Saturday, January 30, 2016

Governance, Regulations and Compliance: 
Cloud computing has proliferated VMs while security standards have been trying to catch up from the resource centric IT environments earlier to more datacenter oriented environments now. Fortunately, this has evolved based on the clouds are offered – public, community, private and hybrid. A public cloud has the highest risk due to lack of security control, multi-tenancy, data management, limited SLA and lack of common regulatory controls. A community cloud has moderate risk due to multi-tenancy, however it has less risk than public cloud due to shared legal/regulatory compliance issues. A private cloud has the least risk due to single ownership and strong shared mission goals along with legal/regulatory requirements. A Hybrid cloud has risk that depends upon combined models. A combination of private/community is lowest risk while a combination of public/community poses greatest risk.  The scope also matters. A public cloud serves several hundreds of organizations. A community cloud works with the private network of two or more organizations. A private cloud is entirely internal to the organization’s private network. A hybrid cloud can have a private/community cloud entirely within the organization’s private network with spillover capacity to a public/community cloud. 
The Information security governance framework is primarily Plan, Do, Check, Act cycle of continuous improvement and is comprised of seven management processes. These are strategy & planning, policy portfolio management, Risk management, management overview, Communication & outreach, compliance and performance management, awareness & training.  The management processes govern the implementation and operation of the functional processes, which vary based on the cloud environment. 
Central to the implementation of the functional processes, is the scheduled sweep of resources for GRC purposes. These sweeps involve tightening the configurations of Virtual Machines in all forms and flavors. These cover such things as the network connectivity configurations and System Security Services.  When a user logs into the VM, whether his password has expired or not, whether he is still an active employee or not, whether a login can be granted or not etc. are all part of the server hardening requirements. Yet the boiler plate configurations at each Virtual machine often escape the scrutiny that otherwise falls on the public cloud. When a public cloud is set up to run an Active Directory, it is usually done as a managed service. The connectivity from the virtual machines depends on their configurations. The access provider, the id provider and the change password provider specified in the sssd configuration determine how the virtual machines enable accounts. A careful scrutiny of this configuration can itself eliminate several vulnerabilities and maintenance activities. The cost of workflows and implementations increases significantly as and when the ripples reach downstream systems or later point of time. Therefore early and proactive mitigation by compliance and governance processes is immensely beneficial. When done right, it does not even require to change very often
#coding exercise
we discussed generating groups of K from N elements using recursion as saying
void assignGroups(int n, int k)
{
  if (k == 1) { // all elements in one group }
  if (n == k) { // each element in its own group }
  return assignGroups( k * assignGroups(n-1) + assignGroups(n-1, k-1));
From the above, We know the k sets can have sizes in one of the following configurations
N-k+1, 1, 1,  ... 1 (k-1 times)
N-k, 2, 1  ... 1 (k-2 times )
.
.
N/k, N/k, N/k .... (k times)

These sequences of sizes don't change while the contents can change.

But we know we can  We can generate combinations of any length m for one of the sets in k with 
Void Combine (List<point> a, List<point> b,int m, int start, int level)
{
For (int I = start ; I < a.Length; i++)
{
b[level] = a[i];
if (b.length == m) print(b);
If (I < a.Length)
Combine(a,b, m, start+1,level+1)
B[level] = NULL;
}

In fact we already know all the combinations of all sizes from above. This helps us make one set in k. The remaining sets can be made with remaining elements with the same code.
So instead of taking permutations, we could also solve this problem exclusively with combinations.



. 

No comments:

Post a Comment