Citrix’s Chief Security Architect on how to avoid misconfiguration

Citrix’s Chief Security Architect on how to avoid misconfiguration

Sameer Sharma, Sr. Consultant for Cloud Architecture and Security at Citrix, recently highlighted five of the top cloud security risks. In his post, he provides high-level guidance for each cloud security risk, one of which is misconfiguration. In August 2019, the Cloud Security Alliance released The Egregious
/
Wired

The biggest threat of deepfakes isn’t the deepfakes themselves

The mere idea of AI-synthesized media is already making people stop believing that real things are real. It was late 2018, and the people of Gabon hadn’t seen their president, Ali Bongo, in public for months. Some began to suspect that he was ill, or
/
Lew Tucker

Istio 1.0: Making It Easier To Develop and Deploy Microservices

With the recent availability of Istio 1.0 it is not surprising that it continues to capture much attention from the technical press and developer community. As an open platform to connect, manage, and secure microservices, Istio promises to make it much easier to build and operate micro-service based applications. So what is behind all this interest and what problem does it solve?

Off-loading management of service-to-service networking

It’s clear that developing applications as a set of micro-services offers several advantages. Breaking up a large application into a set of services allows individual development teams to focus on building simple services – doing one thing – and doing it very well. Kubernetes adds to this by providing orchestration of containers, scaling, and resiliency.

But because microservices need to be connected, what started out simple suddenly becomes complex. Each development team must now know how to handle secure service-to-service communication, authentication, traffic management, and many other aspects of networking that may go way beyond the skillset of each team. Add to this the operational requirements for observability and management, and things quickly become much more complicated.

Istio reduces this complexity by off-loading management of service-to-service networking to a distributed service mesh. Sidecar proxies, sitting next to each service instance, manage traffic, setup secure connections and work in concert with control plane elements operating across the entire mesh.   Load balancing, A/B testing, policy changes, and failure recovery can now all be done without having to get each application development team involved. Most importantly, this single control plane means that it’s now easy to apply a consistent set of policies across the microservices.

Multicluster Istio

By now, you have hopefully heard about Cisco’s hybrid cloud work and partnership with Google , so when our team started to get involved with Istio, we immediately saw an opportunity for Istio to play a role in hybrid computing across multiple public and private clouds. Working upstream with the rest of the Istio community, Cisco engineers helped to develop a model for Istio to move beyond operating within a single Kubernetes cluster by simply extending a single control plane across multiple Kubernetes clusters.   This capability is available as an Alpha feature in Istio 1.0, and over time we expect to see the community develop different ways for Istio to play across multiple clouds.

In summary, just as Kubernetes provides orchestration of containers, Istio might best be viewed as providing orchestration of service-to-service networking yielding a much better way to develop and deploy microservice-based applications in a multicloud world.

By Lew Tucker

Lew Tucker Contributor
Lew Tucker is the Vice President and Chief Technology Officer of Cloud Computing at Cisco, where he is responsible for helping to shape the future of cloud and enterprise software strategies. Tucker has more than 20 years of experience in the high-tech industry, ranging from distributed systems and artificial intelligence to software development and systems architecture. Prior to joining Cisco, he was the Vice President and Chief Technology Officer for Cloud Computing at Sun Microsystems, where he led the development of its infrastructure-as-a-service offering and the development of Sun Cloud. Other accomplishments in his career include Salesforce.com’s AppExchange, the java.com developer community, and the massively parallel Connection Machine. Tucker’s interest in distributed systems stems from his tenure at Thinking Machines, an early leader in supercomputing technology, where large-scale problems could only be addressed by using thousands of individual processors. Today, as the Internet evolves, companies are following a similar trajectory and building out large-scale cloud computing platforms. Transformation of systems into scalable platforms remains a long-term interest. Tucker holds a bachelor’s degree in biology from Cornell University, a master’s degree in computer science with a specialization in artificial intelligence from the Polytechnic Institute of New York University, and a doctorate in computer science from the Polytechnic Institute of New York University.

POWERPOINT COMIC LICENSING | CLICK TO SEE MORE

Mark Kirstein Partner Experts

BitTitan Cloud Predictions and IT Migration Trends for 2019

IT Migration Trends The beginning of a new year is an ambitious time for people and businesses. Strategic initiatives are finalized, goals are set and ...
Sam Bowman

Medical Data in the Cloud: What Are the Risks?

Medical Data in the Cloud Executive-level healthcare leaders must have a thorough understanding of cloud-based security risks. Patient data can vary from simple information such ...
Cloud Computing In Education

Cybersecurity Policies Must Address Internal Threats

Cybersecurity Policies The contentious U.S. election campaign offered up many highlights, but the aftermath of election night – explosive cyberattack allegations – provided even more ...