When it comes to security, the highest standard to date is the Payment Card
Industry Data Security Standard (PCI DSS), a set of requirements for
businesses that process payment card information.
Developed by Visa, American Express, Discover Financial Services, and other
members of the PCI Security Standards Council, the PCI DSS is a collection of
policies, procedures, and practices to protect customer account data. The
standard includes specific requirements for strictly controlling access to
customer data, authenticating business users, monitoring access, maintaining
a secure network, and auditing system resources.
So, this is one tough standard to break, if followed correctly. But therein
lies the rub, because according to a new study out from Verizon this week, a
lot of companies aren’t completely following the PCI DSS well enough, which
is leading to a marked in... (more)
Thanks again to those who joined us for last week’s webinar, "Windows
Server 2008 High Availability: Technology Comparison." The on-demand
recording of last week's webinar is now available to watch at your
We had a lot of good questions from our attendees during the Q&A portion of
the webinar, which are summarized below.
Q: How do you determine when to use an HA solution vs. a DR solution?
When it comes to availability vs. recovery, the most important question to
ask is what are your recovery time objectives (RTO)? What is the amount of
time your application can afford to be down? If the applications have strict
requirements, then you want an availability solution. Disaster recovery is
data replication often times with a failover capability, not availability.
For critical applications, this may not be sufficient.
Q: If I have an HA solution in pla... (more)
Windows Azure is a cloud-based service offered by Microsoft. It is considered
a platform-as-a-service (PaaS) solution, since it allows developers to
design, produce, and deploy their applications entirely in the cloud —
using the servers and operating systems of the provider. This eliminates the
need for purchasing expensive hardware and the costs of keeping it
operational. The main purpose of Windows Azure is to provide a highly
available, very scalable, and easily recoverable platform for running
applications in the cloud. Microsoft does all that by deploying the
customer’s applications in modern data centers ensuring 99.95% uptime.
Windows Azure runs customer’s applications in three kinds of instances,
Web role instances – used for creating web-based applications running on
IIS7. Developers can create the applications in ASP.NET, PHP, Java, etc.
Enterprises often frustrate developers. Why do Enterprises always seem so
behind when it comes to the very latest technology? In particular, a trend we
are seeing is the continued struggle to marry Enterprise authentication with
the burgeoning world of REST APIs. Developers want to use REST, but
Enterprises need enterprise grade API security.
We think this problem will only worsen as Enterprises continue their rapid
adoption of APIs. It seems clear that SOAP, while capable of Enterprise grade
authentication through X.509 and SAML, will be left behind as the “Skinny
jeans Facebook generation” puts the final nail in SOAP’s coffin.
Among our own customers and the stories we’ve heard, Enterprises are left
with a dilemma with four horns concerning the protection of REST APIs:
(a) Use mutual authentication with client-side SSL
(b) Use HTTP authentication (passwo... (more)
Jason Macy, CTO Forum Systems, Inc
A common industry misconception is understanding the differences between an
XML Gateway and a Web Application Firewall. These technologies are
sometimes confused as being competitive, but in fact they are complementary
technologies that together provider the foundation of modern-day network
perimeter security infrastructure.
Key Areas of Comparison
To better understand the distinctions between these product technologies, the
primary areas of comparison are as follows:
Deployment ModesProtocols and Message Formats
Threat MitigationTransaction PrivacyTransaction IntegrityIdentity
Access ControlSSOTransaction Processing and Mediation
WorkflowTransformation / Mapping
WAF technology has several deployment modes, but it is an important
distinction from a gateway product that over 50... (more)
The Field Mobility News Weekly is an online newsletter made up of the most
interesting news and articles related to field mobility that I run across
each week. I am specifically targeting information that reflects market
data and trends.
Also read Enterprise Mobility Asia News Weekly
Also read M2M News Weekly
Also read Mobile Commerce News Weekly
Also read Mobile Cyber Security News Weekly
Also read Mobile Health News Weekly
Also read Mobility News Weekly
Looking for an enterprise mobility solution? Read the Mobile Solution
ABI Research, Oyster Bay, N.Y., says adoption of telematics in the
non-trucking sector, which includes construction, service and utilities,
public transportation, and others, is expected to equal the trucking industry
in terms of numbers of connected vehicles by the end of 2014. Read Original
The head of Uruguay’s National Dru... (more)
It's not an uncommon problem trying to figure out where to plant that sorry
page in the event your farm is down. It's also not an uncommon solution to
just use your BIG-IP to issue a text-only HTTP::respond. It works, but it's
not, how do you say, visually appealing? You want to say sorry and mean
it. With pictures. If you take a stroll through the iRules codeshare,
you'll notice several solutions to this problem. All of them work, with a
variety of methods, but user kirkbauer's entry takes it to another level.
Kirk's sorry page irule generator (written in perl) takes all the guess work
out of the process for you. Dump the perl script in /var/tmp, give execute
permissions to root, and off you go. Here's a sample configuration, just
taking Google's main page:
[root@ltm01:Active] mibs # /var/tmp/sorrygen.pl
Welcome to the F5 Sorry Page iRule Generator
This s... (more)
Symplified, the cloud security company, today announced that it will
demonstrate here how its SinglePoint™ Cloud Identity and Access Management
solution provides centralized, granular access control, single sign-on (SSO),
and auditing for leading cloud applications, identity providers, and
federation protocols by integrating with user data and directories located
inside enterprise firewalls. As part of the cloud SSO Interoperability
demonstration hosted by Burton Group, Symplified will showcase how
SinglePoint addresses policy enforcement, regulatory compliance, and
directory integration challenges associated with deploying Google Apps,
Salesforce.com, Microsoft’s new identity federation platform, and other
“The mainstream deployment of cloud applications, especially among large
and medium sized enterprises, is creating the need for centralized... (more)
If you are a CTO or other senior enterprise technologist and if you use
Twitter I would appreciate you checking something out the site at:
This is a directory of Chief Technology Officers. It is built with Floxee
(they are graciously letting me use their capability as a beta user).
I decided to build this Twittering CTO directory for several reasons,
1) Testing out Floxee. They have a great capability and have plans to
continue rolling out new capabilities and this is a great way to learn.
2) Greedily building my own dynamically updated reference into the thoughts
of the twittering CTO. This has already turned into a good reference that I
enjoy learning from throughout the day. I follow many people on Twitter
but sometimes there is just too much traffic there for me to focus in on
technology topics, so I thought a list like this co... (more)
Federal agencies now have more tools from Verizon Business to manage network
access, protect critical assets, help prevent insider security threats, and
help the agencies comply with federal security regulations.
Verizon Business announced that it is offering Symark PowerSeries security
access-management software and applications, integrating those security
capabilities for UNIX/Linux servers and systems into the company's already
robust portfolio of security solutions for government customers. These new
services -- immediately available under the U.S. General Services
Administration's Connections contract -- will help federal agencies comply
with access control and accountability requirements associated with new
stricter Federal Information Security Management Act (FISMA) regulations.
The addition of the Symark offering complements and extends Verizon Business'
Quest Connect is a big online conference put together by Quest, Microsoft, ,
Dell, NetApp, Vizioncore, Scriptlogic, Techrepublic, Oracle Magazine, Redmond
Magazine, and The Code Project. The agenda is packed with a lot of useful
material on Windows Server 2008 R2, AD, Identity Management, Exchange 2010,
Virtualization, Cloud Computing, SharePoint, SQL, Oracle – see full
agenda here – and they include some sessions specifically on cloud
computing and Microsoft Online Services.
Here are a few:
Here or Way Out There? Should Your Active Directory Management Be In Cloud?
Available the whole day on-demand
Dmitry Sotnikov, New Project Research Manager, Quest Software
Spend a few minutes learning how to leverage the Cloud Computing Craze in
your environment. During this session, Dmitry Sotnikov will demonstrate
provisioning for cloud directories and review Quest’s soon-to-be-... (more)