Cloud

As Google Apps become more popular in organzations, the security issue takes central stage. The attached presentation discusses those issues. You can also watch the presentation video here.

Surprisingly, the focus not just on technical controls but also on legal issues. Among the issues discussed are:

As WAFs traditional functionality is being absorbed in other solutions such as IPS and Load Balancers, WAFs are looking for future direction. One feature that seems to appear in many WAFs and show promise is anti-automation. Anti-automation is a complex feature not the least since automation itself is multifaceted and ill-defined. The attached presentation provides insight into automation applications from auction sniping to data scraping.

In a recent OWASP meeting I gave an overview presentation on how WAFs interact with cloud computing, both utilizing the cloud and protecting cloud based applications. I have discussed the following scenarios:

1. Enterprise Security Gateway
2. WAF as a service: For protecting a data center or SaaS
3. WAF for a cloud deployment: Host Based or Infrastructure Based
4. WAF stubs

You can download the presentation here.

It was only a matter of time before someone creates an in the cloud WAF based on Amazon cloud computing services. Art of defence, one of the early WAF in the cloud solution provider. has won the innovation race this time.

As usual, RSA is the time of year companies choose for major announcements. The WAF announcements this year focus, following the general computing trend, around cloud computing:

• Art of Defense, a WAF vendor from Germany, has launched its SaaS WAF solution which target mostly service providers and SaaS vendors.
• Savvis, a web hosting turning into cloud services company, has added WAF in the cloud offering based on Imperva SecureSphere WAF.
• SecureWorks, a managed security services provides, announced full management for Imperva SecureSphere and monitoring for other WAFs.

Two challenges facing WAFs in the cloud are bandwidth and complexity.