploring Docker Security – Part 1: The whale’s anatomy

http://imagenes.4ever.eu/data/download/animales/la-vida-acuatica/ballena-de-alas-largas-240873.jpg

When it comes to Docker, most of us immediately start thinking of current trends like Microservices, DevOps, fast deployment, or scalability. Without a doubt, Docker seems to hit the road towards establishing itself as the de-facto standard for lightweight application containers, shipping not only with lots of features and tools, but also great usability. However, another important topic is neglected very often: Security. Considering the rapid growth of potential threats for IT systems, security belongs to the crucial aspects that might decide about Docker (and generally containers) being widely and long-term adopted by software industry.
Therefore, this series of blog posts is about giving you an overview of the state of the art as far as container security (especially Docker) is concerned. But talking about that does not make so much sense without having a basic understanding of container technology in general. This is what I want to cover in this first part.
You may guessed right: Altogether, this will be some kind of longer read. So grab a coffee, sit down and let me take you on a whale ride through the universe of (Docker) containers.

Continue reading

Security aspects in the context of drones

Image you are sitting on your balcony after a stressful working day. Your legs on a chair, an ice cold beer in your hand and the afternoon sun on your face. Suddenly the light darkens and a soft buzz is filling the air, constantly getting louder and more annoying.  A cold breeze causes goosebumps on your arms. What’s happening here? A drone enters your view, delivering a new TV device to your neighbour. You sink back in your chair and release the air you had hold unconsciously in your lungs.

Drones are flying robots, also called unmanned aircrafts, available in every size for actions that are dangerous or repetitive for humans. Today they still need to be controlled and closely monitored by one or two pilots via remote control. But in the future, artificial intelligence, included as their “brains”, could allow them to work autonomously to support us in our daily routines, science or warfare. They have many advantages, but we also found alarming facts and stories about how their use is harmful to our society and mankind. Have a look to understand what we’re talking about…

Continue reading

The Elixir Programming Language

elixir

An introduction to the language, its main concepts and its potential.

The number of security incidents has been on the rise for years, and the growth of the Internet of Things is unlikely to improve the situation. Successful attacks on all kinds of interconnected smart devices, from car locks over home security systems to highly automated factories, have already been demonstrated and carried out.

An aspect contributing to the bad state of security is the use of programming languages which are highly prone to vulnerabilities, namely C/C++. With the increased interconnection of systems which could pose a danger to life if disrupted, for example vehicle controls or critical infrastructure, there is a need for programming languages which provide a higher level of security „by default“.

Continue reading