Archive for April, 2011

Just-in-time apps – Next Generation Web hosting

April 30, 2011

Since the inception of internet leading upto its peak,  having a website was a given for every organization . In a similar vein, with the advent of iPhone, now everyone is expected to have an app. After the .com boom, the website creation is commoditized by the web-hosting companies that they would offer a variety of templates and you could build your website in few minutes. The same business model is being extended to the app world by the new entrants РiSites, Widgetbox and bizness apps.

Every one of them offers a paid plan per month per app plan with varying degree of support, analytics and the apps work in both android and iPhone. BiznessApps is the cheaper of the lot.  iSites offers a basic web based app while the BiznessApps offer the ability to create native iPad apps and widgetbox let you create widgets alone.

Securing files in Cloud

April 30, 2011

Recently, I was looking on ways to secure the files we store in cloud for various reasons. I was surprised that Amazon, Rackspace or any other cloud vendor’s lack of APIs to secure storage by certificates or encrypting or other means. While researching around, I read about three interesting solutions

1. Microsoft Encrypted File System (EFS) – I felt that this takes too much time & effort to accomplish this and we are dependent on setting up certificate services and more. I gave up.

2. TrueCrypt – This is great. This is an opensource project, you just download and install the program and follow easy instructions to create a volume. Entire data in the volume is encrypted and password protected. One need to mount the volume by providing the password to access the files. However, once mounted it gives free access to anyone logged on to the machine / server.

3. AxCrypt – This is good if you want to encrypt individual files, while TrueCrypt is to secure the entire disk / volume that you define.

Here is a good review on TrueCrypt and AxCrypt.

I’m still looking for a tool that offers an API which I can call programmatically and secure the volume. In case of Truecrypt, I can create an S3 volume or a storage volume in cloud, define it as encrypted and mount the volume on the server to which it is attached. However, if some hacker gets in to the server, then he / she can read the files. Since the files are no longer encrypted once you mount it, this becomes meaningless. This would be helpful as long as no one can get into the server (this is the same case with Windows EFS as well).