Welcome!


Latest Blogs from Web Security Journal
Do you avoid stores that have had a credit card breach? You are not alone. About 52% of people avoid merchants who have had a data breach according to a recent Lowcards survey. They surveyed over 400 random consumers to better understand the impact of identity theft on consumer behavi...
In a post Snowden world it is clear that for cloud data security, we need strong encryption. When properly implemented, encryption in the cloud reduces risk to levels acceptable for sensitive data. There is no doubt data protection in the cloud computing era is never going to be a ‘...
In the video at this link and embedded below I provide some context on new approaches to data can enhance outcomes for public sector organizations, with a focus on real world use cases. I also mention key requirements which apply at most government organizations for their data and how ...
On the one hand, the BYOX trends that drive cloud service adoption and worker self-enablement are transforming traditional IT into a User-Centric IT model that focuses on empowering and enabling workers. On the other hand, the free-wheeling nature of the cloud and the regular news of ...
Dawn Parzych, F5 Sr. Product Manager, talks about the benefits of HTTP 2.0 and shows us a demo of 170+ pictures appearing instantly while using the BIG-IP HTTP 2.0 profile. Interesting conversation about web pages loads, the chattiness of the HTTP protocol and the notion of HTTP 2.0 mo...
About 8 years ago at my previous employer we started a project related to Autonomic Networking. Autonomic Networking is modeled after Autonomic Computing, an IBM initiative from the early 2000s, targeted at creating self managing computing elements. The network version intends to creat...
Consider the possibility that a small innocuous code change could go undetected, promoted through Development & QA, and then have catastrophic effects on performance once it reaches production. The environmental variants need to be minimized and closely monitored to prevent the anomalo...
I'll explain the difference between two major categories in in-memory computing: In-Memory Database and In-Memory Data Grid. A few months ago, I spoke at the conference where I explained the difference between caching and an in-memory data grid. Today, having realized that many people...
Quite often you will hear IT people say that they want the ultimate automatic disaster recovery solution that you can buy. You can also find some vendors who can sell you their solution as automatic disaster recovery solution only because you asked for one. But do you really want an au...
You often hear people say, ‘oh, this is a living document,’ to indicate that the information is continually updated or edited to reflect changes that may occur during the life of the document. Your infrastructure is also living and dynamic. You make changes, updates or upgrades to addr...
Experiencing downtime is not something that companies wish for but as we have seen lately it is something that we hear quite often about. Interestingly enough very few enterprises, especially in the Small and Medium Business area, spent enough time...
In February 2011, Vivek Kundra announced the “Cloud First” policy across the US Government. The directive, issued through the Office of Management and Budget, required agencies to give cloud technology first priority in developing IT projects. He also described cloud computing as a “10...
It's probably no surprise that I have long advocated the position that hybrid cloud would eventually become "the standard" architecture with respect to, well, cloud computing. As the dev/ops crowd at Glue Con was recently reminded by the self-styled "most obnoxious man in cloud", Josh ...
No doubt, the world of cloud storage has evolved over the past several months in terms of broader interoperability, increased features and functionality as well as lower overall costs. Whereas the questions posed about cloud storage used to center on integration with (or in place of) e...
The days of completely separate storage network technologies are quickly fading. It feels like it’s only a few years ago that Fiber Channel was the way to create large scale storage networks. Big honking storage devices on a separate network, connected to Fiber Channel switches, connec...
I moved recently. Not too far away nor to a different state, just the other side of town. It is simultaneously exhilarating and exhausting. Most people in the U.S. moving during the summer. Kids are out of school, the weather is mostly nice, friends might be available to help and you a...
IP Multicast is one of those technologies that most everyone loves to hate. It’s almost the perfect example of how complicated we have made networking. Getting IP Multicast to run depends on several protocols that are all somewhat intertwined or dependent on each, their relationship so...
At healthcare events throughout the world, we have met many health tech companies who are considering migrating to the cloud, but have serious concerns about protecting electronic protected health Information (e-PHI) and maintaining HIPAA compliance as they virtualize their environment...
It comes as no surprise that the CEO of Target has resigned in the wake of their massive data breach. The 2nd executive, if I remember correctly, to resign due to the mishap. Data breaches are costly according to the most recent Ponemon 2014 Cost of Data Breach Study: United States and...
As public and private cloud adoption continues to skyrocket, it’s becoming more and more clear that Database-as-a-Service (DBaaS) is hugely important to users. This isn’t really news, as much as it’s a confirmation of what many were seeing much earlier in the cloud industry’s maturatio...
It means you can't use "network" protocols to make intelligent decisions about applications any more. Back in 2000 (or 2001, I forget exactly), I got to test a variety of bandwidth management appliances. Oh, they were the bomb back then - able to identify (and classify) applications b...
This week's "bad news" with respect to information security centers on Facebook and the exploitation of HTTP caches to affect a DDoS attack. Reported as a 'vulnerability', this exploit takes advantage of the way the application protocol is designed to work. In fact, the same author who...
How many different network protocols can you name? There are, of course, a set of staples just about everyone knows: IP, ARP, VLAN, TCP, UDP, DNS, HTTP, SSL, TLS, SMTP, FTP, SMB, CIFS, 802.1q, 802.1ad. Then there are recent additions like VXLAN, NVGRE, SPDY. But we could fill post ...
Being from the Hawaiian Islands, the annual gathering of the Kohola (humpback whales) is always a spectacular view. They can get over half their body out of the water and administer a cannonball body slam splash like you’ve never seen before. Most of the internet thinks they breach to ...
Way back in the early days of the Internet scalability was an issue (the more things change...). One of the answers to this problem was to scale out web servers using a fairly well-proven concept called load balancing. Simply put, distribute the load across web servers to make sure eve...
From a cost perspective, the networking dialogue is dominated by CapEx. Acquisition costs for new networking gear have historically been tied to hardware, and despite the relatively recent rise of bare metal switching, networking hardware remains a high-stakes business. But SDN is chan...
Take a moment to consider the things we put up with on a daily basis because they have been understood and accepted as the status quo. Perhaps the old adage, “better the devil you know than the devil you don’t,” rings no truer than for traditional on-premise data storage systems. Sure,...
We've talked before about the bifurcation of the network, which is driven as much by the evolution of network services from "nice to have" to "critical" as it is by emerging architectures. The demarcation line in the network stack has traditionally been - and remains - between layers 3...
Like moving to IPv6, simply picking up your existing network architecture and moving it to a completely new one is not going to happen overnight. There will undoubtedly still be "traditional" networks hanging around even when SDN adoption is considered mainstream and fully mature. That...
While organizations spend the next few days and weeks patching OpenSSL vulnerabilities, the realization is setting in that we may never know the full extent of the damage caused by Heartbleed. Although Heartbleed was only announced in early April, it has actually been present in OpenS...
Appthority is an app risk management company with a Software-as-a-Service solution that analyzes mobile apps for hidden behaviors that pose privacy and security risks. Our main customers are large organizations and we provide them with the first all-in-one App Risk Management service t...
Last week was a crazy week for information security. That's probably also the understatement of the year. With the public exposure of Heartbleed, everyone was talking about what to do and how to do it to help customers and the Internet, in general, deal with the ramifications of such a...
This past weekend, like many of you, I started getting the blood curdling password resets from a bunch of OpenSSL affected sites. I also got a few emails from sites indicating that I had nothing to worry about. Bad news, good news. Probably the biggest security story thus far for 2014 ...
When I visit clients to talk about DevOps, I usually ask them what their monitoring strategy is. Too often, the answer I hear is "We use Nagios". I think Nagios is a great tool, but it sure is not a strategy. Nagios does a good job of monitoring infrastructure. It will alert you when y...
There are a variety of opinions on the seriousness of Heartbleed being put forth ranging from "it's not the end of the world" to "the sky is falling, duck and cover." Usually the former cites the relatively low percentage of sites impacted by Heartbleed, pegged at about 17% or 500,000 ...
Despite claims that there exists (or will, look out!) a mythical "god box" for the enterprise data center, capable of performing every data center function imaginable, it remains, well, mythical. Efforts to effectively secure the data center and the applications it delivers therefore r...
The industry often talks about how the data center perimeter is expanding,necessarily, due to technological shifts such as cloud and mobility and BYOD. But that isn't really the case. If you look closely, you'll see that the perimeter is actually shrinking, getting tighter and tighter...
The combination of cloud computing and big data is a match made in heaven. Big data requires a flexible compute environment, which can scale quickly and automatically to support massive amounts of data. Infrastructure clouds provide exactly that. But whenever cloud computing is discuss...
I am the CEO and founder of GovCloud Network, LLC. In a consultative role, I help companies develop and execute targeted media strategies via social media channels to over 1.5 million professionals across 20 industry verticals. With a specialty in cloud computing, we and our partners a...
When large enterprises move to a public infrastructure cloud (such as Amazon Web Services or others), it is a gradual, and often times, carefully measured process. Large enterprises strive for 100 percent certainty that the migration process will not impact the business; therefore, the...