As we get older we’ve all experienced that feeling of time passing faster and faster. What used to seem like a long year ahead to get various IT and security projects accomplished has turned into, Wow – where did the year go; we haven’t gotten hardly anything done! Experts say this is related to how aging brains view time and past experiences. There’s also the reality of more and more responsibilities as we move up through the ranks. The trouble with all of this, however, is the reality that the security of our network systems often takes a backseat and isn’t getting the attention it dese
In preparation for VMworld next week Professor Wool has created a new whiteboard-style course on Network Security for VMware NSX. Each lesson focuses on a specific challenge of and provides technical tips for managing security policies across the VMware NSX software-defined data center and traditional data center.
Last week I blogged about understanding the security implications when migrating Greenfield and Brownfield applications to VMware NSX. Today, we’re examining the next steps after you’ve successfully deployed your virtualized datacenter – how you should approach managing, reporting on and auditing its security.
With VMworld 2016 fast approaching, let’s discuss a challenge facing many businesses when migrating to a virtualized platform: security. First of all, we need to separate between two scenarios. In a ‘Greenfield’ scenario, you’re building and deploying brand new applications into a virtualized data center. Clearly, this is an ideal situation, because you can essentially bake in security from the ground up. It is more likely, however, that you’ll have a ‘Brownfield’ scenario, where you are migrating existing business applications to a virtualized data center. In this case you need to migrate and adjust existing security policies for the new virtual environment.
Network segmentation is an effective strategy for protecting access to key data assets, and impeding the lateral movement of threats and cyber criminals inside your data center. With network virtualization, such as VMware NSX, now a reality it’s now far easier and quicker to set up granular security policies for east-west traffic within the data center. Yet the added granularity of securities policies creates significant complexity.
2,300 flights grounded across the US costing airlines an estimated $10 million in lost bookings alone. A bank’s customers’ losing access to their accounts. Businesses in New England losing telephone services. A flash flood warning mistakenly issued for Washington DC ……..the list goes on and on. What links all of these incidents? They are all the result of network outages during the month of July – costing millions of dollars in lost revenue and remediation costs, inconveniencing large numbers of customers, and damaging business reputations.
Despite its rising popularity, SDN can also drive fear, thanks to loss of visibility and control. In a networking model in which IT teams and managers have little to no physical visibility into their networks, how does security work? If you can’t see into the network, how do you control and manage it?
A few weeks ago Gartner released its annual Hype Cycle for Infrastructure Protection, 2016. It’s an impressive and exhaustive guide to the wide range of threat-facing technologies that help defend IT. Included among these technologies is Network Security Policy Management (NSPM) tools, which Gartner gives a benefit rating of ‘High’ – which in Gartner terms means that the technology “Enables new ways of performing horizontal or vertical processes that will result in significantly increased revenue or cost savings for an enterprise”.
Ask any marriage counselor what characterizes a relationship in stormy waters, and two of the most common problems they’ll report are a lack of communication and/or miscommunication. These same issues were recently highlighted in two research reports published by Osterman Research which examined how organizations reported IT security incidents and issues internally, collecting opinions from both sides of the table.
As businesses implement BYOD strategies, and allow staff to use their personal devices for work, there is a particular set of security challenges to contend with. For example, how should the enterprise apps and data on a smartphone, which need enterprise-level security, be insulated from the ‘Wild West’ world of both intentional and unintentional jailbreaks, exploits, bugs and vulnerabilities that a typical consumer smartphone operates in?
From the CIO’s perspective, IT and Network Security ultimately exist for one reason: to ensure the organization’s business applications securely drive the business. For IT this is fairly simple. Business applications is its business. IT is driven by the businesses’ needs and is responsible for enabling agility through IT. IT is involved, and has visibility into every aspect of the application’s lifecycle – from development through to delivery, performance monitoring and auditing. But when it comes to Security the story is a little different. Security exists to protect business applications, their connectivity flows and data. But, unlike the IT team, they are, in fact, working blind.
Globalization is the new normal for most organization today, but it can present some significant challenges – not least when it comes to managing the firewall estate across these large-scale, distributed networks.