Archive for March, 2012

ZDNet, Should Mobile Security Start From Device or Data?
Dark Reading, Information Security Forum Launches Threat Horizon 2014
Health Care Info Security, Who Decides How to Allot Infosec Funds?
Infosec Island, Pitting Education Against Cyber Attacks 

By Bernd Reder

Let’s revisit Tuesday’s post on cloud computing and VPNs, diving deeper into how organizations can ensure their employees are using the cloud securely. The answer is, via a VPN (Virtual Private Network). This applies to any cloud computing environment – be it public, private or the popular hybrid cloud models. The VPN solution should offer the greatest possible flexibility, including support for IPsec and SSL and the capability to enable seamless roaming between various communication media (such as LAN and Wi-Fi) . Furthermore, it is essential that the VPN solution enables an organization’s IT administrators to centrally manage all clients and components of the VPN infrastructure.

Cloud VPNs instead of Do-it-yourself VPNs

However, many organizations are not equipped to establish a company-wide VPN on their own and instead need a service provider to take on this task, either by providing a Virtual Private Network as a Service (VPNaaS) or remote access out of the cloud. Either of these solutions provides an alternative to the do-it-yourself VPN approach. Rather, cloud VPNs enable employees of a company to securely access all network resources in the cloud environment – applications, data and storage capacities – from anywhere.

When considering cloud VPNs, organizations should consider a service that supports all end-devices that are used throughout the company – from desktops, notebooks, tablet PCs to smartphones. Ultimately, no matter which option a company takes to ensure secure cloud access, the organization reaps the benefits of the cloud and lowered IT costs.

Image 

 

 

 

By Bernd Reder

One of the key advantages of cloud computing is higher scalability, enabling organizations to adapt IT resources on demand, resulting in lower overall IT costs. The cloud has also afforded small and medium-sized businesses (SMB) easier access to technology that allows for seamless scaling, enabling organizations of all sizes to benefit from lower IT costs.

The cloud, however, can also open an organization to new threats. Before diving into just what those are, let’s consider how the cloud operates within an enterprise. In many ways, cloud computing displaces some of the connections that typically run through a company’s LANs (Local Area Networks). For instance, this happens when an employee accesses company cloud services from a hotel or airport via mobile networks or Wi-Fi. This also occurs when the employee accesses Software as a Service (SaaS) platforms, computing power or storage capacities in the cloud (Infrastructure as a Service) from the office. As a result, some of these connections could be potentially unsecure.

Security and the Cloud

Ideally, when employees are using cloud services they take proper precautions to ensure that no unauthorized persons gain access to critical business information. Yet, organizations and employees cannot rely on cloud service providers to secure data communication. According to a study by the market research and consulting agency Ponemon Institute, 69 percent of all cloud service providers take the view that it is the users’ responsibility to secure remote access to cloud resources – not the providers’.

So what’s the easiest and most practical way for organizations to ensure their employees are using the cloud securely? More on that next time, but it might just have to do with VPNs.

The disruption that this year’s Olympic Games could cause to London’s transport infrastructure, and the resulting effect on businesses and organizations has been well-documented and should not be underestimated. We have already seen advice from the Games organizers suggesting that employees should be allowed to work at home during the event. As a result, both public and some private sector organizations have started to implement plans and hold practice runs for such an eventuality. However, with so many employees working from home for the first time there is a lot more for organisations to take into consideration than at first glance.

As the pressure on public transport and road networks reaches its zenith, it is extremely likely that we will see a dramatic increase in the number of employees who will be working from home, in order to avoid the disruption, particularly in the build up to popular events. However, with such a sudden pressure on organizations’ IT networks the chances of a systems crash increases dramatically. Patrick Oliver Graf of NCP engineering* believes that businesses must be savvier about how they can prepare for this event.

“With so many employees potentially working from home during the Olympic Games, the use of home PCs, private laptops and mobile devices like an Android tablet, is very likely to increase. The ‘Bring Your Own Device’ topic has received plenty of attention over the past few months, especially focusing on the security risk element. However, a sudden influx of employees using their own devices to access corporate networks could cause huge problems for organizations, already under strain as a result of a remote workforce,” says Patrick.

He adds, “This variety of devices and operating systems makes it even more complicated to introduce a solution that ensures corporate networks continue running during this period, especially one that works for all client devices and operating systems. Companies also need to ensure that any solution implemented satisfies the security requirements/policies a company should have in place to enable remote working. This extra pressure could not have come at a worse time when organizations are having to root out cost efficiencies.”

Organizations need to find a solution that is able to provide cross-platform client support, a hybrid SSL/IPsec gateway and ideally where the entire remote access VPN can be centrally managed. The main problem organizations are going to face is the huge increase in remote workers trying to access the network remotely at the same time, therefore the gateway needs to handle potentially thousands of simultaneous sessions/users.

There is no doubt about it, the Olympics will be a fantastic spectacle and something everyone will want to embrace. By ensuring the IT infrastructure is able to run effectively, business operators will enjoy the experience with piece of mind.

*NCP engineering manages this blog.