John Burke
John Burke, CTO of Nemertes, advises clients based on primary research in cloud, networks, automation, and security, and on his 30-plus years’ experience as an IT researcher, practitioner, and leader.
Zero trust requires clear architecture plans before changing core systems
Successful enterprises approach zero trust carefully, with the big picture in mind, before making changes to network access, data management or application engineering.
5G wireless WAN will have benefits beyond 4G WWAN
Cellular WAN connectivity has solid enterprise use cases with 4G, and as 5G rolls out, will become more attractive for its speed, reliability, and price.
How wireless WAN can make SD-WAN more agile and resilient
WWANS can augment SD-WANs with failover, redundancy, and rapid set-up.
Rethinking the WAN: Zero Trust network access can play a bigger role
COVID-induced work-from-home prompted WAN innovations that demonstrate VPNs and SD-WAN aren’t the only good options.
Software-defined perimeter + Zero Trust: A good place to start
Software-defined perimeter can be an important part of Zero Trust that enforces network access, but first plan the Zero Trust architecture and the changes that means for the network and security.
Cloud Security – Follow the Feds?
Last week the Feds had a coming out party for FedRAMP (Federal Risk and Authorization Management Program). Originally announced in October, FedRAMP sets standards for privacy and security for cloud providers to meet in support of...
The Swiss Cheese Perimeter Defense
Since the beginning of the information security profession, the predominant model for security has been a location-centric model. The foundational control is physical access over a computer or computer facility itself. On top of...
Blog: Securing "the" directory
I use the quotation marks around “the” with respect to enterprise directory because there is almost never a single directory in the enterprise. Fifteen years after the first time I remember discussing consolidating onto a single...
Directory Direct
@font-face { font-family: "MS 明朝"; }@font-face { font-family: "Cambria Math"; }@font-face { font-family: "Cambria"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Cambria;...
Phone-as-token: availability/security
@font-face { font-family: "MS 明朝"; }@font-face { font-family: "Cambria Math"; }@font-face { font-family: "Cambria"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Cambria;...
Mobilizing Multifactor
One of the most interesting developments in multifactor authentication is the rise of ubiquitous mobile access. Ten years ago, most knowledge workers did not carry a mobile phone at all, or even a pager, let alone a smart phone with...
The Need for Cloud Identity Management
Imagine this scenario: a disgruntled IT staffer leaves the company, goes down to the local McDonald's, logs back into the network and starts taking down virtual machines. One of the machines taken down is the Exchange server,...
Mobile Voice and Data Availability: it’s an internet security issue
The other day I was at my friend’s house in Washington, Virginia, (just beyond the middle of nowhere) where mobile phone service is nonexistent. Up until recently the only way to use my Verizon mobile at his house was to use WiFi for...
The Pros and Cons of a Cloud-Based Firewall
For the past few posts I’ve been writing about cloud-based security adoption while focusing on cloud-based firewall as a service, which enjoys high interest among enterprise security architects and staff. There are definitely...
The DNS Under Your Hood
The other day I was reading an article about Ford’s efforts in conjunction with MIT to embed wireless applications into cars. It’s really exciting stuff. A scenario described is one car communicating with cars further up the road to...
Firewalls In The Clouds
Where is your firewall? Yes, it’s in a rack—but where’s the rack? Increasingly, we find organizations looking to a layered firewall model where the first line of defense is not in a rack in the data center, it’s in the cloud....
Security as a Service – What’s Inside Counts
This week I’m writing about cloud-based security services, or Security as a Service (SECaaS). What’s great about SECaaS—like SaaS—is that it's delivered as a service with typically no on-premise gear required. In addition, it’s...
Is Cloud-Based Security in Your Future?
Hi ho, hi ho it’s off to the cloud we go! We go to the cloud for office applications, CRM, email, computing, storage, etc. Increasingly, we go to the cloud for security services. It’s interesting that while the cloud delivers some of...
Attacking IPv6
Transition to IPv6 is inevitable, since that will sooner or later become the only game in town for new address spaces. The transition will be prolonged in part by the ability to do NAT in order to run large numbers of Internet nodes...