CTO’s Note: Enterprise-Grade Security, Now on the Cloud

The new world of cloud computing and virtualization introduces totally new security challenges, which require innovative solutions. One of the major challenges is how to secure a middleware component – such as a data grid or a messaging server – which is shared across many applications, not dedicated to one particular application.

Enterprises today have a strong need for sharing middleware across applications. On the cloud and in on-premise virtualized environments, it makes the most sense to run these middleware components as shared resources or services – just like Amazon runs SQS or SimpleDB. This incurs obvious savings in license costs, machine hours and operations overhead. It is unquestionably the most economic model for operating middleware, but in many enterprise scenarios it is simply infeasible, because it is not secure.

Security assumptions and constrains change significantly when you move from a cluster dedicated to one application to a cluster shared between several applications. It is no longer enough to assume that the application is responsible for granting access to its embedded middleware components; here, multiple applications may share the same data or messaging pools, and must have the right level of isolation and access. Securing the shared middleware resources is key to achieving this level of isolation and control.

With the recent release of XAP 7.0.1, GigaSpaces is the first to deliver true enterprise-grade security in cloud and virtualized environments. What I mean is that our in-memory middleware services are now designed to enable fine-grained control and authorization even in a shared environment.

The new version provides not only transport-level security for all data related communication (based on SSL), but also support for users and roles, with a comprehensive permissions system to enforce authorization for every operation, from the management of the GigaSpaces infrastructure, to fine-grained authorization to access individual data objects and operate on them.

A few concrete examples:

• Two application might share the same container resources, but use a separate data grid instance with independent lifecycle management.

• Several applications can access the same data grid service, and be granted different permissions to view each data item, based on the content of the data.

• Different parts of the same application (e.g. purchasing module vs. sales module) may be granted access to different accounts, even though all the account data is stored in the same shared data grid.

• One part of an application can be granted read/write access, while another part of an application can be granted read-only access to the same data.

I’m so excited about our new security that I neglected other aspects of the 7.0.1 release, including a 200% performance improvement and a major upgrade of our .NET support. I really encourage you to read more about what’s new in this service pack and, in case you missed the buzz, about everything that’s new in XAP 7.0.

Here’s to a truly secure enterprise cloud!

Regards,

Nati S.

_______________________________________________________________

•  Read additional news items:

• XAP Powers Private Cloud for 52-Country Data Hub at Fortune 100 Company

• Gartner Evaluates XAP for Hybrid Cloud Deployments

• GigaSpaces Makes Internet.com’s List of Vendors “Shaping the Cloud”