Category Archives: Security

BYOD, Management and Security

This week’s Economist has a short article on mobile device security. Rightfully so, they recognize the security threat is data loss as opposed to malware. As discussed in previous posts, the BYOD challenge is about management of devices.  Data loss prevention is most effective when it is aware the device exists and is accessing, sitting or transmitting certain information when it should not be.

We have been asked recently about the potential growth in the BYOD space.  It won’t come from malware.  It will come from a proliferation of devices, from the common smartphone to the latest wearable, that is retaining and transmitting information the enterprise simply does not want transmitted. And please remember, data is not just spreadsheet attachments in an email,  more importantly it is video, taken innocently or not in the office, that poses data loss problems.

That is the threat of BYOD.

SEA: Geeks in the attack

When Tim Berners-Lee proposed a world wide web in 1989, did he expect modern conflicts, protests, and revolutions to include cyber violence? You can count on it today. CNN visuals of stone throwing crowds are invariably accompanied by geeks wreaking havoc behind the scenes.

The Syrian Electronic Army covers the flank of Assad’s regime by attacking blogs, opinion sites, news outlets, and anyone critical of their side. Recent victims of the SEA include the Financial Times, Associated Press, ITV London, Guardian, . . . the list goes on.

Google “SEA” and read about ongoing counter-efforts to deny SEA resources for their antics. While interesting, I believe the real kernel of courage in this story comes from the onion. Onion Inc’s Tech Blog details how the SEA hacked the onion. By disclosing their methods, Onion’s techs hope to help you avoid the same fate. Give it a read!

Companies deal with cyber vulnerabilities

Public companies are required to disclose risks to their business. Responding to Congressional pressure in 2011, the SEC highlighted cyber incidents as a category for future reporting. Since then we have seen a slow but steady increase in the number of reported incidents as well as the severity of the risk language.

The comments in current filings paint a vivid picture of corporate risk and provide considerable justification for increased investment in policy, practice and products to minimize exposure to cyber risk.

“Cybersecurity becomes an issue of global importance,” according to JP Morgan. Further,”Cybersecurity is a critical priority for the entire company, from the CEO on down. Cybersecurity is increasingly becoming more complex and more dangerous.”

Once burned, and even more vigilant today, EMC states “Cybersecurity breaches could expose us to liability, damage our reputation, compromise our ability to conduct business, require us to incur significant costs or otherwise adversely affect our financial results.”

Smaller is not safer in the cyber world. Here are a couple of examples showing the nature of risk events and the ongoing liabilities resulting from cyber incidents (click the links and scroll down to highlighted words):

Cyber warnings for international travelers

Globe trotting execs are specifically targeted by cyber thieves, both the state sponsored actors and criminal types. Travelers from Australia, Germany, Japan, UK and USA are the favorite targets.

Now that you realize you have a target on your back, what should you do? Advice is available from many sources including several government agencies. Their first point is the obvious one – if you don’t need it don’t bring it. Consider trimming your electronic cargo to the minimum; go light and bring only what is absolutely necessary. Back up your systems and try not to bring critical intellectual property.

The US Office of National Counterintelligence  offers a short travel tips guide that every international traveler should review. You might expect warnings about  someone looking at your screen, beware of hotel wireless, etc but did you consider,” If a customs official demands to examine your device…. assume that it has been copied…?”

BYOD: Powering the “Shield”

Regular followers of this blog know that BYOD (Bring Your Own Device) is a hot button issue of mine.  In recent posts, I’ve explored some of the challenges faced by the never-ending flood of personal devices in the workplace – security, compliance and management key among them.  But hopefully, I’ve also conveyed an enthusiasm for all BYOD has to offer.  More than a powerful enabler of productivity, it also helps employees be more responsive to customers.  When you think of it, this is every company’s goal. 

There are many strong opinions about BYOD, and I can take up more than a few blogs on the topic.  But the truth is – whether you love it or hate it – BYOD is here to stay and companies must be prepared to handle all it brings.

As a first step, companies must devise a strategy that specifically addresses security, compliance, and management.  It’s more than securing the individual device – but ensuring the actual network stays safe.  Going beyond security is addressing such things as mobile application management, or how enterprises ensure access to apps that improve employee productivity.  It’s also about application enablement – determining which apps to include in the mobile device toolkit — and then limiting those that pose a threat.  The biggest challenge is delivering all this functionality under one umbrella – in a cohesive package.

That’s why I’m so pleased to introduce BYODShield.

Today, Westcon announced our teaming with BlueCat and Fiberlink to provide an industry first – a subscription-based service delivering a multi-layered “shield” that specifically addresses security, compliance, and management issues created by personal devices in the workplace.  We’re tightly integrating formerly disparate network security and enterprise mobility offerings — packaging them alongside our deep GOLDShield technology pre- and post-sales support model – and creating an all-in-one solution.  It’s a service that virtually eliminates current and future headaches associated with provisioning, servicing, securing, and managing thousands of personal devices. 

But it’s much more than a simple partnership.  Really, any distributor can do that.  We’ve successfully brought together BlueCat and Fiberlink to jointly write code exclusively for Westcon.  The functionality delivered by this deep collaboration can’t be found anywhere else.  We’re really proud of the result – integrating award-winning technology with our unsurpassed expertise in security and unified communications. 

When it comes down to it, BYODShield is about demystifying the complexities of managing and securing personal devices in the workplace.  Instead of trying to contain BYOD, we help you embrace it.  And it’s something you’ll see us do even more down the road.  Because the real future of distribution comes through offering resellers a consistent, unified, and integrated approach to solve their most complex technology challenges.  And a good distributor will tackle the integration and do the legwork for you – backing it with all services necessary to make it work.

Like anything new, BYOD is a scary proposition that can cause nightmares for any CIO… But before losing any sleep, take a step back and see what’s possible when leveraging the right tools.  And be sure to check out more about BYODShield at http://us.westcon.com/byodshield

 

Westcon Security Forum (Part II)

As an update to my previous post  the Westcon Security Forums held last week were a great series of interactions amongst vendors, resellers, partners and Westcon.

The first 2 hours were presentations primarily covering two areas – Security Technology Trends and Executive Relevance Selling.  The Security Trends discussion covered 4 of the major security trends that we at Westcon are seeing in the market today:

1. Server Virtualization Security & Compliance
2. Cloud Security
3. Big Data and Security
4. NAC & BYOD

An introductory video here discusses 3 of the 4 topics, and I will get into the 4th – NAC & BYOD – in a followup post.

The second part of the presentations was on Executive Relevance Selling (ERS).  If you are not familiar with the concept, the guy to talk to is David McNicholas (David.McNicholas@westcon.com) who pretty much invented the concept as it relates to the channel.  David has created a comprehensive customer engagement process and platform that enables the reseller to talk to the customer about solutions from an ROI and business value perspective as opposed to just a technology discussion.  If you have not yet learned about ERS, I encourage you to reach out to David.  I am sure we will discuss it further in upcoming posts, but any of the posts you have previously read here regarding the process and approach of engaging the CIO and selling into IT is exactly aligned with what David teaches.  But, David makes it specific and actionable.

Will catch up further with you soon!

Hot, Not Hot, and Be On The Lookout For….

Hot

– Flat network – already discussed in earlier posts, but continues to remain an early, “going to get hotter”, topic. Each of the vendors is, or has, recently made significant announcements about their converged Ethernet/fabric/2-tier/1-tier offerings.  Driven in large part by the need for a data center network with lower latency, optimized for virtualization, the network is the data center, and the data center is the network.

– Data Center to Data Center networking – really a subset of the above, but there are nuances such as WAN Acceleration technologies specifically designed for DC to DC as opposed to DC to Campus. This nuance will become more and more of a marketing issue for those better positioned as opposed to those perhaps not really in that DC-to-DC space.

– SBC’s – starting to get the recognition of their importance relative to their role in UC. They can be considered the switch/firewall equivalent for VOIP/UC. As companies and the public overall migrate to VOIP and SIP, SBC’s become critical. Expecting steady growth with an inevitable over-hype by the media once they understand the technology in the next few months.

– Cloud failures – the stories will remain hot for a while. In addition to service failure there will be offering failures – established vendors pulling out of initial cloud forays.

Not Hot

– Cloud success stories – this will take a backseat for a while, but cloud successes will definitely continue nonetheless.

Be on the lookout for:

– Virtualization security – as vendors continue to realize the exposure that virtualization presents, more and more messaging and positioning will appear. The exposure is two-fold. First, the obvious – a new layer in the stack introduces new opportunities for bad people to do bad things. But second, perhaps not as obvious, is the governance associated with the potental consolidation of previously physically separate servers/applications/data onto one single physical server. The IT group doing the consolidation may not recognize the compliance risks they are introducing.  And potentially even more interesting, the hypervisor doesn’t have a mechanism to process business rules associated with the company’s compliance or regulatory policies yet.

– POE – probably not the most exciting discussion point, but POE dedicated vendors have technologies coming out that can help support the powering of all the new video demand going on in the network. This is especially important for the growth of outdoor video/signage (think stadiums and traffic). Many of the vendors embed POE, but some of it is “just enough” and really does not provide the flexibility companies will need as they grow their video usage.

– Tablet Videoconferencing – there is definitely the potential for a schism to appear. I think it is already appearing. We could end up with high end videoconferencing rooms and many low-end video conferencing end points being tablets. The issue over video quality is over. Pretty much every device now has HD capabilities. With the growth of tablets, I pads or Android, the consumerization of IT is forging some new paths in video and UC.