Archive for August, 2009

what we’re reading, week of 8/24

Posted: August 28, 2009 in Highlights

Around the Blogosphere…
Since this Wednesday, Amazon’s new cloud service—Amazon Virtual Private Cloud (Amazon VPC)—has been the center of media attention. It connects a company’s existing IT infrastructure to the Amazon Web Service (AWS) cloud, enabling enterprises to connect existing infrastructure to a set of isolated AWS compute resources through a VPN connection, and extending its existing management capabilities such as security services, firewalls, and intrusion detection systems to include AWS resources. This new innovative service is going to make a significant mark within the industry; however many questions remain. Here are some opinions and thought-provoking posts around Amazon’s service. Stay tuned next week, and we’ll blog about the VPN side of this hot topic.

CNET
Can start-ups keep up with Amazon in the cloud?
Blogger Dave Rosenberg raises some interesting points about Amazon’s new service and its impact on start-up companies attempting to do similar things. What does this mean for new companies? How can they ‘out-do’ Amazon or even compete?

Rational Survivability
Calling All Private Cloud Haters: Amazon Just Peed On Your Fire Hydrant…
Using an excerpt from Werner Vogels’ post, Chris Huff reports on Amazon VPC and raises the issue about auditing and compliance questions.

PC World
Amazon Offers Businesses Their Own Private Cloud
Tony Bradley believes this is a step forward in securing the cloud; however, he argues that if you purchase a dedicated cloud, it means you are losing some of the cost effective benefits of the cloud. He also points out that, regardless of it being private or public, you still have to trust the provider.

Check out InformationWeek and Read Write Enterprise for additional details.

Secure remote access on an enterprise scale often means supporting two-factor authentication (2F), meaning identifying both the device and the person. With NCP engineering’s VPN client, enterprises can maintain any combination for 2F they want – OTPs (one-time passwords), biometrics, PKI certificates, etc.  Specifically, the NCP Secure Enterprise Client integrates fully with:

  • Any hardware OTP such as RSA SecurID, Vasco Digipass, Aladdin Safeword, OTP Mobile by T-Systems and T-Mobile
  • Most Software OTPs on the market
  • All major biometric devices that use the PKCS #11 standard
  • Every PKI-based certificate, including multiple certificate / trust center support with a single client

We’ll keep this list updated as more are added. Let us know if you would like to see other devices / software integration (you never know, NCP just might do it!).

what we’re reading, week of 8/17

Posted: August 20, 2009 in Highlights

National Cyber Security…
Online Traveler: Safe surfing while on the road
During these summer months, writer Fritz Faerber shares with some security tips for surfing the Internet while on vacation. Beginning the article with an unfortunate story about an indivdual’s identity theft, Fritz stresses that VPNs are the best way to protect one’s self from a security hack.

Tech Sanity Check …
Majority of CIOs still reject the iPhone, but resistance is weakening
Jason Hiner reports on a recent TechRepublic poll which asks a group of U.S. IT leaders, “Does your IT department support the iPhone as an approved device?”. Since the iPhone has been launched many business dismissed the idea due to security risks. While the majority of IT managers still don’t support the iPhone, 42% do. In Jason’s article, he includes commentary from the CIOs who participated in the poll. Check out the next highlight for more information about the iPhone’s security.

nCircle…
Apple Needs to Get Serious About iPhone Security
In relation to the highlight above, Blogger Andrew Storms, presents the potential security risks iPhones can pose in an enterprise setting. Andrew believes Apple prioritizes usability and features over security. Before it can truly enter the business world, Apple needs to step up its security game and prevent hacks.

Greetings from Spokane, WA.  After completing an introductory training session in CA, René and Jens traveled north to WA, to give another VAR partner solution training and a NCP Secure Management System demonstration.  Overall, the partner was quite impressed with NCP’s technology.  Here are some of the highlights and lasting impressions from WA:

  • Administrative overhead is removed with setting up a remote access solution with the NCP Secure Enterprise Solution
  • NCP’s offering has the potential to run as a hosted service
  • Its hybrid gateway allows users to connect to both IPsec and SSL-based VPNs
  • The technology offers endpoint security enforcement capabilities (with the IPsec solution)
  • Real-life examples took place, rather than controlled lab conditions
  • Willingness to integrate NCP’s components in to the partner’s

As NCP’s travels come to a close, it has been great to chat with both René and Jens about their POCs and VAR partner training.  All good things must come to an end, and we hope you both travel back to the U.S. soon for more VAR partner training.

what we’re reading, week of 8/10

Posted: August 13, 2009 in Highlights

SearchSecurity.com…
Network access control technology: Over-hyped or underused?
In his recent article, Mike Chapple explains NAC technology and its current market. Mike is confident that NAC will undergo significant growth, and even provides a helpful checklist for IT managers, as to whether or not it’s worth deploying solutions. This article is a great resource if you are unsure if a NAC solution would be beneficial to your organization.

Essential Computer Security…
VPN’s: IPSec vs. SSL
Still confused about IPSec and SSL? Blogger, Tony Bradley presents insightful background on the on each side, and provides the pros and cons in plain English.

Schneier on Security…
Password Advice
Using an excerpt from a post that appeared on Windows Secret, Bruce Schneier shares with us Becky Waring’s advice on securing passwords and protecting secure data. Check out no. 9, “DON’T access password-protected accounts over open Wi-Fi networks — or any other network you don’t trust — unless the site is secured via https. Use a VPN if you travel a lot.” Check out Bruce’s advice on Wired for choosing secure passwords.