Tag Archives: review

Enterprise Security – A Data Centric Approach — Chapter 3

29 Sunday Dec 2013

Posted by in Books, General, Technology

5 Comments

Tags

, , , , ,

So I’m back to reading Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody. I’ve not finished reading the book yet but as I’m reviewing one or two chapters at a time, I thought I’d blog about Chapter 3 – particularly given its value (previous blog entry here and here).

Chapter 3 goes by the name of Security As A Process, which addresses the processes to determining security risk, the analysis of cost benefit of implementing security features to address those risks. The chapter then goes on to provide guidance on defining good policies and standards.

In hindsight the process for determining and analyzing the security risks and classifying them is fairly obvious – it took the reading to to draw the points and the mechanisms into focus. But the fact it makes sense in hindsight suggests that the approach the workability and the chance for the business to understand the risks and challenges being taken on.

The chapter also provides some really good information sources for people to use to support the adotion of the processes described. Some I’ve known about such as the SANS Institute others I hadn’t.

I have to say that based on the strength of this chapter alone I’d recommend the book to any architect who is seeking to develop practical appreciation of addressing security considerations or understand what they should be looking for what to ask for in a new organisation. Those trying to drive up the quality of processes or get across the need for a more proactive security strategy that is also pragmatic – reading this chapter alone should help provide some serious points to get a handle on things.

The book has been published by Packt (who at the time of writing are running a promotion – more here)

There is also a supporting website for the book at http://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Appetite for Self-Destruction: The Spectacular Crash of the Record Industry in the Digital Age

29 Sunday Dec 2013

Posted by in Book Reviews, Books, General, Music

Leave a comment

Tags

, , , , ,

With the holiday break, I’ve had a bit of time to get through some reading, including finishing Appetite for Self-Destruction: The Spectacular Crash of the Record Industry in the Digital Age. This an excellent book on how the music industry has managed to shoot itself in the feet a number of times (and with a canon at that); although it does only cover events upto 2008 (as we enter 2014 it would be brilliant to see an additional chapter to get insight into how the resurgence of vinyl and the rise of Spotify has impacted thinking – beyond the deadlines of complaints by the likes of Thom Yorke about Spotify).

Thw book feels well researched (certainly references hold testimony to this), but at the same time it doesn’t read like a dry academic read that you would associate with such a well researched text. But given the attitudes and behaviours of some of the individuals in the big labels their egos run riot far more than most of the ‘rock gods’ that they’re trying to sell.

Steve Knopper has done a great job with the book and I’d recommend it to anyone interested in music or how technology such as peer-to-peer has impacted the media industry. You dont need to be a music fiend or geek to find this a satisfying read.

Steve’s website is http://knopps.com/
 

Books, Books & More Books

15 Tuesday Oct 2013

Posted by in Books, Technology

1 Comment

Tags

, , , , , , , , , ,

The blog posts have been a bit slow of late as I’ve been deep into reviewing books for Packt Publishing.  But thought I’d share the fact that Packt are running a big promotion at the moment, offering 50% off all their books if you use the discount code COL50 as part of the celebration of Columbus Day.  The offer currently runs until the Thursday 17th October.

As for books, well I’ve just finished reviewing the Apache Camel Developer’s Cookbook by Jakub Korab and Scott Cranton (Amazon have it currently listed as Camel Enterprise Cookbook.

The version of the book I’ve reviewed was very, very good. I have to admit I went into reviewing this book with high expectations given the fact I’ve worked with Jakub and know the calibre of his output whilst he was consulting for FuseSource (now part of RedHat JBoss) and I’ve not been disappointed.

You can read the book as either a guide to Apache Camel as each recipe builds upon the preceding recipe; or as a dive in as you need a solution to a problem as each recipe pretty much stands up in its own right (cross referencing other supporting recipes or key preceding recipes).  The book explains not only how to do something – from simple routing & filtering through to XA transactions with one of the leading orchestration technology frameworks.

From Jakub & Scott’s fine technical guide, I’ve started to look at a book on Applied SOA Patterns on the Oracle Platform part of Packt’s Enterprise series of books.  I cant say too much on this book yet – it is going to be a fairly chunky book at around 500 pages.  Will post more once we’ve got well into the book I’m sure.

Enterprise Security: A Data-Centric Approach to Securing the Enterprise – book review chapter 2

14 Sunday Jul 2013

Posted by in Book Reviews, Books, Packt, Technology

6 Comments

Tags

, , ,

Enterprise Security - A Data Centric Approach to Securing the Enterprise

Enterprise Security – A Data Centric Approach to Securing the Enterprise

Continuing with the review of Enterprise Security: A Data Centric Approach to Securing the Enterprise by Aaron Woody having given a bit of history and motivation for an alternate approach Chapter 2 of the book starts describing the data centric approach.

We start out looking at why network boundaries need to revisited – as a result of BYOD, closer integration with business partners, collapsed/simplified software stacks etc.  Then go into defining in more details the data centric views and how t go about building a trust model for identifying what needs to be secured. A trust model looks at the different dimensions that can impact data:

  • Data (what actually are we protecting – is the data your commercial crown jewels such as a customer list, classifying the data to understand its characteristics, where is it located and so on)
  • Processes – what can be done to data
  • Applications – systems interacting with data
  • Users – differentiated from roles – their relationship to the data employees, contractors, third parties etc
  • Roles – the roles people have to perform, system admins, data stewards etc
  • Risk – as you can never guarantee everything, what are the consequences of a breach
  • Policy & Standards – legal requirements e.g. HIPAA, PCI DSS, DPA plus internal corporate policies

With the guidance to help gather the information you can start to build a profile of your data and the need (or not) for security with challenges and risks that need be addressed to achieve this within an organisation.  All of which has to take into account of ‘data at rest’ (i.e. in databases, flat files etc) and ‘in motion’ transfers such as email, HTTP, FTP, SQLNet and so on.

The book then begins to talk about architectures that can reflect the considerations and needs of your data.

In terms of the writing, chapter is pretty direct and to the point which is great as long as you have some basic appreciation of security needs.  It would have been good to enrich the information with some examples (although the Appendix does illustrate a bit further). The ideal would have been to have a use case running through the book (perhaps at the end of each chapter applying some of the ideas to a fictitious scenario).

Useful Links

Enterprise Security: A Data-Centric Approach to Securing the Enterprise – book review

02 Tuesday Jul 2013

Posted by in Book Reviews, Books, Packt, Technology

Leave a comment

Tags

, , , , ,

I have started to review another book, this time Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody. Based on the interest that my review of Getting Started with Oracle Event Processing 11g I thought I’d follow a similar approach of reviewing one or two chapters at a time, although because of other constraints possibly not as quickly as last time.

As an enterprise architect, and having worked within some more sensitive environments which means security typically has a lock the world down, particularly at the perimeter. But with an increasingly less practical as we become ever more connected. Not to mention the tighter the old approaches are applied, the more the business will by pass IT (e.g. Go acquire SaaS solutions without IT support), the net result being a home goal in undermining the very thing you’re trying to achieve. So the killer question is, can the book show another way that works matching the challenges ranging from SaaS (software as a service) to BYOD (bring your own device – i.e. connecting your own smart phone to systems and work with them on the move etc) against the backdrop of increasing data legislation and commercial fallout (customer loss etc) as a result of security breaches becoming public knowledge.

Chapter 1 is very much a good scene setter, providing some of the background as to how security approaches have evolved over the last 30 or so years. It sets out some clear perspectives on the challenges of applying security such as

  • making cases for investment
  • Applying security as an overlay on a solution rather than being an integral part of a design and the impacts this can cause
  • The challenges of stakeholders involved
  • The mentality of just locking the perimeter (when statistics regularly show that increasing data leakages are a result of accident or malicious actions by those inside the organisation

The book also challenges the mentality of security is the network, which a grave mistake as security impacts processes and roles just as much as it does the software and physical infrastructures.

This sets up for the journey for defining an alternate approach starting with defining the boundaries that should be considered.

Review of Introduction to Oracle Event Processing – chapters 10 & 11

19 Wednesday Jun 2013

Posted by in Book Reviews, Books, General, Packt, Technology

1 Comment

Tags

, , , , , , ,

The penultimate chapters don’t dive into the core Event Processing technology but look at some uses cases and the combination of CEP with Oracle’s spatial extensions and database capabilities. My initial reaction was that these chapters are perhaps more niche than I’d want, but when I thought a little longer it occurred to me that a lot of CEP use cases would include make use of spatial. Intact a system development I lead some years ago, if built today could be built using these features.

The book focuses on the idea of notifying people about a public transport service, but think about the great many mobile services evolving for smart phones given their push notification capability now you can see how e spatial features could offer a lot of value.

The chapters like everything else in this book are very well written, and worth reading.

If anything the questions left in my mind, are more commercial dimensions of such a technology – enterprise Oracle database which contains a number of the special feature is not cheap, and I’d imagine that the spatial cartridge isn’t cheap. This leads me to a natural next question, given the common application scenarios like e one described, has anyone stood up a SaaS service using this technology, and how cost effective/competitive/attractive would it be?

As you can see a thought provoking book.

Introduction to Oracle Event Processing – Chapters 6-9

15 Saturday Jun 2013

Posted by in Book Reviews, Books, Packt, Technology

Leave a comment

Tags

, , , ,

Continuing to look at the Introduction to Oracle Event Processing book, by chapter 6 the books has covered the key principles and ideas for building a CEP solution, and we’re now need to consider deployment. But refreshingly the book also takes on a number of non functional requirement (NFR) areas such as the issue of monitoring, a subject area that many technical books tend to ignore. The attention to monitoring is admittedly driven by the fact that Event Processing is inherently sensitive to timing and system loading etc and will obviously have a direct impact on what outcomes are produced.

As the book takes you through aspects of building a simple solution – the CEP equivalent to writing ‘Hello World’ it would be great if the authors could make the implementation available for download, so you could go straight into deployment.

Chapter 7, then takes us into other performance improving aspects such as how to get event enrichment data, and importantly exploit caching to drive the performance. If you’re familiar with Coherence then this aspect should be pretty easy to get to grips with, and the book actually focuses on the OEP aspects of the setup. If you don’t know Coherence, you’d do well to look at additional sources of information.

Chapter 9 is a natural evolution of 8 as further develops performance thinking with clustering and with it High Availability dimensions.

Before looking at High Availability (HA) and scaling the book drives back into more advanced scenarios with CQL by introducing Java into the syntax.

Introduction to Oracle Event Processing – Chapters 3, 4 & 5

09 Sunday Jun 2013

Posted by in Book Reviews, Books, Packt, Technology

Leave a comment

Tags

, , , , ,

Continuing with the review of the Packt book Introduction to Oracle Event Processing (OEP) we find chapters 3,4 and 5 take a far more indepth dive into the product, what it can do and how to implement the features with examples of why you might want to use different features and capabilities.   Chapter 5 focuses specifically on the Complex Query Language (CQL) syntax which is a SQL based expression language for querying events and describing expressions with an obvious emphasis on time series data.

As the book isn’t a blow by blow, screen shoot by screen guide through creating an example application using OEP you are going to need to apply a bit of effort now in utilising the ideas and capabilities being explained here.

A very well executed set of chapters.

Introduction to Oracle Event Processing – Chapter 2

02 Sunday Jun 2013

Posted by in Book Reviews, Books, Packt, Technology

1 Comment

Tags

, , , , ,

Chapter 2 of the Getting Started with Oracle Event Processing book is really two smaller chapters introducing the platform in terms of its history, building blocks and the challenges that have had to be solved in the creation of an event processing platform (such as managing the potential impact of the garbage collector when handling very high event rates).

Not many books go into the underlying details of how a product is created, but in doing so the authors have provided a lot insight into the art of the possible and avenues for developing further understanding.

The second half of the chapter walks through the use of a demo scenario. Rather than providing details from standard Oracle manuals in a click by click type of guide, the book uses the example to show a flavour of breadth and depth of the tool.

This chapter doesn’t try to describe the installation process, but points you to the Oracle documentation and explains what it should guide you through.

Even if you don’t intend to exercise the demo, it is well worth reading the chapter to understand the construction and breadth of the tool. Based on what has been shown here, I believe some of the Oracle products such as AIA tooling could learn from it.

Chapter 1 of introduction to Event Processing

29 Wednesday May 2013

Posted by in Book Reviews, Books, Oracle, Packt, Technology

1 Comment

Tags

, , , , ,

Although the book’s introduction says that its target audience is developers and architects the first chapter is a very good introduction to the ideas and goals of Complex Event Processing (CEP) for anyone in the IT industry. The chapter explains the ideas and goals of CEP  illustrating them with easy to grasp real examples.

Possibly one if the best starts to a Packt book I’ve seen.

If your going to get stuck in with the more practical pieces then I’d start downloading the tools from Oracle as early as possible as there is several GBs of software. You might also consider cheating by downloading a prebuilt VirtualBox with the majority of the software already installed and configured.