During the Spieker Point Inc. open house, Walter Schwabe from FusedLogic TV interviews Steve Hole a software architect with Spieker Point about Managing Risk – Data Security in the Cloud.
Walter Schwabe:
“We’re here at Spieker Point Software Engineering and Solutions at their open house and eighth anniversary. Welcome to fusedlogic TV. I’m your host Walter Schwabe. I’m joined by Steve Hole who’s a software architect here at Spieker Point. Welcome Steve.”
Steve Hole:
“Hello.”
Walter Schwabe:
“Let’s talk a little bit about security. Security is an important issue for all sizes of companies when you’re operating computers and networks. Often times though as a company evolves and grows you have to add software applications into the mix and that can sometimes be a bit troublesome. Lets talk a little bit about that. How do you get an application to work in what is generally a foreign environment?”
Steve Hole:
“Well it’s not that hard but you have to be prepared to establish an island or a central point of authority for who owns those accounts and how they get managed. There’s a series of standards in place that help you out with that. You can come along and enable your software applications to make use of those standards and employ those standards, as a matter of course, for the software that we develop here at Spieker Point we enable our applications to do that as well. There’s a collection of standards, a number of acronyms, a huge endless list of acronyms actually, that come along and be brought into play for this kind of stuff but the whole idea is you set up a central authority for all your authentication information and all your authorization rights and then you allow those various applications to come along and make use of that information.”
Walter Schwabe:
“That’s at the code level.”
Steve Hole:
“Yes.”
Walter Schwabe:
“Let’s talk a little bit about culture because we’ve got IT departments that usually like to button things down really tight and they manage IT departments by simply just saying no most of the time thinking that they’re managing risk. What sort of things do you come up against there?”
Steve Hole:
“Well in fact there’s two levels of security there’s the internal and the things you need to do to make various disparate islands of data and applications work together internally and then more and more there’s making those work externally too as people move applications into the cloud and as people have a strong desire to interoperate with people in the outside world, so let’s take health care, they’ve got groups of doctors and they’ve got Alberta Health Services for example here in alberta, which is a central authority for that information, they have to be able to exchange information so they have to be able to trust each other and do those kinds of things. So for the internal application group, the number one capability they want is single sign on so they have one account for the whole organization and every application they go into they can use that one account. For the external stuff now they have to be able to say well my account here inside the Primary Care Network, for example, because I’ve logged in here and the Primary Care Network trusts Alberta Health Services and Alberta Health Services trusts the Primary Care Network my logging in here is enough to establish a trust relationship.”
Walter Schwabe:
“Almost like a passport in a sense.”
Steve Hole:
“Absolutely, so it’s called single sign on and it’s the holy grail of security that you can do that and still have the confidence that you’re exchanging information securely. Security happens at so many different levels but as soon as you go on the outside and as soon as anything goes to the outside it becomes ten times more complicated and so that’s why people, the risk management people and the security officers in organizations, are going oh no no we can’t go outside we can’t go outside because it’s just too risky.”
Walter Schwabe:
“And yet we are able to go outside.”
Steve Hole:
“You have to be able to go outside. And more and more the push is to move applications from inside the organization to being hosted outside the organization in the cloud and doing that. Standards have been in place for twenty years for doing that and we’ve actually participated in the development of those standards over the years so we’ve got a very good understanding of them but they’re just now really catching on and becoming important so many times people will specify that you need to be able to support these kinds of things in your application in order to participate.”
Walter Schwabe:
“Steve thank you so much for letting us peer into the security and the software architecture that you work with every day. I’ve been speaking with Steve Hole, a software architect with Spieker Point, here at their open house. I’m your host Walter Schwabe on fused logic tv.”