Cloud Security – Follow the Feds?
Last week the Feds had a coming out party for FedRAMP (Federal Risk and Authorization Management Program). Originally announced in October, FedRAMP sets standards for privacy and security for cloud providers to meet in support of...
The Swiss Cheese Perimeter Defense
Since the beginning of the information security profession, the predominant model for security has been a location-centric model. The foundational control is physical access over a computer or computer facility itself. On top of...
Blog: Securing "the" directory
I use the quotation marks around “the” with respect to enterprise directory because there is almost never a single directory in the enterprise. Fifteen years after the first time I remember discussing consolidating onto a single...
Directory Direct
@font-face { font-family: "MS 明朝"; }@font-face { font-family: "Cambria Math"; }@font-face { font-family: "Cambria"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Cambria;...
Phone-as-token: availability/security
@font-face { font-family: "MS 明朝"; }@font-face { font-family: "Cambria Math"; }@font-face { font-family: "Cambria"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Cambria;...
Mobilizing Multifactor
One of the most interesting developments in multifactor authentication is the rise of ubiquitous mobile access. Ten years ago, most knowledge workers did not carry a mobile phone at all, or even a pager, let alone a smart phone with...
The Need for Cloud Identity Management
Imagine this scenario: a disgruntled IT staffer leaves the company, goes down to the local McDonald's, logs back into the network and starts taking down virtual machines. One of the machines taken down is the Exchange server,...
Mobile Voice and Data Availability: it’s an internet security issue
The other day I was at my friend’s house in Washington, Virginia, (just beyond the middle of nowhere) where mobile phone service is nonexistent. Up until recently the only way to use my Verizon mobile at his house was to use WiFi for...
The Pros and Cons of a Cloud-Based Firewall
For the past few posts I’ve been writing about cloud-based security adoption while focusing on cloud-based firewall as a service, which enjoys high interest among enterprise security architects and staff. There are definitely...
The DNS Under Your Hood
The other day I was reading an article about Ford’s efforts in conjunction with MIT to embed wireless applications into cars. It’s really exciting stuff. A scenario described is one car communicating with cars further up the road to...
Firewalls In The Clouds
Where is your firewall? Yes, it’s in a rack—but where’s the rack? Increasingly, we find organizations looking to a layered firewall model where the first line of defense is not in a rack in the data center, it’s in the cloud....
Security as a Service – What’s Inside Counts
This week I’m writing about cloud-based security services, or Security as a Service (SECaaS). What’s great about SECaaS—like SaaS—is that it's delivered as a service with typically no on-premise gear required. In addition, it’s...
Is Cloud-Based Security in Your Future?
Hi ho, hi ho it’s off to the cloud we go! We go to the cloud for office applications, CRM, email, computing, storage, etc. Increasingly, we go to the cloud for security services. It’s interesting that while the cloud delivers some of...
Attacking IPv6
Transition to IPv6 is inevitable, since that will sooner or later become the only game in town for new address spaces. The transition will be prolonged in part by the ability to do NAT in order to run large numbers of Internet nodes...
Transition to IPv6 is inevitable for companies envisioning long-term presence on the Internet
Transition to IPv6 is inevitable for companies envisioning long-term presence on the Internet, but the mode and length of the transition remains very much a mystery. In Nemertes' 2011-2012 benchmark, IT professionals at 78% of...
Can You Ping Me Now?
Whatever your business is, retail or healthcare or education, delivering your goods and services to your customers is increasingly dependent on the Internet. And, between use of SaaS and use of Internet to connect branches and...
Securing the Base
Thinking about securing that access layer, I am put in mind of the many folks I speak with during Nemertes’ research benchmarks who have single points of failure in their connectivity at the physical level: they may have redundant...
Securing Your Internet Infrastructure is Securing Your Enterprise
The virtualizing enterprise is characterized by its embrace of data center and desktop virtualization, mobility, and unified communications, and by its complete integration of the Internet into the infrastructure — to connect to its...
