Meet NCP engineering’s Patrick Oliver Graf at RSA 2013

The RSA Conference is right around the corner and this year, Patrick Oliver Graf, NCP’s General Manager of the Americas, will be on-site for two days, brushing elbows with other pioneers in the information security industry.

With nearly two decades of technology sector experience, including extensive practice in networking security, Patrick will be available to discuss how NCP is at the forefront of mitigating security risks due to faulty or unsecure remote access connections.

For instance, Patrick can explain how NCP is answering to the demands of today’s mobile workforce with the integration of its Secure Enterprise VPN Server with Apple iOS devices, in addition to its IPsec clients for Android platforms. Patrick is also available to comment on how NCP’s Secure Enterprise Management (SEM) system simplifies the complexities of large scale VPN rollouts, securing its nomination year after year for renowned industry awards.

If you are attending RSA 2013, February 25-March 1 in San Fransisco and are interested in meeting with Patrick at the conference, please contact sales@ncp-e.com to connect for scheduling.

For more information about RSA 2013, see here.

For more information about NCP, visit us on LinkedIn, Twitter, or YouTube.

RSA Wrap-up, Part 2

Given that it’s the largest security trade show in world, we thought one day of RSA wrap-up couldn’t cover the breadth and depth of the show. Here’s a round-up of some other notable trends that emerged from the show. And here’s to staying safe until RSA 2013.

The 2011 Global Encryption Trends Study was published during RSAC 2012. Sponsored by Thales and conducted by the Ponemon Institute, the reveals that encryption is now seen as a strategic issue and that organizations are increasing their investment in encryption across the enterprise.

The study shows that the CIO, CTO or IT leader still tends to be the most important figure in deciding encryption strategy (39% of respondents), but non-IT business managers have an increasing role in determining that strategy (more than doubling since 2005 to 21% of respondents), demonstrating that encryption is no longer seen as just an IT issue but one that affects an entire organization.

The main drivers for deploying encryption solutions are to protect brand reputation (45%) and lessen the impact of data breaches (40%). Compliance is also a major driver for using encryption with 39% of respondents saying it is to comply with privacy or data security regulations and requirements.

Compliance is also driving increased budgets with the highest IT security spend dedicated to data protection in countries that rank compliance as the most important driver for encryption. Compliance is in fact the number one driver for using encryption in the US, UK and France. – Steve Ragan, Security Week. See full article here.

***

• iOS is cool, Android is not, and BlackBerry is dead: That’s not to say BlackBerry is gone, but it’s just a matter of time, as almost everyone in the room was migrating to another platform. It’s also not that Android isn’t showing up on corporate networks – it is, but with caveats. We’ll get to that. iOS is generally accepted as okay, mostly because of the way the App Store screens applications prior to availability.
• Everyone has policies. Most are not enforced. We spent a good portion of the session talking about policies, and everyone agreed that documenting policies is critical. Though enforcement of these policies is clearly lagging, especially for senior folks. But any employee seems to know the corporation can wipe their device, and many folks at the show have wiped devices, and even got a thank you from the user (who actually appreciated their help.) Wait, what? Yes, employees were happy the corporation wiped the device. That’s a security win.
• MDM is still young: Almost everyone was looking at something to manage devices. But most of the solutions weren’t enterprise-class yet. This is going to be a huge market and there will be a lot of competition, so don’t sign long-term deals.
• Good Technology is everywhere: One of the caveats of using these smartphones is using something like Good to create a sandbox, so employees can only access corporate data through that secured app. Most were using it for email, and some have extended it to proxying other apps, even on Android. So they’ve basically reduced corporate use of smartphones to a single app, but it seems to work. I’m sure Motorola is ecstatic they spun Good out a few years ago. —Mike Rothman, Securosis. See full post here.

****

The RSA security conference took over downtown San Francisco this week with thousands of attendees packing vendor parties at restaurants and clubs. The festivities were a throwback to the heady days of the Internet boom, when venture capitalist funds fueled a bubble that burst in 2000 after years of hype surrendered to an inability to generate profits. – Antone Gonsalves, CRN. See full article here.

 

RSA Round-up 2012

This year’s RSA Conference wrapped up just last week, so we wanted to take a look at the top trends and issues that emerged at the show. Here’s a condensed round-up of what a few industry pundits are saying about this year’s show:

George V. Hulme, CSO

There was an unusual level of gloom at the RSA Conference this year, and for good reason: a number of the biggest and most respected security firms have been very recently breached, including RSA Security, VeriSign, and Symantec.

This wasn’t the first year the IT security industry was embarrassed. Last year, HB Gary Federal was breached and that event consumed a considerable amount of talk at the show. That’s not to forget the recent big name breaches at organizations such as Google, the U.S. Department of State and Nasdaq in recent years.

“There is a feeling that no matter what steps one takes, it can’t be won. Systems can’t be kept adequately secured,” said a security executive at an international electronics manufacturer.

For full column click here.

****

Robb Reck of InfoReck

1. The general tone I heard is that we’re tired of the Cloud as a buzz-word. We’re tired of having to discuss the same Cloud-y topics over and over. But the fact is, we need to keep doing it. The Cloud sessions were well-attended because for many security leaders, it’s where our organizations are going, and we’re not prepared to lead the way yet. So this love/hate relationship with Cloud security exists.
2. BYOD is the phrase of the year. Some people call it “consumerization” of IT… but that’s so 2010. Bring your own device (BYOD) was 2012’s hottest topic, with long lines to get into those sessions, especially anything that dealt with the iPad or iPhone. This subject most reveals the lagging nature of security. The first iPhone was released in 2007, and the first CEO probably required his IT staff to support it about 15 minutes later. Yet we are still working on the right balance of corporate governance versus consumer freedom, and how we can enable remote access to corporate data without running the risk of this data getting into the wrong hands.
3. Big data. Personally, I think this topic is cool, and this is probably my favorite trend from RSA. Analyzing big data is a relatively unexplored frontier. We’re doing an adequate job of aggregating logs and amassing large databases. But we’re terrible at figuring out how to parse this data and deliver real value to the business…There were a number of sessions where we could talk and learn more about how security can utilize big data to discover trends and better protect the environment.

For the full post, click here.

We’ll continue our RSA round-up on Thursday. Until then, what was your biggest lesson learned from RSA 2012?

What We’re Reading, Week of 2/27

InformationWeek, 10 lessons from RSA Security Conference
Network Computing, RSA Chief Tells Enterprises: Make Security And Privacy Protection Top Priorities
InfoWorld, Making sense of mobile device, app, and information management
IT Business Edge, IPv6 Security: Not Scary, Unless it is Ignored

Staying Safe at Trade Shows – Implementing the VPNs

By Nicholas Greene

Earlier this week, I wrote about the importance of using VPNs at trade shows. Building on that, I wanted to expand on VPN implementations. Firstly, like anything else, VPN implementations aren’t perfect. A VPN tends to leave more traffic exposed than WEP, WPA, and WPA2, so preventing data leakage before launching the tunnel can be an exercise in futility. Roaming between IP subnets can break through your tunnels, and VPNs tend to be more than a little picky when it comes to how networks are laid out. Thankfully, all of those concerns are quite simple to address.

First up, don’t connect to a network that isn’t encrypted in some fashion. At Black Hat or Interop, this shouldn’t be a problem- their access points are encrypted by default. Second, if you’re enterprise, combine your VPN solution with endpoint security. As mobility is concerned; again, it shouldn’t be an issue with the larger tech conferences. Most of them are likely to implement subnet roaming capabilities into their access points- they’re designed to be VPN friendly.

Finally, don’t assume a VPN implementation means you’re completely protected- unencrypted data is just one of the many threats facing users at these events.  Setting up a dummy network with an SSID that appears valid is one of the most common attack methods at Black Hat. Even though organizers have implemented security to counteract this method, that doesn’t mean you shouldn’t still be on guard.

If all else fails, it might be worth looking into setting up your own dedicated Wi-Fi, and running the VPN through that. At the end of the day, network security can only go so far. Though the right VPN/endpoint security implementation is a great tool for protecting your data, you’ve got to do your part, too. Don’t assume that, simply because you have a secure network, you’re protected from theft- that is, after all, what the thieves are counting on.