In the late 1990s and 2000s the Internet evolved from
a static content web pages into dynamically generated websites with a
database back-end. The era gave birth to technologies such as ASP and
PHP which dominate more than 52 percent of the market (BuiltWith
Trends, 2011). Today, as the grid computing, distributed computing
and cloud computing are rapidly becoming defacto choice for data
storage and access (Divakarla, U, & Kumari, G 2010), web
application need to evolve and adopt the emerging data access
technologies. In addition, many businesses rely on Business to
Business (B2B) information which is exposed through web services
technologies to provide an additional layer of security (access
authentication and authorization) as opposed to exposing a direct
connection to the back-end database.
Information such as geographical location (MaxMind,
Inc. 2011), credit rating (Experian Information Solutions, Inc.
2011), employment and income verification (Equifax, Inc. 2011),
address lookup and readdressing information (Canada Post, 2011) is
available to merchants and service provides through standard (SOAP
and RESTful) web services. As such, instead of maintaining its own
database of geoip information or postal codes, a web application can
simply invoke an exposed web services to get access to the up-to-date
data maintained by an “expert” service provider. Moreover,
“Amazon S3 provides a simple web services interface that can be
used to store and retrieve any amount of data” (Amazon Web Services
LLC, 2011) which allows web software developers to create a database
driven application without having a traditional database back-end
relying completely on standard web services protocols such as SOAP
and REST.
The main obstacle in adoption of a distributed
information storage such as Amazon Web Services is the security
aspect of it. While vendors state that the storage “is secure by
default” (Amazon Web Services LLC, 2011), there are certain aspects
of security such as physical security which are can not be controlled
by the data originator. As such, merchants and service providers
wishing to utilize a “cloud” storage option need to evaluate and
implement compensating control such as adoption of HTTPS protocol to
transfer the data and encrypt the data before it is stored in the
“cloud”. Ideal, on organization wishing to join the "cloud" should assess the risks by conducting a Threat Risk Assessment (TRA) and to make sure there are security controls in place to mitigate the identified risks.
Bibliography
- Amazon Web Services LLC, 2011. “Amazon
Simple Storage Service” [online]. Available from:
http://aws.amazon.com/s3/
(accessed: November 19, 2011).
- BuiltWith Trends, 2011. “Top
in Frameworks” [online]. Available
from: http://trends.builtwith.com/framework/top
(accessed: November 19, 2011).
- Canada Post, 2011. “Postal Code Data Products” [online]. Available from: http://www.canadapost.ca/cpo/mc/business/productsservices/mailing/pcdp.jsf (accessed: November 19, 2011).
- Divakarla, U, & Kumari, G 2010, 'AN OVERVIEW OF CLOUD COMPUTING IN DISTRIBUTED SYSTEMS', AIP Conference Proceedings, 1324, 1, pp. 184-186, Academic Search Complete, EBSCOhost, viewed 19 November 2011.
- Equifax, Inc. 2011. “The
Decision 360” [online]. Available
from: http://www.equifax.com/consumer/risk/en_us
(accessed: November 19, 2011).
No comments:
Post a Comment