The concept of software supply chain is not a new one. What may be new is that CI/CD (Continuous Integration/Continuous Delivery) with containers makes it conceptually easy to understand and technically practical to implement. Here’s a process diagram illustrates this approach with five steps. CI/CD Process A software supply chain is here the “master” branch… Continue reading A Secure Software Supply Chain with Containers
Here, a selected few of NIST documents which I’ve found very informative may help those who seek formal criteria, guidelines and recommendations for evaluating containerization and security. NIST SP 800-190 Application Container Security Guide Published in September of 2017, this document (800-190) reminds us the potential security concerns and how to address those concerns when… Continue reading NIST Guidance on Container Security
As a firmware interface standard to replace BIOS (Basic Input/Output System), UEFI (Unified Extensible Firmware Interface) specification has been a collective effort by UEFI Forum members for a while. UEFI is in essence an abstraction layer between firmware and OS, and independent of device hardware and architecture. Which provides flexibility for supporting multiple and various… Continue reading An Introduction of UEFI Secure Boot and Disk Partitions in Windows 10
Yung Chou, Kevin Remde and Dan Stolts continue their TechNet Radio multi-part Windows 10 series and in part 2 they showcase free tools like the User State Migration Toolkit (USMT) that can easily migrate users and user data to Windows 10 from Windows XP, 7 and 8.
Internet Climate Recently, as hacking has become a business model and identity theft an everyday phenomenon, there is increasing hostility in Internet and an escalating concerns for PC and network securities. No longer is a long and complex password sufficient to protect your assets. In addition to a strong password policy, adding MFA is now… Continue reading IT Pros’ Job Interview Cheat Sheet of Multi-Factor Authentication (MFA)
I am starting a series of Windows 10 contents with much on security features. A number of topics including Multi-Factor Authentication (MFA), hardware- and virtualization-based securities like Credential Guard and Device Guard, Windows as a Service are all included in upcoming posts. These features are not only signature deliveries of Windows 10, but significant initiatives… Continue reading Don’t Kid Yourself to Use the Same Password with Multiple Sites
As IT considers and adopts cloud computing, I thought it is crucial to understand the fundamental difference between cloud and virtualization. For many IT pros the questions are where to start and what is the road map from on-premises to cloud, to hybrid cloud. In my previous memo to IT pros on cloud computing I… Continue reading Another Memorandum to IT Pros on Cloud Computing: Virtualization , Cloud Computing, and Service