Posts Tagged ‘Cloud’

You might remember Joe the CIO, the paper CIO who is searching for ways to provide secure and efficient remote access to his company. When we last saw Joe, he was tackling remote access issues related to the cloud. Now he’s back, and this time, looking for a VPN solution that would enable his company’s employees to access the corporate network no matter their location or device. Plus, he needs this technology to integrate with his organization’s existing security infrastructure. Check out today’s video for more on what Joe’s looking for in a VPN and how NCP engineering helped him find the ideal solution.

By Bernd Reder

One of the key advantages of cloud computing is higher scalability, enabling organizations to adapt IT resources on demand, resulting in lower overall IT costs. The cloud has also afforded small and medium-sized businesses (SMB) easier access to technology that allows for seamless scaling, enabling organizations of all sizes to benefit from lower IT costs.

The cloud, however, can also open an organization to new threats. Before diving into just what those are, let’s consider how the cloud operates within an enterprise. In many ways, cloud computing displaces some of the connections that typically run through a company’s LANs (Local Area Networks). For instance, this happens when an employee accesses company cloud services from a hotel or airport via mobile networks or Wi-Fi. This also occurs when the employee accesses Software as a Service (SaaS) platforms, computing power or storage capacities in the cloud (Infrastructure as a Service) from the office. As a result, some of these connections could be potentially unsecure.

Security and the Cloud

Ideally, when employees are using cloud services they take proper precautions to ensure that no unauthorized persons gain access to critical business information. Yet, organizations and employees cannot rely on cloud service providers to secure data communication. According to a study by the market research and consulting agency Ponemon Institute, 69 percent of all cloud service providers take the view that it is the users’ responsibility to secure remote access to cloud resources – not the providers’.

So what’s the easiest and most practical way for organizations to ensure their employees are using the cloud securely? More on that next time, but it might just have to do with VPNs.

This year’s RSA Conference wrapped up just last week, so we wanted to take a look at the top trends and issues that emerged at the show. Here’s a condensed round-up of what a few industry pundits are saying about this year’s show:

George V. Hulme, CSO

There was an unusual level of gloom at the RSA Conference this year, and for good reason: a number of the biggest and most respected security firms have been very recently breached, including RSA Security, VeriSign, and Symantec.

This wasn’t the first year the IT security industry was embarrassed. Last year, HB Gary Federal was breached and that event consumed a considerable amount of talk at the show. That’s not to forget the recent big name breaches at organizations such as Google, the U.S. Department of State and Nasdaq in recent years.

“There is a feeling that no matter what steps one takes, it can’t be won. Systems can’t be kept adequately secured,” said a security executive at an international electronics manufacturer.

For full column click here.

****

Robb Reck of InfoReck

  1. The general tone I heard is that we’re tired of the Cloud as a buzz-word. We’re tired of having to discuss the same Cloud-y topics over and over. But the fact is, we need to keep doing it. The Cloud sessions were well-attended because for many security leaders, it’s where our organizations are going, and we’re not prepared to lead the way yet. So this love/hate relationship with Cloud security exists.
  2. BYOD is the phrase of the year. Some people call it “consumerization” of IT… but that’s so 2010. Bring your own device (BYOD) was 2012’s hottest topic, with long lines to get into those sessions, especially anything that dealt with the iPad or iPhone. This subject most reveals the lagging nature of security. The first iPhone was released in 2007, and the first CEO probably required his IT staff to support it about 15 minutes later. Yet we are still working on the right balance of corporate governance versus consumer freedom, and how we can enable remote access to corporate data without running the risk of this data getting into the wrong hands.
  3. Big data. Personally, I think this topic is cool, and this is probably my favorite trend from RSA. Analyzing big data is a relatively unexplored frontier. We’re doing an adequate job of aggregating logs and amassing large databases. But we’re terrible at figuring out how to parse this data and deliver real value to the business…There were a number of sessions where we could talk and learn more about how security can utilize big data to discover trends and better protect the environment.

For the full post, click here.

We’ll continue our RSA round-up on Thursday. Until then, what was your biggest lesson learned from RSA 2012?

*Editor’s Note: This column originally appeared in TechTarget’s SearchEnterpriseWan

By Rainer Enders, CTO of Americas for NCP engineering

I define cloud VPNs as securely connecting from any location to resources (data and applications) that are provisioned in central data sites for the purpose of highly-available and reliable access. A cloud VPN must also offer specific characteristics which address the requirements for secure remote access from any device, over any type of network and from any location.

Companies that want their mobile employees to securely access the company network via the Internet have several solutions available to them: remote access out of the cloud, virtual private network as a service (VPNaaS) and managed security service provider (MSSP). Due to economic reasons, companies choose to outsource the operation of their VPNs to cloud, hosting or managed service providers.

The benefits for enterprises include the following:

  • no investment in hardware, software and in-house experts
  • a fast realization of a remote access VPN project
  • low monthly expenses

If the cloud VPN is software-based, it’s able to be virtualized and offers high scalability. Ideally, the cloud VPN solution would support multi-tenancy, be available for all major operating systems and device platforms and have a central management component.