WTA13 – Secure Clouds?

WTA13 – Secure Clouds?

Attendees: Alain Bohon, Ben Simo, Eusebiu Blindu, Michael Larsen, Mohinder Khosla, Scott Seltzer, Shmuel Gershon, Timothy Western

Date: Saturday, June 25, 2011 (11:00 a.m. – 1:00 p.m. (PDT))

Today our charter was as follows:

We all are the test team for a medium sized company (say 1,000 people). Due to the desire to spread to small regional offices, but keep key documents available we are looking at cloud options to store important documents. we want to make this as easy for our users as possible, so we are exploring numerous options in the marketplace today. There are some famous names like Dropbox, Sugar Sync, etc. that we can consider. The big concern with corporate, however, is security. How can we make sure that what we put online is safe?

Our mission is to explore testing options, and examine various services (pick additional versions if the two I’ve mentioned don’t float your boat), and report back on what we can do to test and confirm this approach (or not confirm it).

With that, we went to town and focused on a number of aspects of Cloud Service security. Things that we considered were the strength of passwords, direct attacks of sites and interfaces, the overloading of interfaces to get documents loading to be stuck in between states, and discussing social engineering, the ability to compromise a network without using a single malicious script. Ben Simo has significant experience in this topic and provided numerous links and suggestions for applications and further information on this topic.

Chat transcript is here. Test charter and ideas via typewith.me is here.

About the Author

I’m a software tester working with Socialtext in Palo Alto, CA. I have worked in a number of different fields and in a number of different capacities. I started my testing career in March of 1991. I am co-founder and primary facilitator for Weekend Testing Americas. I am a black-belt in the Miagi-do School of Software Testing, a member and Teacher in the Association for Software Testing, and the producer of Software Test Professionals' "This Week in Software Testing" podcast (now on hiatus).