Showing posts from 2020

DIY SOC2 compliance for custom containers and Kubernetes running on Oracle Cloud Infrastructure

 Sanjay Basu Note : My original blog series was published in ORACLE CLOUD INFRASTRUCTURE blog site. I have republished it here with permission. Official Disclaimer : The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of Oracle Corporation. This blog post provides a guide for any managed service provider (MSP) or independent software vendor (ISV) software-as-a-service (SaaS) provider using Oracle Cloud Infrastructure Services (OCI), looking to make their microservices-based containers and custom Kubernetes infrastructure SOC2 compliant. As a service organization, customers might require these MSP or ISV providers to be Service Organization Controls (SOC) compliant according to the end-companies’ industry regulations. Understanding Service Organization Controls compliance SOC reports have the following levels: SOC1, covering internal control over financial reporting (CIFR) SOC2

Updated guidance to customer for PCI compliance on Oracle Cloud Infrastructure

Sanjay Basu Note : My original blog series was published in ORACLE CLOUD INFRASTRUCTURE blog site. I have republished it here with permission. Official Disclaimer : The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of Oracle Corporation. This blog is an update and continuation of the blog published on August 20, 2018 , explaining how to use underlying security controls for achieving PCI compliance for customer environments on Oracle Cloud Infrastructure (OCI). Over the past two years, we’ve added scores of security and security-focused services that customers can use to achieve PCI and other industry-specific regulatory compliance. Recap The high-level guidance from PCI Security Standards Council has 12 detailed requirements across the following sections: Build and maintain a secure network and system. Protect cardholder data. Maintain a vulnerability management program

The Horseshoe Theory of Political Extremism

  This is my second attempt at political satire. Have you heard of the Horseshoe Theory of Political Extremism? It's like the saying goes: "the farther right you go, the closer you get to the left, and vice versa." It's like a horseshoe - the ends may seem far apart, but they actually bend towards each other. It's almost like the political spectrum is a giant, bendy straw that can suck up any ideology, no matter how extreme! But don't worry, the straw, as in this short essay, is made of rubber, so it won't poke your eye out. They say politics makes for strange bedfellows, but if you venture to the fringes of the political spectrum, you’ll find the strangest bedfellows of all — the far left and far right, nestled together like two peas in an extremist pod. On the surface, these two camps couldn’t seem more different. The far left reads Das Kapital, dreams of a worldwide communist revolution, and gets misty-eyed singing The Internationale. The far right read

How MSPs Can Deliver IT-as-a-Service with Better Governance

 Sanjay Basu As a solutions architect, I often support partners who deliver managed IT services to their end customers. Similarly, I work with large enterprises who manage IT for multiple business units. One of the most frequent requests I get is for best practices on how to align Oracle Cloud Infrastructure solutions and Identity and Access Management (IAM) policies with business-specific governance use cases. For enterprise customers, this means having better control over usage costs across multiple business units. For managed service providers (MSPs), this involves having better cost governance over the IT environments that they manage for end customers in their Oracle Cloud Infrastructure tenancy. This post is structured like a case study, in which an example enterprise customer, ACME CORP's Central IT team, faces the following business challenge: How do they enable their departmental IT stakeholders, and the operators within those departments, to have the aut

Dedicated Access to GlusterFS-Based Shared Storage on Oracle Cloud Infrastructure

 Sanjay Basu Oracle Cloud Infrastructure (OCI) provides bare metal compute instances for both high-frequency CPU and GPU environments, that's why OCI is naturally great infrastructure for many high-performance computing (HPC) applications that need that processing power. However, many applications also require fast access to shared file systems in order to execute quickly and efficiently. Companies developing machine-learning-based applications want to provision their own shared file systems on Oracle Cloud Infrastructure because they are already using them elsewhere and are familiar with them, their performance characteristics, and other features. We recommend using GlusterFS for very fast shared file storage for HPC, machine-learning, or deep-learning workloads using GPU nodes. GlusterFS is a distributed, scale-out file system that lets you rapidly provision additional storage based on your storage consumption needs. It incorporates automatic failover as a primar

Integrating Security with DevOps on Oracle Cloud (Part 2 of 2)

 Sanjay Basu This post is part 2 in our blog series about how we integrate security with a generic DevOps-based application development process. In part 1 , we defined DevOps methodology and practices, focusing on how to integrate continuous security into the larger DevOps process to support continuous application development and operation. In this post, we cover some of the fundamental infrastructure components, such as cloud firewall services, identity management services, and continuous patching without downtime. Network and Application Security Services When you develop an application, or add or remove features, it’s essential to ensure that only required TCP ports are open. Opening ports that aren’t required can lead to exploits and compromises caused by vulnerabilities in the OS or supporting applications. The following figure shows the danger of keeping TCP ports open and accessible to nontrusted networks. Diagram courtesy of

Integrating Security with DevOps on Oracle Cloud (Part 1 of 2)

 Sanjay Basu   Modern development organizations are increasingly using cloud computing attributes like elasticity, API-driven infrastructure as code (IaC), and native immutability for their DevOps and agile development practices. Through DevOps, organizations are seeing these outcomes: Speed up software development and systems deployment cycles Reduce the time and cost to transform an idea into a finished product Unify agile software development and operations, removing barriers to an integrated and iterative process Industrialize the tools and techniques of development and operations with automation at the core In the many engagements in which we've helped customers migrate and develop applications in Oracle Cloud, I have found that security is often a critical missing element in customer DevOps processes. In these cases, security is treated like a siloed and gated activity which, when missed or applied too late, leads to missed project deadlines and vulnerable syste