I had meant to update on how my plans for the year were going around June / July so this is a little late, but I have been pretty busy getting the upcoming Cloud Security Alliance (CSA) – Security as a Service (SecaaS) guidance documents. These are due for publication at the start of September – watch this space.. It has also taken longer than expected to finalise my Masters project choice, but I think I’ve got there with that one, finally!
In January I listed some goals for the year here;
So where am I with the years goals?
1. Choose a project and complete my Masters. Project finally chosen and extended project proposal handed in. My proposed project title is;
‘Increasing authentication factors to improve distributed systems security and privacy’
The plan is to cover the current state of distributed systems authentication and to assess how this could be improved by adding further ‘factors’ to the required authentication. In this instance factors refer to things like ‘something you know’ such as passwords, ‘something you have’ such as a number generating token, and something you are such as your finger print. I have completed a project plan outlining how I’ll use the time between now and the hand in date in January 2013, and I’ll keep you posted with progress.
2. Lead / co-chair the CSA SecaaS working group. While it has been challenging to find the time and keep everyone involved working in the same direction, we are almost ready to release the next piece of work from this research group. The next publication will be in the form of 10 implementation guidance documents covering the 10 SecaaS categories we defined last year. These will be released on the CSA web site around the end of August, I’ll post a link once they are available. This has certainly been a learning experience regarding managing the output of a very very diverse set of international volunteers!
3. Become more familiar with the Xen hypervisor. I have had limited success with this one, increasing my familiarity with virtualisation and cloud generally, and reading up on Xen. However I have not had a chance to set up a test environment running the open source Xen hypervisor to get properly acquainted with it. I’ll be looking to rectify this during October, at which time I’ll provide a run down of my thoughts of this hypervisor’s features and how easy it is to install and configure.
4. Brush up my scripting and secure coding. Scripting opportunities have been limited this year, and I have not had the tine to create side projects outside of the office due to CSA and Masters related work. Secure coding, I have reviewed both some code and some development practices against OWASP recommendations and the Microsoft secure development lifecycle (SDLC), so have made some progress in this area and will follow with an update in a future post.
Overall, not as much progress in some areas as I had hoped, but I am reasonably happy with the CSA SecaaS and Master progress, while also holding my own in full time employment.
As mentioned, keep an eye out for the upcoming publication of the SecaaS implementation guidance!