After watching the good work of the Cloud Security Alliance (CSA) for more than a year, WSO2 has joined as a Corporate Member.
As you know, WSO2 offers the very first completely open source Platform as a Service (PaaS). Taking our Carbon-based middleware platform to the next level, WSO2 Stratos offers the most complete, enterprise-grade, open PaaS, with support for more core services than any other available PaaS today. Unlike many cloud platforms, WSO2 Stratos, the software behind the WSO2 StratosLive Java PaaS, is available as a fully supported product that can be installed and run on-premise.
WSO2 Stratos provides the core cloud services and essential building blocks, for example federated identity and single sign-on, data-as-a-service and messaging-as-a-service and more, required for developing SaaS and cloud applications.
Building a cloud PaaS is actually quite a challenge, but no pain, no gain!
We took up the first challenge of getting our Carbon stack running on OSGi runtime, not an easy task and one that some vendors were unable to complete, but one that we found necessary to build cloud nativity deeply into the platform, and to enable incremental upgrades and addition of the platform as a live entity.
Security represents one of the biggest challenges we faced making Stratos a reality. We had to rebuild the foundations of the system to focus on tenant isolation, data security, restricted operations, tenant-based user stores, standards-based security models, integration with other *aaS models among other concerns. Stratos today supports many of the most popular open standards related to security and identity management including SAML2, OpenID, OAuth, XACML and WS-Security.
A few months back we received some recognition of this work, as a recipient of KuppingerCole’s European Identity Award 2011 for the Cloud Provider Offerings category. The award recognizes WSO2 specifically for WSO2 Stratos Identity, citing the multi-tenant open source cloud service for its OpenID and XACML support and its innovative features, including the ability to migrate from on-premise to a full cloud service (and back).
Stratos has come a long way, with customers now adopting the platform, and we welcome the opportunity to both share our experiences with other cloud providers and be part of the conversation in moving cloud security forward.
The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.
Among many of our community, questions about whether to move to cloud or not, whether to move to a private or public cloud and so forth mostly revolve around security concerns. We are looking to helping address those concerns, and contributing to the standards and guidelines promoted by the CSA to educate users about ensuring the future of cloud is secure.
Prabath Siriwardena, Architect & Senior Manager – Carbon Platform & Security