If you were unable to join us at this year’s IP EXPO then please do take a few minutes to view our video from the event and find out how Netutils along with Juniper Networks can support your security challenges now and in the future.
Hosted at Mercedes Benz World, Juniper Networks’ and Netutils’ recent workshop on Innovative Transitions in Networking & Security provided an opportunity for our customers to learn about Juniper Network’s latest innovations in networking & security. Watch the video from the day here.
By Malcolm Orekoya, Technical Specialist, Netutils
Views expressed in this post are original thoughts posted by Malcolm Orekoya, Technical Specialist, Netutils. These views are his own and in no way do they represent the views of the company.
How do we enhance security but allow users access to the data and resources they need seamlessly and improve enterprise productivity, while still keeping up with the trends in mobility, consumerisation and cloud? The answer is by following those trends.
Look beyond the technology and look at the people that use the technology. This tells us two things: users do not prioritise security, and your enterprise productivity is directly related to the ability of your users to perform their tasks efficiently. So companies cannot adopt a “lock everything down” mentality. It is effectively a denial of service attack against yourself, because you are essentially denying access to the essential services needed by your users. So security, and enforcement of it, is solely the responsibility of the enterprise. It may sound harsh, but it is the reality; employees are accountable for the procedures, guidelines and policies to which they are required to adhere to.
The only viable way to build a secure network that moves with CoIT is to use existing corporate user identity systems (such as Active Directory, LDAP, SQL) to integrate with evolving ideas to automatically provision context-aware applications and resources.
So how to secure data and the network while still allowing seamless access and speedy resource allocation? Don’t ignore the trends in the IT industry. Cloud and hosted applications are continually increasing in adoption because they guarantee a certain level of security of access, ease of access, flexibility, automated provisioning, ease of upgrades, cross platform compatibility and reduced CAPEX, while maintaining compliance and security standards. The providers of these solutions are themselves heavily regulated and required to adhere to high standards of data and network security.
If you prefer to retain in-house control of applications, then virtual desktop infrastructure (VDI) means you benefit from reduced costs over time of purchasing user endpoint machines by moving to thin clients. But also these VDI platforms allow control of what applications employees have access to, and provide much more granular control on what tasks users can perform. Because a lot of the VDI platforms allow “hot-desking”, as user profiles are maintained on centralised servers, they provide access flexibility and remote access, which fit with CoIT needs.
Zero-Day protection is also another useful trend; the means by which an enterprise can protect its data and resources from threats and vulnerabilities that are currently unknown, so consequently do not have a fix. Zero-Day application exploits, targeted attacks, advanced information stealing malware and Advanced Persistent Threats (APTs) all pose a serious security threat to enterprises, but as these threats evolve, so does the approach to effective and manageable protection. Active defence, which discourages attacks by focusing on raising costs and risks to attackers, is slowly creeping into enterprise strategy. Proactive protection – including advanced Web Application Firewalls (WAF), counterstrike and intrusion deception techniques – are all protection methods that have seen a revival. For example, in 2012 Juniper Networks acquired Mykonos Software’s intrusion deception software (Junos WebApp Secure) to enhance its web application security portfolio. It places deception points along the way. When an attacker trips one of those tripwires, we are alerted to the fact they are there and can watch them.
The reality is that vulnerabilities and threats exist, and come from inside as well as outside the network. The biggest insider threats are the employees, but we can only educate staff on how to handle sensitive corporate data and how to use corporate resources. For outsider threats, innovation brings assistance.
By Malcolm Orekoya, Technical Specialist, Netutils
Views expressed in this post are original thoughts posted by Malcolm Orekoya, Technical Specialist, Netutils. These views are his own and in no way do they represent the views of the company.
Everything delivered by the IT department nowadays is frequently classified as a service function. With Consumerisation of IT (CoIT), the consumption of these services is affected by the trends in mobility, bring-your-own-device (BYOD) and cloud, which in turn puts pressure on the scalable infrastructure you need.
The number one risk management concern for IT managers with CoIT is security, but in what context? As workers become more mobile, adopting BYOD and accessing corporate applications and information remotely, an IT manager needs to be able to guarantee that the access and authentication from these devices is secure – as well as make sure that if these devices are lost or stolen, the information they hold and can access does not end up in the wrong hands.
One way of achieving this is via profiling based on the user, type of device (managed or unmanaged), resources being accessed, location being accessed from and the role of the user. For example, an employee using a corporate device, accessing the network remotely and an employee using a personally owned device, accessing the network via the wireless local area network (WLAN), are two distinct profiles that require different policy enforcement.
To minimise risk, authentication (user and device) needs to work with posture checking of endpoints, secure remote access, mobile device management (MDM) and secure wireless connectivity. An end-to-end security infrastructure is required; one that is easy to deploy and manage, as well as one that can provide the performance, access and integration needed. For example, Juniper Networks provides the single Junos Pulse endpoint client, capable of providing secure mobile remote VPN access and network access control (NAC), with role based access control and 802.1x authentication. In addition, the Junos Pulse Mobile Security Suite MDM is purpose-built for mobile devices and provides anti-virus, anti-spam, anti-malware, endpoint firewall, loss and theft protection and endpoint monitoring.
CoIT is not the same as BYOD; it covers the changing trend in the way technology is used. Therefore, cloud services such as storage (Dropbox, Box, Google Drive) and applications (Office365, Salesforce, GoogleApps) – as well as in house developed proprietary applications – all need to be secured within their virtualised environments.
The underlying infrastructure of the virtualised environment and the networking infrastructure (switches, routers, firewalls) needs to provide an end-to-end approach that is secure, scalable and resilient. For example, the single operating system in the Junos OS from Juniper Networks, runs across many of its security platforms, allowing administrators to consistently apply policies across the board without having to learn and manage a variety of systems. The innovative technology for securing the virtualisation space is Juniper Networks’ virtual gateway (vGW) product, which focuses on security within the hypervisor and between virtual machines as they communicate in the virtualised platform, as well as outbound. This is a further example of how vendors and manufacturers need to understand the elements that form the foundation of front end resources.
Numerous surveys have shown the impact of the proliferation of personally owned mobile devices onto the enterprise network. One of the impacts of this over the last few years has been the malware threat, and general increase in the amount of cyber threats specifically targeting mobile devices – especially Android devices. Risk management needs to focus beyond managing mobile devices via MDM platforms, to actually securing the corporate data in transit. This involves sandboxing technologies, such as Secure Virtual Workspaces (SVW), which were the initial and most popular solutions in the early days of mobility, to new smarter devices that encrypt data on the devices and in transit, or provide dual boot functionality with physically or logically separated segments on the device.
CoIT is here to stay; we have been talking about these trends for a few years now. If you are managing risk, the next step is to understand the solutions currently available, which will help manage it from end to end.
Like us you’ve probably been asking questions and more questions about BYOD. To quote Stephen Fry ‘No sin in that. We grow wise by asking questions. The right questions.’ So, here our Technical Director, Toby Makepeace grapples with BYOD and answers some of the biggies.
This post contains original thoughts posted by Toby Makepeace, Technical Director, Network (Utilities) Systems Ltd. These views are his own.
BYOD – a threat or an opportunity?
We are all well aware of today’s business challenges brought by the proliferation of mobile devices, new styles of remote working and the associated challenges faced by IT managers in meeting the increased demands for network access from both staff and guests. Those challenges aside, this question is easy for me to answer – opportunity! In my view BYOD brings a massive opportunity to your business. Quite simply the possibility of the increase in productive man hours can only be viewed as a benefit to the business. So, next questions please!
Are businesses prepared? What’s the risk to the business? Are there cost savings to be made? What is the impact on the IT department?
To answer these let’s first cast our minds back to when BlackBerry’s were first being deployed. At the time many felt they were an unnecessary cost and a risk to the business, and would not increase productivity, yet nowadays you’d be hard pushed to find a member of staff who doesn’t feel their BlackBerry or mobile device is a critical part of their everyday business toolkit.
However, I also believe the risk factor still exists and in some cases has not been addressed for these corporate devices. As people move away from BlackBerry to other mobile email systems, a BYOD strategy might help tackle these risk factors by reviewing the corporate policy on mobile devices and re-addressing some of the failings around theft or lost devices and help you move towards a solid Mobile Device Management policy.
With mobile email being the killer application upon which we all rely, let’s take a look at each of these questions in a little more detail:
Are businesses prepared?
Unfortunately the answer here is generally no, but we were not prepared for mobile email either. At that time we needed to invest in the solution that worked for our businesses, so now we need to invest in a BYOD solution that works for our businesses too. It might be just one product that we need, but more likely a suite of products to build a robust BYOD solution.
What’s the risk to the business?
The answer here really comes down to how far you want to take BYOD, and the level of investment required to protect your business. The solution that you take on board should not be any different to a solution you should look to deploy to secure a corporately owned asset like a laptop. Consider if you can increase the level of protection you offer your business by using BYOD as a strategy to implement a solution to secure both BYOD and your corporate assets.
A full Network-Access-Control solution like “Juniper Networks UAC solution” can offer benefits to your business by minimising the risks from both BYOD and corporate devices. This solution can manage devices that are allowed to join the network and control the level of access that they gain based on the identity of the user and the state/health of the device the users are trying to connect with. This way you are able to increase your network security. Now you just need to develop a robust policy around which applications and systems on the network any personally owned devices are able to access.
Are there cost savings to be made?
You are going to need to, and you’d be wise to, invest in a solution to manage and protect your network. However, that aside protecting your network is essential regardless of BYOD. Your organisation could save money on the number of corporate assets like mobile phones and laptops you need to manage and deploy if you fully embrace BYOD. But to my mind the question is not so much about cost savings, but increased productivity.
So, back to our BlackBerry example, I imagine a high percentage of your staff read an email at lunchtime or on their journey home and in most cases will respond and deal with it in their own time. If we removed our corporate mobile email solution and offered a BYOD email solution based on the Juniper Networks’ PULSE Mobile Security Suite and Juniper’s SSL VPN could we save money? I think the answer is yes, and consider this, you might also increase productivity even further as a number of staff will have two devices, one personnel and one business. Which one gets left at home at the weekend or in the evening? Unless you are as sad as me, it is not your business one!
What is the impact on the IT department?
Without a shadow of doubt there will be an impact on the IT department as any solution needs to be deployed and managed. However, an effective integrated solution, based on Juniper’s products like the IC, SA and Junos Pulse make that experience a lot easier to manage. The threat to the network can be effectively managed by a strong policy dynamically enforced by the combination of these solutions, and where a greater level of threat prevention is required the Juniper SRX with IDP unit can be integrated with the whole solution, providing a granular policy control enforcer based on User ID and health of the asset accessing the network.
Conclusion
In my opinion the debate on BYOD should not be examined in isolation, but as an overall enhancement to your whole network security policy. Yes, there will be a cost for set up and deployment, however increased network protection, and minimising down time from virus and malware risks need to be taken into account irrelevant of BYOD. The increase in productivity in staff, will only really been seen over time, but like mobile email, BYOD may also prove to be a true and productive benefit to your business.
And finally … don’t be surprised if you go to your IT department and find a form of BYOD already in use, iPads, smart phones or tablets may already be connected to your network, which belong to your senior executives or the IT team themselves. So, why not ask the IT team if they feel the use of these devices has help them improve their productivity? I bet you’ll be pleasantly surprised by the answer!
Guest Blog, from Gilles Trachsel, Product Marketing Manager, Juniper Networks
Two weeks ago I spoke at IP EXPO 2012 – London – where I presented on Enterprise mobility and the security challenges ahead. The following is a summary of the key facts I discussed; at a glance, you have to be able, as an IT manager or executive, to offer more granular control to the users accessing the network, based on who they are, where they are, what application they want to use and from what device, and all this in a controlled and secured way. It’s all about bringing control back to IT.
FACT: The nature of the LAN access will change from wired to wireless Ethernet over the next couple of years. This will be driven in large part by the massive influx of new and highly capable tablets and smart phones which do not have RJ-45 connections.
FACT: The time for enterprise mobility is now. According to IDC, by next year, more than 1.2 billion workers worldwide will be using mobile technology, accounting for 35% of the workforce!
FACT: We can observe a shift from PC based and corporate owned enterprise computing to any mix of devices that are corporate AND personally owned. This creates challenges around security and compliance. The same applies to the applications, where we can see a shift from corporate operated applications to chosen by the user applications. It is again a mix of both – the goal being to gain competitiveness and to bring more productivity.
FACT: The user’s end device is the weakest point in our security today and the attackers know it. The types of attacks are morphing. Today more than 80% of malware uses encryption, compression and file packing evading the traditional security technologies. Smart phones, tablets and cloud services are becoming popular targets for these attacks. Mobility forces enterprises to shift their security strategy away from a perimeter approach, making them realize that borders are now global and that their vulnerabilities are actually internal. Also mobile malwares are becoming pervasive. There are more mobile malwares than ever before, they have gotten smarter and application stores are fast becoming the prime delivery mechanism for infected applications. As a result, your “Bring Your Own Device” (BYOD) experience could very quickly become a “Bring Your Own Malware” (BYOM) very unpleasant experience…
FACT : Mobility is much more than BYOD. Yes, BYOD is the most common and probably feared concern today, but you also have to address corporate own devices and guest access, and all three with a common and consistent approach. The problem here is that most vendors only speak to or can address only one of the three. Experience shows that point solutions fail to deliver comprehensive enterprise network access. So, today’s business environment requires coordinated access across all the identified major mobile user types.
BOTTOM LINE: If you consider the smart phones and tablets proliferation, the fact you have multiple devices per user, you have multiple applications per devices and multiple sessions per application, all this put the campus/branch network under increasing pressure, and there is a need to rethink the way you architect the network. You need a holistic approach to coordinated security for enterprise network access, regardless of who owns a given device. This allows organisations to translate a business policy based on the user’s role and identity and to apply it to the device of the user’s choice. Productivity is enhanced and security is maintained.
IT executives and managers must anticipate this mobile devices explosion and put in place all the necessary tools and components for letting these new devices access the network while at the same time protecting their critical resources and assets. Yes, in most cases, this will require a rethinking of the network architecture, which needs more security coordination, more performance, more scalability and more resiliency. But in the end, organisations will be able to trust, leverage and depend on mobility to create competitive advantage and higher end user productivity. In other words, IT doesn’t need just to be aligned with the business; it is becoming part of it!
We very much enjoyed Juniper Network’s latest blog post on ‘Why networking is more than just “plumbing”. It can change your life.‘ We have shared the highlights from this blog below which illustrate some very interesting stats from recent research Juniper Networks conducted with Forrester:
Visit the link here to view the full blog post.
Cloud Computing
Big Data
Mobile Computing
To read the full report please visit Juniper Network’s website here.
NetUtils Blog 