Access Control in the New Mobile, Hybrid World
There is a brave new world dawning for the corporate world. There are many “new norms” – and a gold rush of new opportunities, but also new challenges with which they come – streaking like lightning throughout organizations. The workforce of today and into the future is, and will continue to be mobile. Consider that according to analyst IDC, 37 percent of the worldwide workforce will be mobile by the end of 2015. That’s about 1.3 billion mobile workers, worldwide – not to mention there will be two or more times as many mobile devices as mobile workers! – by the end of this calendar year! Then, consider this: According to Orange Business Services, 55 percent of worldwide business IP traffic will be mobile business Internet traffic by 2018. Mobility is here, and it’s here to stay. (In the Asia Pacific region, IDC anticipates the bring your own device (BYOD) market will continue its robust growth. There were an estimated 155 million smartphones and over 4 million tablets in use supporting BYOD initiatives across the region last year (2014), with year-on-year growth of 40.4 percent and 62.7 percent, respectively. And, that’s not even considering the burgeoning area of wearable devices, either.) As the mobile workforce accelerates like a rocket into the stratosphere, cascading torrents of smartphones, tablets, and wearables across organizations in its wake, the number of cloud- and SaaS-based applications used within organizations is also skyrocketing at a breakneck pace. According to a recent study sponsored by SkyHigh Networks, there are on average 759 cloud services in use by today’s organizations. The most puzzling piece isn’t the magnitude of in use cloud apps and services. Instead, its that, according to a Cloud Security Alliance study, most organization IT teams believe they have fewer than 50 cloud-based apps in use. That means that over 700 cloud apps and services on average are in use within enterprises – but no one (but the user) has control over those apps and services, and any corporate information shared with them! The problem is, you cannot defend what you don’t know about! Finally, the last piece of the “new norm” puzzle for organizations is the hybrid network, an eclectic mix of data center and cloud-based apps and data, with a stew of hosted private, public and cloud infrastructures. According to analyst Gartner, “while actual hybrid cloud computing deployments are rare, nearly three-fourths of large enterprises expect to have hybrid deployments by 2015.” Consider that a mobile workforce will drive infrastructure changes, needed to address a more diverse device ecosystem. Then consider that infrastructure addressing mobility requires greater investment in cloud-based apps and services to support that expanding device ecosystem. So, as you can see, the future of the network fabric for the foreseeable future will be hybrid. So, with a “new norm” of mobility, cloud, and hybrid networks, how can organizations address network, application, and data accessibility? With so many new devices that are mobile and are under limited corporate control, and applications and data scattered about the network and in various clouds and SaaS deployments, how can an enterprise be assured of fast, appropriate, authenticated and authorized access? With so many variables, there is one constant that remains: Identity. The user – and their identity – is, arguably, the “new perimeter” for the enterprise, today and onward. As the traditional network perimeter has been broken, fragmented, and in many instances shattered into many pieces, identity has become the new perimeter. As applications, data, and even networks move faster toward the cloud, and the user-controlled, BYOD-driven mobile ecosystem expands exponentially, corporate control has become more difficult, dispersed, and dependent on others – and many times, that’s the security uninformed and apathetic user. User identity, though, never changes. And, backed by authentication, authorization, and accounting (AAA), identity is now the first line of defense for secure corporate access. But, identity is just the tip of the spear for controlling the new parameters of access. The context of a user’s access request, and their environment at the time of access request, follow identity; inarguably, they have as much to do with securing appropriate access as identity. The ability to address the 5 w’s and 1 h (who, what, when, where, why, and how) assures, enhances, and differentiates secure access to networks, clouds, applications and data – wherever they may reside and however they are comprised. Insuring user identity is efficiently, securely shared between networks, clouds, applications, and data – wherever they live – is now a necessity. Yet, there are challenges: Identity silos, on-premise identity with cloud- and SaaS-based apps and data, and user password fatigue leading to weak user names and passwords – which are easily compromised. That’s where building an identity bridge comes in. Federation builds a trusted chain of user identity between two entities – networks, clouds, applications, etc. – through industry standards, such as SAML. The cumbersome duplication and insertion of identity directories becomes unnecessary. Identity and access is controlled by an enterprise, with authentication occurring between the enterprise, and cloud and SaaS providers. Instant user authentication and its termination is centralized and under enterprise control. Identity federation delivers access visibility and control together. Leveraging identity for access control, and building identity bridges are now imperative for organizations, as applications move outside the enterprise domain, the workforce and their devices are more mobile and leave the enterprises in droves, and the enterprise domain, too, has moved. It’s the “new norm”.
Happy F5 Day! #iamf5
Happy F5 Day! #iamf5 It’s been a big year for us since last F5 day, so we have a lot of celebrate! Cue the cake and ice cream (seriously, we’ve got them in all of our offices around the globe today). Our entrance into the cloud services delivery space with Silverline was met with rave reviews; Silverline DDoS mitigation was named “Product of the Week” by Network World. We continued to build on our existing strengths, recognized as “Leader” in Gartner’s Magic Quadrant for ADCs for the eight consecutive year and earning a “Recommended” status for our BIG-IP ASM from NSS Labs. Our partner ecosystem continued to flourish, and F5 became a VCE Technology partner, with our ADCs achieving Vblock Ready certification to enable orchestrated service capabilities across converged IT systems. And that’s just the tip of the iceberg of what we accomplished this year! Of course, F5 Day is not just about celebrating our successes, it’s also about celebrating and thanking all the people of F5! We’re extremely proud of what we’ve achieved together, and even more proud that we’ve done it while keeping our F5 team spirit. Those of us in the company can feel this day in and day out, but it was still nice to have it validated this year by Glassdoor, who honored F5 as a Best Place to Work based on employee reviews – #4 among all large companies in the US. And today we celebrate our communities as well: F5 teams around the world are taking time out today give back to society and contribute to charity and community organizations. Once again, Happy F5 Day! Here’s to another great year ahead!Size doesn’t matter: Australian businesses not spared immunity from cyber attacks
We have all heard or read about, at least one cyber attack that has taken place in the last three months. Most recently in August, we witnessed the widely reported nude celebrity photo leak that not only raised concerns for privacy, but also the security risks involved in downloading content from the Internet. Reportedly, malware from distributed denial of service (DDoS) attacks on those computers that accessed the photographs, took down the entire IT infrastructure in New Zealand alone. This example goes to show that ANZ is not immune to cyber attacks and breaches.In fact, a growing number of these types of incidents originate in ANZ and are much more common than what is disclosed. Threats posed by DDoS attacks in particular, are growing more rapidly. We are seeing an increase in high profile and high impact international DDoS attacks carried out on major Australian institutions and government organisations. Some examples that come to mind include the Australian Federal Police (AFP) and the Reserve Bank of Australia, which were both breached late last year. These attacks show that even the largest, most secure institutions in Australia are faced with the challenge to protect themselves against highly sophisticated cyber threats. Size doesn’t matter In addition, it is important to note that a few years ago it was typically only high profile brands that were subjected to DDoS attacks. Take for example large US-based corporations such as JP Morgan Chase and the New York Times whose websites remained on the radar for attackers and were eventually attacked. Recent trends show however, that smaller companies are not immune to the threat of cyber attacks either. Attackers seeking intellectual property and economic data have shifted their focus to the smaller players and suppliers of larger firms. In fact, the threat of launching a DDoS attack, in return for a paid ransom, is not uncommon to corporations who do not want to deal with the hassle of answering to its stakeholders. When a company is found to have loopholes in its security infrastructure, they not only stand to lose data, they also stand to lose customer confidence and in turn have to manage their brand reputation delicately. As a result, these types of cases go unreported and there will be no sight of these payoffs, in hopes to sweep the issue under the carpet. In addition to DDoS attacks, malware has emerged as one of the most powerful tools for targeted data exfiltration, used particularly when an attacker wants to steal intellectual property or currency. According to the Australian Communications and Media Authority (ACMA), an average of 16,500 cases of malware have been reported to Australian Internet service providers every day last year. Moreover, the head of Australia’s corporate regulator has warned that Australian businesses are not taking the risk of cyber crime seriously enough. According to Aon Financial Specialties, cybercrime in Australia costs an estimated AUD4.5 billion annually. We all know that security is a global issue and isn’t going away anytime soon. In addition, the uptake of the Internet of Things is only going to make security an even bigger consideration for businesses. So what can organisations in Australia do to protect themselves more effectively? Predicting a DDoS attack is difficult, and the results can be disastrous: loss of revenue-generating applications as well as reputational damage can negatively impact a business for years. Protecting against an attack however, may be less difficult. There are ways a company can keep their applications, services and even their entire network online, without stopping legitimate traffic. F5 Networks’ BIG-IP Advanced Firewall Manager, Application Security Manager and Local Traffic Manager provide the combination needed to mitigate DDoS attacks, from blocking attack traffic to re-routing legitimate requests to ensure uptime. At the same time, understanding who is attacking the business, as well as how and why, can help prevent an attack from causing too much damage and can help protect against future attacks.What’s new in 2015: consumer hyperawareness, public services going digital, and a shift in the way we view clouds
Like all of us here at F5, I love technology and how it shapes virtually every aspect of the world today – creating opportunities, advancing knowledge, and connecting people. In 2014 alone, we’ve seen wearables transition from novelty to mainstream technology, the market for drones take off, big data make big strides from hype to reality, smartphones prices drop as low as US$50, new eCommerce records set in China on singles day and in the US on Black Friday, and much, much more. We’ve also seen some negative superlatives as well, with unprecedented zero-day vulnerabilities like Heartbleed and Shellshock, ever more sophisticated hacks and attacks, and DDoS attacks of a scale and complexity never seen before. It’s been a fascinating year for geeks and technologists like us (and probably you!). Now we’re into the final month of the year, it’s time look forward all that awaits us in 2015. After lots of lively debate and discussion here in the F5 offices, we’ve identified these major trends that we predict will have a huge impact on technology, business, and government – as well as end-users, consumers, and citizens – in the coming year. Let us know what you think! The rise of‘consumer hyperawareness' Understanding what drives their customers has become a given for any organization interested in success, and in 2015 it will become more critical than ever as businesses fight for competitive advantage with more data about consumers and increased abilities to draw insights from them. We call this new level of customer knowledge ‘consumer hyperawareness,’ and it will change how organizations deliver and tailor products, services, and support, allowing them to identify and meet consumer needs with previously unimagined precision – creating benefits for businesses and consumers alike. The timing is perfect: network ubiquity, processing power and analytics solutions are now capable of making it happen. And the social media revolution has made people more comfortable than ever about volunteering information and enjoying a rich mix of benefits for doing so. A tipping point for digital delivery of public services Citizens are becoming increasingly connected and tech-savvy at exponential rates, and they’re starting to demand from their governments the same level of convenience and speed they get from businesses’ online service. In response, we expect to see governments move quickly from dipping their toes into providing public services digitally to diving in full force! The shift may be helped by increased comfort of people to share information and handle transactions, even sensitive ones, online.After all, if people are already sharing what they are eating on Facebook, perhaps they’d be equally quick to, for example, complete a government survey on the subject, which may well help health authorities take steps to improve nutrition or reduce obesity. The benefits will even extend to schools as governments are able to better personalize education based on data garnered from students and their work. Of course, security will still remain and big issue with this shift in mind, and identity theft will be a key area to protect against as people extend their presences online as citizens and consumers. Not all clouds are created equal For years, the IT industry has been on fire with the idea of getting businesses to move their technology into the cloud – replacing, and in many cases replicating, existing physical data centers with a cloud-based equivalent. However, there has been less focus on efficiency, which can leave some enterprises with OPEX bills as big, or bigger, than the CAPEX they are trying to eliminate. In the coming year, expect to see increased interest in cloud optimization and more enterprises adopting a “Cloud First” strategy in many business-technology decisions. In emerging markets in particular, we anticipate rapid and opportunistic adoption of exciting and powerful new technologies and business models that leap frog generations and drive innovation.
Securing the future of the telecommunications industry in Australia
Over the last 50 years, our means of communicating with one another has evolved radically through the influence of technology. From the telegram to emails, from the telephone call to over-the-top applications, the realm of communications is constantly evolving. In Australia, the Internet of Things (IoT) and smartphone proliferation are the biggest trends that continue to evolve and drive data growth. Hence, optimising, monetising and securing the IoT mega-trend, is the new consideration. With the rise of smartphones and subsequent surge in data exchange, networks are under enormous pressure to deal with extra bandwidth demands efficiently and securely. Moreover, the plethora of apps being downloaded continues to put pressure on service providers to scale theirnetworks. The legacy infrastructure of 3G faced the same pressures, but it was manageable back then because the cables were not as advanced as those used for NGN and LTE today. To put this into context, the average speed of 3G before ranged from 1.5 – 7 Mbps while the speed of LTE can go up to 150Mbps. Therefore, the possibilities for DDoS and DoS to manifest itself as a result of greater bandwidth are vast. As the Internet develops and apps became a “part and parcel of life”, and in Australia in particular with the National Broadband Network and the 4G LTE network, more avenues of attack have emerged. The DDos and Dos are the most common attacks that service providers face today. These can bring down entire systems, in particular the DNS Services. DNS is one of the primary technologies enabling the Internet – translating the names people type into a browser into an IP address so the requested service can be found on the Internet. It is one of the key elements in the network that delivers content and applications to the user. If DNS goes down, most web applications will fail to function properly so it is critical to have a strong, secure and scalable DNS infrastructure. This damage can be accomplished from a single Internet subscriber, accessing the DNS server, and accessing all manner of sensitive information both from the server and from the provider. What does this mean to the average Internet user? If one person can deny hundreds of thousands of users access to the Internet, it’s not too hard to imagine the personal and business implications. These attacks can lead to significant amounts of downtime and, especially for serviceproviders (SP),lossofrevenuesandincrease insubscriberchurn. Battling DDoS and DoS attacks So what is being done about these weaknesses to DDoS and DoS attacks in Australia? Internet service providers are taking serious measures to ensure the 100% availability of its DNS systems. This is achieved byplacing greater emphasis on ensuring capacity as well as security when DNS systems are built. There is no silver bullet when it comes to preventing DoS and DDoS attacks on DNS systems. They will continue to exist in every service provider’s network. Having said that, service providers can build DNS systems that allow for both absorption and mitigation of these attacks. The best way to mitigate DoS and DDoS attacks is through a distributed and purpose built carrier grade DNS architecture. It is designed to perform main functions like DNS caching and security measures, such as anti-cache poisoning and executing DoS and DDoS prevention vectors. These vectors enable high numbers of DNS requests to be fulfilled, faster DNS responses to the subscriber, as well as absorption of the attacks, which then gives time for measurements to either kick in immediately or be put in place. There are also DNS resolvers that retrieve information from authoritative servers and return answers to end-user applications. A DNS resolver that is configured correctly will only respond for the hosts in its domain. By using such technologies, a distributed carrier grade DNS architecture can isolate and limit the impact of DoS and DDoS attacks. Since the dawn of the Internet, data usage on service provider networks continues to grow. A successful user experience consists of a carrier grade DNS providing high availability, economical scalability, subscriber security, and high performance. With the many challenges within service provider networks, basic IP infrastructure can be overlooked. An intelligent management system of these IP essential systems is the first step to reducing an ever-expanding Capex and providing for a high quality of experience for subscribers.
Evaluating Your Tech Needs
In our increasingly digitised world, consumption habits are changing – both at a consumer and enterprise level – which in turn will significantly impact the way the C-Suite assesses their company’s technology needs. Consumers and employees are demanding access to information from any device, anywhere, at any time. This places additional pressure on existing technology infrastructure to essentially deliver more with shrinking IT budgets, without compromising security or performance. What’s more, as businesses continue to recover in the aftermath of the Global Financial Crisis, many are still dealing with cutbacks in IT investment and a shift in purchasing decision makers from the IT manager to business division heads, and the C-suite. With the increasing ability to implement critical technology services via software, businesses will demand the flexibility to grow based on their requirements, simply by adding additional software resources on their servers. This shift from Capital Expenditure (CapEx) to Operational Expenditure (OpEx) will mean that IT is viewed more as a utility in the coming years, opening up huge cost saving opportunities for businesses. Ultimately, services available on-demand through flexible licensing models will become a well-trodden path – given the reported benefits are to address increasing demand on delivering services. By having access to flexible billing options, executives will be able to scale the services up (or down) as needed, without a major upfront investment. Another trend that set to cause a series of technology shifts for businesses is the proliferation of new device adoption such as mobile phones, tablets, and ultra-mobile PCs, along with social technologies and The Internet of Things. In fact, with the cost of smartphones predicted by Gartner to come down to below the US$50 mark, it will open up mobile technology to more people than ever before. Inevitably, businesses need to consider more intelligent ways to serve customers online and on-the-go. As consumer mobile devices become ‘corporatised’, end-users will expect secure access to services from any device, and with web applications under increasing attack, security will also need to be top of mind. Ultimately, whether it’s for security, mobility, performance or ensuring availability, IT infrastructure will need to align with new innovations and changing user demands. The velocity of non-traditional enterprise applications being used in business will open up risks and require organisations to consider the security implications. Gen Y and Z employees will continue to demand a socialised environment; blurring the lines between personal-social and business-social applications. From malware to data leakage, organisations will find themselves at risk if they don’t adequately manage the social element of their organisations. C-level executives will need to start thinking about introducing policies and ensuring their IT infrastructure is prepared to cater to this new breed of employees, in order to stay competitive. Regardless of how they access corporate information through applications, these users have come to expect equivalent or better performance on a mobile or tablet than that achieved on a typical desktop computer. What businesses need is a backend infrastructure that can help deliver image-heavy content, prioritise traffic to overcome mobile network latency, and offer visibility into application performance. Furthermore, as cyber crime becomes more complex, with attacks from multiple angles on different devices, single-purpose security machines will be phased out in favour of sophisticated multi-purpose machines. This convergence will also happen in the context of performance, as businesses come to expect fast, reliable user experience on any device.Success in an app-defined world
We live in an app-defined world. Businesses run on applications and it is critical that applications are accessible on any device, everywhere in the world. At F5, we recognise the importance of this. This is why we are delighted that F5 has been named Application Delivery Controller Vendor of the Year by Frost & Sullivan, for the sixth consecutive year. I’m glad F5 has continued to exceed expectations of our users and partners. This award is a testimony of our promise to them to invest in R&D and undertake continuous development. As it grows, the application environment is becoming more complex. Aside from residing in a data centre, applications exist in the cloud and on mobile devices. Today, millions of apps define the way we work and play. The ability to deliver these applications smoothly to users —both on premise as well as mobile users — greatly impacts employee productivity as well as customer experience. This evolving environment demands increasingly intelligent solutions. And this is where F5 fits in. Having been a player in the application delivery field for decades, F5 understands the complexities of managing and securing applications. In fact, F5 delivers enterprise apps for numerous Fortune 500 companies. Last year, F5 announced its new architectural vision, F5 Synthesis, which promotes the delivery and orchestration of software defined application throughout data center, cloud, and hybrid environments. Powered by a high performance intelligent fabric, F5 Synthesis promises customers rapid and cost effective delivery of application services at any time. The world runs on applications. And apps should just work. In other words, they should always be available, accessible from anywhere and any device, protected from security threats and perform without fail. F5 promises to leave no application behind.
