F5 Buys Shape for $1B to Dominate Application Security

Enforcing Network Security Policies with GitOps – Part 1

“How do I enable GitOps for my network security policies?” This is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, and security.

Most security teams already have a high-level security blueprint for their data centers. The challenge is in implementing that in the context of a Kubernetes cluster and workload security. Network policy is a key element of Kubernetes security. Network policy is expressed as a YAML configuration and works very well with GitOps.

We will do a three-part blog series covering GitOps for network security policies. In part one (this part), we cover the overview and getting started with a working example tutorial. In part two, we will extend the tutorial to cover an enterprise-wide decentralized security architecture. In the final part, we will delve into policy assurance with examples.

Note that all policies in Calico Enterprise (network security policy, RBAC, threat detection, logging configuration, etc.) are enforced as YAML configuration files, and can be enforced via a GitOps practice.

By adopting GitOps, security teams benefit in the following ways:

• Take your policies Continue reading

VMware, CenturyLink, 128 Unveil Holiday SD-WAN Deals

The year in startups: 3 trends in 2019 offer a glimpse into a wild 2020

Taking a look back at three tech and investment trends that dominated 2019 and may shape 2020.

Instana Gifts Itself a Triple Acquisition

An Update on CDNJS

When you loaded this blog, a file was delivered to your browser called jquery-3.2.1.min.js. jQuery is a library which makes it easier to build websites, and was at one point included on as many as 74.1% of all websites. A full eighteen million sites include jQuery and other libraries using one of the most popular tools on Earth: CDNJS. Beginning about a month ago Cloudflare began to take a more active role in the operation of CDNJS. This post is here to tell you more about CDNJS’ history and explain why we are helping to manage CDNJS.

What CDNJS Does

Virtually every site is composed of not just the code written by its developers, but also dozens or hundreds of libraries. These libraries make it possible for websites to extend what a web browser can do on its own. For example, libraries can allow a site to include powerful data visualizations, respond to user input, or even get more performant.

These libraries created wondrous and magical new capabilities for web browsers, but they can also cause the size of a site to explode. Particularly a decade ago, connections were not always fast enough Continue reading

EU Set to Green-Light Nvidia’s $6.9B Mellanox Acquisition

Ampere Teases Next-Gen Chip, Teams Up With Nokia at the Edge

Nvidia Strikes China Mobile Edge Supercomputer Deal

Microsoft, Oracle Now Interconnect in Canada

Deep Dive: How the News and Media Sector Scores on Security and Privacy

In April 2019 the Internet Society’s Online Trust Alliance released its 10th annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites in various sectors. The news and and media sector, compromised of the top 100 news and media sites according to US traffic to their websites, improved its privacy practices in 2018. Like most sites, however, there is still room for improvement in privacy statements.

In 2017 less than half (48%) of news and media sites made the Honor Roll. In 2018 that number went up significantly to 78%, largely due to improvements in privacy statements. Privacy is scored in two ways in the Audit, we look at trackers on each site and we score the privacy statements across over 30 criteria.

One area where news sites did not improve was in the use of trackers on their site. Out of all the sectors news and media scored the lowest in trackers with a score of 39 (out of 45). Part of the reason for this is the news and media sector relies on advertising revenue, which often requires the use of trackers to serve ads.

On Continue reading

Open Networking is Ideal for Education

Google Cloud’s 5 Boldest Moves of 2019

5 questions to answer before deploying Wi-Fi 6

The Wi-FI 6 standard (802.11ax) is bringing many exciting improvements to Wi-Fi that make it an enticing option. These include speed, in the form of real-world multi-gigabit wireless connections, but also support for high-density networks like those in stadiums. However, it will take some careful thought and planning to know when to take the leap to Wi-Fi 6.To read this article in full, please click here(Insider Story)

Silver Peak, Ciena Tackle Enterprise SD-WAN Deployments

Bamboo Systems redesigns server motherboards for greater performance

UK chip designer Kaleao has re-launched as Bamboo Systems with some pre-Series A funding and claims its Arm-based server chips will be considerably more power efficient than the competition.[Get regularly scheduled insights by signing up for Network World newsletters.] Bamboo is targeting the x86 servers, which have a 95% market share, rather than Marvell with its ThunderX2 and Ampere Systems with the eMAG Arm processors. The company argues that the two Arm processors are no different than x86.To read this article in full, please click here

Bamboo Systems redesigns server motherboards for greater performance

UK chip designer Kaleao has re-launched as Bamboo Systems with some pre-Series A funding and claims its Arm-based server chips will be considerably more power efficient than the competition.[Get regularly scheduled insights by signing up for Network World newsletters.] Bamboo is targeting the x86 servers, which have a 95% market share, rather than Marvell with its ThunderX2 and Ampere Systems with the eMAG Arm processors. The company argues that the two Arm processors are no different than x86.To read this article in full, please click here

Cloud migration strategy: How to build a team of experts

In order to pull off a cloud migration successfully you will need a team of experts. Here is a look at the roles you need to on your enterprise cloud migration team.

Part 2: The Best Way to Select a Proxy Architecture for Microservices Application Delivery

Announcing the CSAM Scanning Tool, Free for All Cloudflare Customers

Two weeks ago we wrote about Cloudflare's approach to dealing with child sexual abuse material (CSAM). We first began working with the National Center for Missing and Exploited Children (NCMEC), the US-based organization that acts as a clearinghouse for removing this abhorrent content, within months of our public launch in 2010. Over the last nine years, our Trust & Safety team has worked with NCMEC, Interpol, and nearly 60 other public and private agencies around the world to design our program. And we are proud of the work we've done to remove CSAM from the Internet.

The most repugnant cases, in some ways, are the easiest for us to address. While Cloudflare is not able to remove content hosted by others, we will take steps to terminate services to a website when it becomes clear that the site is dedicated to sharing CSAM or if the operators of the website and its host fail to take appropriate steps to take down CSAM content. When we terminate websites, we purge our caches — something that takes effect within seconds globally — and we block the website from ever being able to use Cloudflare's network again.

Addressing the Hard Cases

Continue reading