Cloud Solution Provisioning Safely Played

Leave a comment

January 17, 2019 by tushumane

Vulnerable Cloud Solution Provisioning:

vulnarable

Suppose you decided to include cloud connectivity for different cloud providers into your solution and deliver it to your client then have you made sure of:

  1. The certificate and keys needed will need to be uploaded by the client end user, what if he intentionally or by mistake can not keep them secure?
  2. What if the solution developer(s) have made a backdoor to steal the keys and certificates?
    1. if certificates and keys are not maintained securely, the third person can not only use it for data theft but also he/ she can use those to get hold of other cloud services. He/ She can sale the data to competitors, marketing agencies etc.
    2. Or the other way around, backdoor developer along with someone from the management level can sell the data to competitors or marketing agencies and earn the money.
  3. Client end user along with his mates can use other cloud services and in the end, the client has to pay for the cloud provider’s bill every month.

So how can we avoid this:

Cloud Provisioning- Safely Played:

safely played

Clients themselves write the code to use certificate and keys to connect to the cloud provider, test the stub with dummy/ temporary account and finally deploy it as middleware between vendor solution and their premise/ data centers.

This way the client can be sure of getting rid of backdoors in the vendor solutions, and later consequences.

As far as the client end user is concerned, the keys and certificates would be valid for 6 hours. Again Public Key Infrastructure would generate a new set of keys and certificates. This way clients can be sure of having internal conflicts/ issues.

Be secure, be transparent, happy clouding …

waiting for suggestions and feedbacks …

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

About Me

Tushar Mane.


IoT Solutions Develeoper at TASM2M.
MTech in Computer Science, Symbiosis Internatinal University.
PG Diploma in Systems and Security, CDAC, Pune.
Software Integrator at CMC Limited, India.
Bachelor of Engineering, Information technology, University of Pune.


Email: mane.tushar@outlook.com


Contact: +919503237523


Timeline

January 2019
M T W T F S S
« Jul   Feb »
 123456
78910111213
14151617181920
21222324252627
28293031  

Browse Articles

#Visitors

  • 1,148 visits and counting ...
%d bloggers like this: