Google's attempt to bolster the security via crowdsourcing

Security remains on of top concerns in cloud computing and rightly so. But, how could a cloud service provider ensure that it is doing everything possible to address the security issues to an extent that customers feel comfortable?

Google is adopting a radical approach towards addressing these issues: crowdsourcing. Earlier this month, Google announced a cash reward offer for any interested individual (aka hacker) who could report vulnerabilities on its Web properties. The vulnerability reward program promises to pay anywhere between $500 to $3100 depending on severity of the issue. The company is hoping that the reward program will attract enough enthusiasts (hackers, students, researchers and so on) such that they will reveal certain issues that are worth paying for.

The program is now available to subset of Google properties like

• *.google.com
• *.youtube.com
• *.blogger.com
• *.orkut.com

Some of the types of issues that Google is most interested in finding about include

• XSS
• XSRF / CSRF
• XSSI (cross-site script inclusion)
• Bypassing authorization controls (e.g. User A can access User B's private data)
• Server side code execution or command injection

More details are available here

By the way... one more thing. Google will double the reward if the person decides to donate the amount to charity !

Any takers out there???

Boom Boom: Dell buys Boomi

For those of us who have spent years integrating heterogeneous systems know it very well that integrating the systems is a daunting task. Some of the challenges like interoperability, versioning, security, user experience issues, performance and scalability issues make it hard to pull off really robust integration .

In recent years though a number of cloud providers have been able to expose a lot of capabilities via APIs making it easy for integrators to integrate third party applications with them. Enterprises who are using these cloud providers are increasing depending on the integrations to implement their mission critical business process. For example.. your company might be using SAP/Oracle for CRM needs and then buys another company that is using cloud based CRM like salesforce.com/NetSuite. Considering the amount of data that resides inside these apps and business processes that are built around it, it is never easy to come up with a solution that could be readily agreed upon. Your company can decide to dump one of the systems in favor of other. However that is not an obvious choice in the short term. Better approach would to keep using both the systems with right bridge between them that would take care of combining the data in a meaningful fashion.

The Cloud Integration companies promise to address that very need to integrate the on-premises application and/or cloud apps. The promise with the integration connector comes with the claim that there is no coding, software or appliance is involved. Boomi touts itself as #1 Integration Cloud. It is not clear to me in what sense they are #1. But just going by the number of partners they have in this space, it is clear that they have very thriving echosystem of partners.

The biggest news in cloud computing last week is got to be Dell buying Boomi ! I must agree that somebody buying Boomi is of no surprise to me. But Dell buying Boomi comes as a surprise. I have not been following what Dell portfolio looks like for Cloud Computing. I presume they have some good assets in infrastructure space but not anything in pure software as prominent as Boomi. So Boomi acquisition is very interesting. I would guess that rather than augmenting they have, Boomi will prove as a catalyst to buy few more. We will have to wait and watch !