F5預測:生活、自由與寬頻權
Please find the English language post from which this was adaptedhere. 印度總理莫迪(Narendra Modi)上任時,政府即訂下明確的優先目標,其通訊部長表示:「如果瓦巴依(Atal Bihari Vajpayee)政府以興建全國高速公路著稱,那麼莫迪政府將以構築寬頻高速公路留名。」我們或許會驚訝印度將網際網路連接性看成比其他許多重要的國家建設還要優先,但是未來一年類似這樣的宣佈將變得越來越平常,因為我們已開始達成廣大的共識,認為開放且經濟的寬頻網際網路存取並非特權而是一種基本權利。最近一項以24國網際網路使用者為對象的調查顯示,83%受訪者相信經濟的網際網路存取應該成為一項基本人權。 事實上,聯合國已在一份報告中指出「有鑑於網際網路已成為實現廣泛人權、對抗不平等、以及加速發展和促進人類進步的一項不可或缺的工具,因此普及化網際網路存取能力的確保應成為所有國家的優先目標。」 最近,美國政府在一項肯定網際網路對日常生活之重要性的行動中,已正式將其歸類為一種基本的公共事業,希望它維持開放給大眾和企業存取而不會遭到自私的利用。從這個意涵來看,網際網路已開始被視為類似其他公共事業,例如電力、水和電話連接性。 促成這項觀念的改變,是因為人們與世界的互動方式產生了巨大的變化。技術與網際網路介入人們日常活動的層面越來越廣,從簡單的查詢巴士時刻表到更重要的社會義務,例如投票註冊等。而隨著公共服務的數位交付在2015到達一個臨界點,站在數位落差劣勢端的後果從未如此明顯 當然,欠缺網際網路存取的結果並非只是造成個人自由與意見遭到抑制。由網際網路提供的連接性與工具幫助人們建立社群、促進經濟發展、提供關鍵服務以及從其他許多廣泛的方面加速社會進步。網際網路現在已成為主要的促成機制,包括公民的群集、意見的散播、以及經濟機會的開拓。少了它,那些受抑制的人們將維持被支配的命運,而經濟弱勢者的向上動能將減至最低。 前國際電信聯盟(International Telecommunication Union)秘書長Hamadoun Touré曾指出:「如果在醫療方面欠缺電子化醫療,在教育方面欠缺電子化教育,將無法達到千禧年目標(Millennium Development goals),而若果沒有電子化政府服務也將無法提供政府服務。」 在瑞士,領先的電信服務供應商Swisscom在一項公私合夥關係下,為瑞士所有學校提供免費的網際網路存取,滿足電子化教育需求。為了連接超過6,800所中小學的100多萬學生與教師使用群,Swisscom需要一個穩定、高效能且可靠的方案以支援負載平衡、URL過濾、代理管理與安全等需求。為此,F5夥伴eXecure為其提供F5流量管理與安全方案。 芬蘭是全球第一個將寬頻訂為所有公民權利的國家,於2010年建立了速度標竿。其他國家,從愛沙尼亞到西班牙乃至於哥斯達黎加等相繼跟進,將網際網路存取定義為一項權利或普遍服務(universal services)的一部分。未來一年,我預期越來越多亞洲國家也將採納這個觀點,尤其著重於行動寬頻。我們在這個地區已有許多領導先驅,例如新加坡的Next Gen NBN已將高速寬頻普及到超過95%國土,而南韓、香港與日本則是全球平均連線速度最高的三個國家地區。 這個趨勢也意謂著在不久的未來將增加數百萬或甚至數十億上線人口。企業與政府將有極大的新機會可以運用此一趨勢。然而,他們將需要做好準備以便快速延展並順應一個新的全數位世界,同時維持嚴密的安全與隱私保護。 例如,比利時政府在決定透過網際網路將年金資料開放給該國所有受雇者與支領年金者存取時,面對一些重大的課題,包括必須確保這些高度個人化且敏感的資料不會遭受非法存取,而且也必須確保數百萬潛在使用者的高效能服務存取和可用性。一家F5夥伴公司與相關當局合作,部署一套F5應用交付方案以確保效能和可用性,包括於發生錯誤時的立即接管(failover),並且搭配一個強韌的應用安全模組,支援建立客製化登入程序、在Web伺服器之間路由流量、以及藉由F5 iRules腳本程式強化應用層安全性。 寬頻已成為一項普世權利,它開啟了一個充滿重大機會以及特定風險的全新世界 - 我已迫不及待。
F5 Predicts: Identity theft going viral in Southeast Asia
According to a Symantec report, in Singapore alone, cybercrime cost the average victim S$1,448 (US$1,056) in 2013, three-and-a-half times the global average of US$298. By 2020, the overall impact of cyberattacks on the global economy is estimated to be as high as US$3 trillion. The continued rise in these figures is driven by several key trends: more people spending more time online, thanks to the proliferation of broadband connectivity; an increase in financial transactions online, including e-commerce; and rapid adoption of mobile devices, often with fewer security measures in place than traditional computers. Trend Micro’s reportThe Invisible Becomes Visible anticipates that in 2015 data breaches will more frequently hit the mobile devices that carry consumer data, and the companies that store it. Southeast Asia is a nexus of all of these developments – which is why we can expect identity theft to explode in the region in the coming few years. Smartphone and tablet penetration is skyrocketing there, bringing online millions of new users; 62% of Internet users in Indonesia and 41% in Thailand use only a smartphone to connect, compared with 11% and 6% in the US and UK respectively. And 37% of Singaporeans and 32% of Malaysians made their latest purchase online, beating out the 29% in the US (Google Consumer Barometer). While shopping and entertainment services, as well as public services, increasingly move online, education and awareness about online privacy and safety remains low. More people are routinely sharing data loosely with more organizations than ever, and through unsecured channels, putting personal identity data at greater risk than ever. What does this mean for my business? Business IT infrastructure and applications continue to be the main targets of hackers, who often aim to acquire user data and financial records from enterprises. The dire consequences an attack can have on a business have become increasingly apparent; one recent EIU study indicated that almost 40% of firms haveexperienced significant economic loss as a result of data security breaches. From a macro perspective, the survival of online commerce and services relies on continued consumer confidence that they can share their information online without exposing themselves to a significant risk of identity theft. Already, privacy and security are major barriers in the take-up of online and mobile payment services. Businesses need to counterbalance with strong, proactive security measures that reflect the increasingsophistication, frequency, and diversity of today’s attacks. Conventional stateful security devices at the edge of the data center are ill-equipped to handle such attacks, there is a need for modernthreat mitigation platformsthat provide complete protection from the bottom to the top of the network stack, from apps hosted in on-premise data centers to apps sitting in the cloud. Hackers use poorly protected public facing web channels as a means of entry into an organization – compromising servers, stealing data and performing mischievous defacement – as such, these channels have to be sufficiently protected. Replicating and enforcing consistent and proven web application security policies across traditional and cloud (i.e. hybrid) environments, however, involves significant cost and complexity; organizations must choose between employing specialized IT security teams in-house or adopting solutions such as F5’s hybrid security offerings and offloading complex policy management and compliance to drive efficiencies. F5 Silverline Web Application Firewall (WAF), for example, is supported by highly specialized security experts who build and maintain WAF policies for organizations to defend against web attacks and help achieve regulatory compliance in hybrid environments. Corporations are at risk when their employee’s identities or accounts are compromised as well. The underground financial marketplace was recently buzzing with activity with the launch of the Dyreza or Dyre malware, which hastargeted hundreds of bank websites and stolen over US$1 million from corporate bank accounts, becoming one of the most dangerous banking Trojans ever. After successful infection of the endpoint, Dyre is able to steal users’ login credentials and perform illicitfinancial transactions, unbeknownst to the user. F5’s anti-fraud solution,WebSafe, is able to prevent such man-in-the-middle and man-in-the-browser attackswhere hackers intercept unencrypted web traffic allowing users mistakenly believe they have a secure connection with their online banking site. Malware also has the ability to perform web injections and embed fake fields into theseeminglyreal website, tricking users into entering details likecredit card information, birth dates and other personal information. They also perform automated transactions to steal or transfer funds to unauthorized accounts. F5’s WebSafe has the added ability to proactively detect phishing websites as they are being set up, allowingorganizationsto arrest these in almost near real time. Full name. Date of birth. Occupation. Phone number. Address. We encounter these form fields and blank spaces online almost every day, but how many of us think before filling them in? Or stop to question where that information is going, how it’s being transmitted and stored, and what security measures are in place? We may not be thinking too much about the questions – but hackers certainly are. They are constantly identifying vulnerabilities and exploiting them, stealing our Personal IdentifiableInformation, and if theproper gates are not put in place to mitigate these, theconsequences will beinsurmountable.
2015년도 IT 업계의 새로운 물결 : 소비자 인식의 증대, 공공서비스의 디지털화 및 클라우드에 대한 인식의 변화
Please find the English language post from which this was adapted here. IT 업계 종사자들 대부분이 그렇듯이 나 역시 신기술을 사랑한다. 또한 이런 기술들이 많은 사람들을 위해 기회를 창출하고, 인류의 지식을 발전시키며, 사람과 사람을 연결시켜주는 것과 같이 사실상 우리 삶의 모든 면을 바꾸어 나가는 것을 좋아한다. 작년 한 해 동안만 하더라도 새로운 기술이라고 인식되던 웨어러블 기술이 주류 기술로 자리잡고, 무인항공기 드론 관련 산업이 크게 도약했으며, 빅데이터가 단지 기대치가 높은 개념의 수준에서 현실로 큰 발전을 했고, 금융과 IT가 융합된 핀테크 산업과 전자상거래가 눈부시게 성장했으며, 일부 시장에서는 스마트폰의 가격이 50달러 대로 떨어지는 등의 엄청난 변화를 목격했다. 하지만 일부 부정적인 면도 생겨났는데, 과거에는 없었던 하트블리드나 쉘쇼크 등의 제로데이(zero-day) 취약점들, 더욱 정교해진 해킹 및 보안공격들, 그리고 기존과는 규모나 복잡성에서 차원이 다른 DDoS 공격들이 여기에 포함된다. 2015년을 맞이하여 F5 네트웍스에서는 앞으로 기술, 비즈니스, 정부, 엔드유저, 소비자 그리고 일반 시민들에게까지 큰 영향을 미칠 주요 트렌드들을 정리해보았다. 첫 번째, 소비자 성향에 대한 초고도의 이해력 어떤 조직이든 간에 비즈니스 성공을 위해서는 고객들이 무엇을 원하고 무엇이 고객들을 행동하도록 만드는지를 파악해야만 한다는 것은 거스를 수 없는 사실이 되었다. 2015년에는 소비자에 대한 더 많은 정보와 이 많은 정보로부터 얻는 통찰력을 통해 경쟁우위를 점하기 위한 기업들 간의 경쟁이 그 어느 때보다 치열해짐에 따라 고객에 대한 이해는 더욱 중요해질 것이다. 우리는 이처럼 소비자에 대한 새로운 차원의 이해를 ‘소비자에 대한 초고도 이해력’이라고 부르며, 이 개념은 조직들이 제품, 서비스, 고객지원을 맞춤화하고 제공하는 방법을 바꿔서, 이전에는 상상할 수 없었을 만큼 정확하게 소비자들의 니즈를 식별하고 충족시키도록 만든다. 이를 통해 기업과 소비자 모두가 혜택을 입게 된다. 어디에나 존재하는 네트워크, 강력한 데이터처리 능력 및 분석 솔루션 등은 이 모든 것을 실현시킬 수 있을 정도로 발달되어 있으며, 소셜미디어 혁명으로 인해 사람들이 정보를 나누고 그를 통해 얻게 되는 많은 혜택들을 누리는 것에 대해 그 어느 때보다 편안하게 생각하고 있는 지금이 바로 최적기라고 할 수 있겠다. 두 번째, 공공서비스 제공의 디지털화를 위한 변곡점 사람들이 네트워크를 통해 연결되고 기술에 대한 지식을 습득하는 속도가 기하급수적으로 빨라지고 있으며, 그들은 이제 정부기관도 기업들이 제공하는 온라인 서비스와 같은 수준의 편리함 및 속도로 서비스를 제공할 것을 요구하고 있다. 따라서 향후엔 정부 및 공공기관들도 공공서비스를 디지털로 제공하는 것을 시도해 보는 단계를 넘어서 이런 디지털 서비스를 본격화해야만 한다. 사람들이 정보를 공유하고 심지어 상거래와 같이 주의가 필요한 거래들조차 온라인으로 처리하는 것을 편안하게 받아들이면서 이러한 변화가 가속되었다. 결국에는 현재 사람들이 자신이 먹는 음식을 Facebook 상에서 공유하고 있다면, 아마도 그들은 정부가 실시하는 여론조사에도 그만큼 쉽고 빠르게 응답할 것이며, 한 예로 보건당국은 국민영양 상태를 개선하고 비만을 감소시켜 나가는 데 도움을 받게 될 것이다. 또한, 정부기관이 학생 또는 그들의 학업결과로부터 수집된 데이터를 바탕으로 더욱 개인에 맞춤화된 교육을 제공해 교육기관도 이러한 혜택을 누릴 수 있을 것이다. 그러나 사람들이 온라인 상에서 시민이자 소비자로서 그들의 존재감을 더욱 확장해 감에 따라 보안은 이들에게 여전히 중요한 문제이며, 정보 도용 방지는 반드시 보장되어야 하는 핵심 요소로 생각할 것이다. 세 번째, 모든 클라우드가 동일한 것은 아니다 지난 수년간 IT 업계는 기업들이 기술을 클라우드 상으로 옮겨 기존의 물리적 데이터센터를 클라우드 형태로 대체하거나, 경우에 따라서는 복제하도록 유도하려고 노력해왔다. 하지만 효율성에 대한 고려가 충분히 이루어지지 않았는데, 이로 인해 기업들이 부담해야 하는 운영비용(OPEX)을 그들이 줄이기를 원하는 설비투자비용(CAPEX)과 비슷하거나 더 큰 규모가 되도록 만들 수 있다. 향후에는 클라우드 최적화에 대한 관심이 더 커질 것이며, 더 많은 기업들이 비즈니스와 관련된 기술 선정에 있어 ‘클라우드 우선’ 전략을 채택할 것이 예상된다. 특히, 신흥시장들에서는 그간 여러 기술 세대에 걸쳐 뒤쳐진 것을 한 번에 뛰어넘는 흥미롭고 강력한 새로운 기술들과 비즈니스 모델들이 신속하게 채택될 것으로 기대된다. 현재 많은 수의 국내 기업들도 IT 인프라 운영비용 절감 및 효율성 극대화를 위해 소프트웨어 정의 데이터센터(SDDC)를 도입하거나 고려하고 있는 상황인 만큼, 향후 효율적인 클라우드의 도입은 비즈니스의 성패를 가르는 중요한 요소가 될 것임이 확실하다.F5 Predicts: Where will innovation come from in 2015?
In 2014, the charismatic leader of one of the world’s largest democracies, who won the presidency with promises of change and savvy use of social media, turned to the Internet to crowdsource his Cabinet – inviting average citizens to provide input and suggestions online. No, it wasn’t President Obama. In fact, it was President Joko Widodo of Indonesia. Surprised? Well, maybe you shouldn’t be. While, the West – and only more recently Japan and Korea – has long been at the forefront of digital and market innovation, that pattern of leadership is about to change. The nexus of new ideas and new applications of technology is rapidly shifting to other regions, particularly emerging economies, where broadband and mobile penetration is reaching critical mass, apps have deeply proliferated in daily life, and there are fewer legacy investments or entrenched models. According to the GSMA, China, India and Indonesia are already among the top ten top global smartphone markets with the most number of smartphone connections. Findings from Google’s Consumer Barometer also reveal that markets such as the Philippines, Indonesia and China are adopting smartphones at a higher rate than computers – a trend that is absent in the West. Without “tried and tested” successes that constrict their imagination, along with the rapid, opportunistic adoption of powerful technologies, these emerging economies have demonstrated their innovation leadership in not just politics, but also a wide range of business sectors such as finance, retail and marketing. A startup company in Indonesia brought social network game, Farmville, to life using a concept called “Cloud Farming”. The startup develops a cloud-based platform that enables users to invest (and also gain profits) on agricultural activities, just like the game! This micro-financed farming business model is able to link the increasing adoption of internet in Indonesia with the country’s agricultural potential. How it works is simple. Through the online platform, users are able to choose from a variety of crops, select the amount of seeds to be planted, then transfer their funds to the company- who acts as a link between sponsors, farmers and other stakeholders. Instead of getting points or tokens, the users receive cash; 40% of the returns from their harvest. In China, smart phones have become the choice for shopping and financial management among youths. Alibaba’s yearly shopping campaign on November 11, better known as “Double 11” drew an astonishing turnover of 9.3 billion US dollars in revenue last year. Of which almost half - approximately 4.1 billion US dollars, were paid via smart phones. With the constant growth of smart phone users in China as well as the implementation of 4G service, smart phone not only exerts an influence upon traditional industries but also changes traditional Chinese customs. For instance, Alibaba and Tencent launched a “Handing out Red Envelops” app service before the Spring Festival and it sky rocketed on the eve of Spring Festival, users handed out 240 million red envelops via Alipay, which was worth a total of 670 million US dollars, and via the WeChat platform about 88 million US dollars. Emerging markets in Asia Pacific, from China to India to Indonesia, will continue to experiment, innovate and challenge the industry status quo. Without the shackles of legacy systems or costly infrastructure, these markets will neatly side-step the pitfalls that have plagued the more mature markets and use their inherent speed and agility to leap-frog generations of outdated technology. These markets might also create an OPEX driven business culture that is more focused on performance and results than the current CAPEX-oriented economy, where investment has typically been the principle concern. While businesses elsewhere are still working on migrating to the cloud, many in emerging markets are already thinking “Cloud-First” as easy access to public cloud services from the likes of AWS, Microsoft, IBM and Google allows them to quickly get their services to market. And in most emerging markets, time to market makes all the difference between making it and breaking it due to hypercompetitive pressures. This truly cloud-first approach is a significant reason why here at F5, we’re moving towards offering our leading security, optimization, and availability solutions as-a-service through the industry-first Silverline platform, and so that organizations can benefit from our offerings regardless of what their infrastructure model is. Whether in emerging markets or developed, we’re ready to support new innovations and ensure applications are delivered quickly, securely and with high availability as they and their users multiply exponentially around the world.F5 Predicts: A right to life, liberty and… broadband
When Indian Prime Minister Narendra Modi took office, his government made its priorities clear: ““If Atal Bihari Vajpayee government was known for national highways, Narendra Modi government will be known for broadband highway,” his Communications Minister said. It might seem surprising that internet connectivity would take top priority among many other issues of national importance, but in the coming year statements like these will become more and more commonplace as we start to reach broad consensus that open and affordable broadband internet access is more a right than a privilege. One recent poll of internet users in 24 countriesfound that 83% of them believe that affordable access to the internet should be a basic human right. Already, the United Nations has stated in a report that "Given that the Internet has become an indispensable tool for realizing a range of human rights, combating inequality, and accelerating development and human progress, ensuring universal access to the Internet should be a priority for all states." Just today, in a move that recognizes the importance of the Internet in everyday life, the US government has officially classified it as a basic utility, in the hope that it remains accessible to the public and enterprises without exploitation. In this sense, Internet is beginning to be viewed as akin to essential public utilities like electricity, water, and telephone connectivity. This change in opinion is driven by the tectonic shift in the way that people interact with the world. Everyday activities are increasingly mediated by technology and the internet – fromsomething as simple as checking a bus timetable to more important social duties, like registering to vote. And with digital delivery of public services reaching a tipping point in 2015, the consequences of being on the wrong side of the digital divide have never been more apparent. Of course, it’s not just individual liberties and options that are curtailed by the lack of internet access. The connectivity and tools offered by the internet builds communities, fuels economies, provides critical services and accelerates societal progress in many other broad ways. The Internet is now the principal enabling mechanism by which citizens assemble, ideas spread and economic opportunities are sowed. Without it, the oppressed are more likely to remain subjugated and the economic underclass to have minimal access to upward mobility. As former International Telecommunication Union Secretary General Hamadoun Touré has said,“You will not be able to meet the Millennium Development goals in health without e-health, in education without e-education and government services will not be able to be provided without e-government services.” In Switzerland, leading telecommunications provider Swisscom has already met the need for e-education by rolling out free Internet access for all Swiss schools as part of a public-private partnership. To connect the more than 6,800 primary and secondary schools, with apotential user base of over one million pupils andteachers, Swisscom needed a stable, high- performance, and reliable solution for load balancing, URL filtering, proxymanagement, and security, which F5 partner eXecure was able to provide with the F5Traffic Management and Security solutions. . Finland was the first country in the world tomake broadband a legal right for all its citizens, with speed benchmarks put in place in 2010. Other nations from Estonia to Spain to Costa Rica have followed suit, defining internet access as a right or part of universal services. In the coming year, I expect countries in Asia to increasingly adopt this perspective as well, with a particular focus on mobile broadband being a key piece of the puzzle. Already we have many leaders in the region: Singapore’s Next Gen NBN, for example, has already brought high speed broadband to over 95% of the nation; South Korea, Hong Kong, and Japan boast the three highest average connection speeds in the world. This trend also means millions, or even billions, more people online in the near future. Enterprises and governments will have a tremendous wealth of new opportunities to tap into. However, they will need to be prepared to rapidly scale and adapt to a new all-digital world, all while keeping a close eye on security and privacy issues. The Belgian government, for example, faced some significant concerns when it decided to make pension data accessible over the Internet to all employed people and pensioners in the country – it had to secure this highly personal and sensitive data from unauthorized access, and it had to ensure high performance and availability for a potential user base of many millions of people. An F5 partner worked with the agency involved to deploy a F5 application delivery solution to ensure performance and availability, including instant failover in the event of a fault, along with a robust application security module with customized processes for logging in, routing traffic between web servers, and strengthening application layer security scripted with F5 iRules. Broadband becoming a universal right heralds a brave new world filled with big opportunities as well as certain risks – and I can’t wait.
F5 predicts: IT departments to become brokers
IT brokers In this rapidly evolving age of technology, business demands are constantly changing. New technology innovations are introduced into the market at a dizzying rate. IT departments have the core role of providing technology solutions for business problems within organizations. However, instead of delivering these solutions themselves, IT departments of tomorrow will deliver solutions by managing relationships with multiple third-party IT innovators. This is to ensure the latest technology; a wider depth of technical expertise, as well as higher efficiency and allocation of manpower resources internally. To understand this shift in roles and relationships, we first examine how third-party IT innovations have helped businesses meet the changing demands of the current age with cloud and security solutions, and the various benefits of maintaining relationships with third-party IT innovators. Third-party innovations to meet changing business demands Robust third-party technological solutions are valued above all, for these bring a drastic increase in efficiency, productivity, agility and more importantly, competitive advantage. Cloud Solutions A 2012 study by the IBM Institute for Business Value and Economist Intelligence Unit, which surveyed 572 business and technology executives across the world, found that 90% expect to have implemented cloud in their organizations in the next three years. This brings the expected growth now to 41% from 13% at the time of the study. In this digital age, consumers have drastically changed their browsing and purchasing behavior. According to research by Gartner, it is predicted that more than 7 billion people and businesses, and at least 30 billion devices will be online by 2020 — which means most of the world will communicate and transact in the online sphere. To cope with this change, businesses have to adapt their strategies accordingly — i.e. find more efficient ways to conduct processes, share and exchange information, reach consumers and at the same time, ensure these transactions are accomplished in a secure environment. An example of an organization that has reworked its business model with a cloud computing solution is Etsy, a widely used online marketplace for handmade goods. Etsy “is able to cost-effectively analyze data from the approximately one billion monthly views of its Web site and use the information to create product recommendations.” (Forbes, 2012) According to research by Gartner, in 2015, “at least 20% of all cloud services will be consumed via internal or external cloud service brokerages, rather than directly, up from less than 5% today”. While the debate has mostly revolved around internal (private) and external (public) cloud models, it seems like the hybrid model may be a more viable solution amongst businesses concerned primarily with security. For example, Action for Children works with about 50,000 children and young adults in more than 600 projects worldwide. The organization needed to keep sensitive data in-house, and at the same time, manage web traffic and conduct data analysis for a deeper understanding of their customers for fundraising activities. They achieved this through a hybrid cloud solution. Security Solutions “Through 2015, mitigating data breaches will cost 10 times more than installing data protection mechanisms on mobile devices.” Gartner, November 2010 Security has become critical aspect of the digital age and will require the know-how of third-party service providers. The adoption of solutions from multiple parties, coupled with vast amounts of information shared and transacted online between and among service providers and organizations require security solutions to shield sensitive data. Organization networks today are subject to targeted attacks and intrusions. Denial-of-Service (DOS) attacks for example, can knock out critical applications, which in turn affects both businesses and its customers. Hackers are also constantly evolving their attack vectors. This online battlefield can prove bewildering to the IT department. Third-party service providers offer both expertise and robust infrastructures to ensure the protection and availability of organization’s networks. The advantages of brokerage There are multiple plus-points to IT departments forging and maintaining relationships with third-party service providers. These relationships can be put in place through various contractual agreements, including Service Level Agreements (SLAs). First, service providers are equipped with all the new technologies available and most applicable for use in the organization, as well as the knowledge of best practices within the industry. IT departments can therefore avail itself to the best technology fit for its organization. IT departments can also better manage and deploy their internal manpower. IT departments have been accused of being ‘disconnected’ from the business. In this way, IT staff can be devoted to understanding the business and propose the best technology from its service providers. This model will also make it easier for the IT department to demonstrate value, as they will be able to reduce and manage cost and measure productivity. Furthermore, this can be done at a faster pace. Days when enterprise application implementation took 1 to 2 years will remain in the pass. IT departments can move from a cost center to being a cost controller. The role of IT departments in businesses is continuing to evolve more in light of changing consumer demands. The full realisation of this has yet to be seen, but we look forward to what’s yet to come.F5 predicts: The dumb firewall will become obsolete
Based on Gartner’s prediction, by 2016, the financial impact of cybercrime would grow by 10 per cent per year, due to the continuing discovery of new vulnerabilities fuelled by the increasing adoption of mobile collaboration platforms and cloud services. Another study, titled The 2013 Cost of Cyber Crime Study, reveals that the cost of cybercrime in 2013 escalated 78 percent, while the time necessary to resolve problems has increased by nearly 130 percent in four years. This fundamentally results in the need for organizations to rethink the security defenses that is being deployed to protect their IT infrastructure. Most organizations typically rely on traditional security solutions like network firewalls, Intrusion Prevention Systems (IPS) or antivirus software that monitor network traffic and/or system activities for malicious activity. Today's threat landscape encompasses an increasing range of potential vulnerabilities and demands an appropriately sophisticated response by those charged with cyber defence responsibilities — whether in the family, organization or at the national level. The proliferation of Internet connectivity has allowed malicious software to spread in seconds to millions. And the malware itself has become much better at avoiding detection, taking steps to hide its signature. Most viruses today are obfuscated a number of times and checked to make sure no anti-virus software can detect it - all in a matter of seconds, and all before it's sent out to its victim. Sensitive data is facing new security threats—evidenced by all the application targeted cyber attacks we see in the news. High profile attacks, such as the Adobe data breach, attack by The Messiah in Singapore, the recent multi-layer distributed denial of service attacks, SQL injection vulnerabilities, and JSON payload violations in AJAX widgets, pose increasing risks to interactive web applications, data, and the business. Internet threats are widely varied and multi-layered. As these threats evolve, organizations find that traditional firewalls lack the intelligence and the scalability needed to stay effective and responsive under a multi-layered persistent threat scenario. Security practitioners are coming to grasps with the new paradigm of having to handle enterprise security as an end-to-end process from end-user device to networks to applications. The days of finding comfort behind a solitary firewall or a unified threat management device are gone with the current threat landscape. IT staff should be aware that any security solution should be able to handle attacks on multiple levels – i.e. at the network and at the application – providing a defense in depth; simple firewalls will easily be overwhelmed by the scale of the attacks that are experienced by enterprises today. "The threats that exist today are getting through many of today's existing security controls," warns Gartner Inc. analyst and Research Director Lawrence Pingree. "Advanced threat protection appliances that leverage virtual execution engines as a petri dish for malware are most effective to deal with the latest threats. Also, organizations must continue to upgrade their endpoint protection suites.“ ‘Intelligent security’ is becoming more important as cyber criminals become more sophisticated, and this is leading to the rise of security that is flexible and responsive based on factors such as the apps, location or the user. Ultimately, the right tool needs to be tailored for the right attack. One thing is clear: A one-size-fits-all approach to security won't work in 2014 and beyond. At the same time, security cannot be at the expense of performance. End-users are expecting high performance and security cannot be a bottleneck. Much alike the saying that no service can be “good, cheap and fast”, most security practitioners are looking for the ideal solution for an ever changing problem. But in reality we know that there cannot be one solution which can fulfil all requirements and be 100% foolproof. Like how insurance needs evolve over a person’s lifetime, security requirements also evolve over the enterprise business lifecycle. Therefore it is important to adopt an architectural approach to security which continually evolves as the landscape changes. Again remember that security is a function of people, process and technology and without the optimal use of the 3 components, 100% protection could be like a search for the Holy Grail! What is your view on the changing security landscape? Tell us in the comments below.F5 Predicts: Internet of Things Drives Demand for ‘Social Intelligence’
‘Innovation distinguishes between a leader and a follower’, Steve Jobs once famously said. A saying that is crucial for organizations in their efforts to be a ‘global player’. There are currently lots of innovation areas in the technology space, spurred by the ‘Internet of Things’ (IoT). This trend is already being tapped in a broad variety of industries, such as enterprise and public sector in terms of smart roads or for sensor networks in building, on trains, hospitals, and in factories. The term ‘Internet of Things’ can be simply explained: It is a technology that enables real-time and accurate data sensing with the ability to wirelessly transmit data to other objects on the network. For instance, products that are being embedded with sensors enable a company to track movements of products and monitor any interactions. Having this data at hand provides decision makers the advantage to fine-tune their existing business models. But beyond business, IoT is getting to transform our personal lives too, according to Forrester’s Top 10 predictions for the Asia Pacific tech market in 2014. Sensors getting people fitter, finding keys, unlocking houses and monitoring ambient temperature, among many others. One of the things that comes along with the ‘Internet of Things’ is the increase in connections, inevitably giving rise to higher network traffic, thus stressing the existing network infrastructure. This requires an infrastructure that is scalable, flexible and more intelligent than ever before. Forrester analyst Michele Pelino stated recently that a key issue that needs to be worked out will be the development of an IoT ecosystem, before the technology can be widely adopted. The first challenge for enterprises, however, is that their current IT infrastructure may not be able to scale quickly enough to cater to the demands of the business. Secondly, as Pelino pointed out, there would need to be a tried and tested ecosystem of Independent Software Vendors who are able to take advantage of all the data from the various sources to provide analytical insights. Finally, the adoption of new technologies usually takes time due to policy and business changes. From a technology point of view, it will mean a dependence on data centers equipped with information processing tools like analytics engines, business intelligence software and more importantly, an intelligent application delivery infrastructure. While the analytics can provide the much-needed ‘social intelligence’ capability for the business to tap, the intelligent application delivery system can ensure that such insights are delivered on a real-time basis and securely to the end user. This need for real-time secured ‘social intelligence’ stems from the advent of IoT driven intelligence and creates the demand for a suite of application services. Eventually these insights need to reach the relevant decision makers – services that provide real-time traffic optimization, availability and security for data flowing through such business intelligence apps. Ultimately, these solutions need to manage such an infrastructure from a single point of management and this has lead to the birth of Software Defined Application Services (SDAS), the next phase in the lengthy evolution of application delivery. SDAS is the result of delivering highly flexible and programmatic application services from a unified, high-performance application service fabric. Orchestrated intelligently, SDAS can be provisioned to solve significant challenges from the whirling maelstrom of trends driving IT today. Ultimately, SDAS relies on abstraction; on the ability to take advantage of resources pooled from any combination of physical, virtual and cloud deployed platforms. All in all, IoT is a technology promising compelling benefits in our personal lives and business environments. Inevitably, back end technology will need to keep up with these developments and become ever more sophisticated in the era of the ‘Internet of Things’.F5 predicts: Social Adoption opens up security risks
Kicking off the ‘F5 predictions’ series is a topic that is proving difficult for businesses to ignore: the avalanche of social technologies coming into the enterprise. Many companies understand the value technology brings, such as increased productivity, a more efficient workplace and better collaboration between colleagues and departments, greater brand experience between customers and companies. Many companies are also witnessing an evolving market. Notably, the demand from Generation Y and Z is or a more socialized work environment. Taking Singapore as one example, the figure has been put at 60% of the workforce. This new breed emerges as the largest age group since the baby boomer generation: they are well-educated, well-traveled, tech-savvy, able to multi-task and reaching out for social interaction, Millenials urge even the most traditional companies to deploy a more collaborative and socialized environment. Catering to this new breed of employees, managers need to fully understand the user behavior whilst introducing refreshed guidelines to ensure a secure social environment at work. To the customers, companies need to understand the user behavior to generate business and brand loyalty in a secured environment. And security is in fact the Achilles’ heel in companies, according to Ernst & Young’s Global Information Security Survey 2013. The number of security incidents increased according to thirty-one percent of the respondents by at least 5% over the last 12 months. Further, the survey indicates that security functions aren’t fully meeting the needs in 83% of organizations. Companies are eager to protect themselves against cyber-attacks, be it for reputation, revenue, and accountability reasons. It is a step in the right direction, as by not taking security risks into consideration, companies become an easy target for cyber attackers, which can probably jeopardize an organization’s reputation. Security is one of the top hurdles in organizations adopting new technologies. Formerly, they have been able to keep data behind their walls and have control over it. But with newer technologies, customer data is more exposed. The number of security breaches is on the rise. Nonetheless, the pace of technology evolution will only accelerate – such as with the ‘social’ demands of these younger cohorts. Millennials will soon dominate the workforce – just the same way Baby Boomers did once. This tech-savvy and highly mobile generation grew up with the Internet and expects readily available information for work and for pleasure on their mobile devices, as they already have on a typical desktop computer. And soon these younger cohorts are going to be the biggest customer group, conducting their lives in the virtual space. Together, the technology and the customer demand of this newest group drive a transformation of how different sectors act. Looking at the banking sector, Millennials’ expectations are to have access to the services, transact, any time and anyhow. Mobility strategy is not an easy endeavor for any company. Areas of consideration include access to applications and data, balance of security policies and user convenience, speed to provide needed information or complete a transaction, ease of browsing, etc. For most enterprises it is a time and resource-absorbing task to manifest mobile applications and to maintain these. What businesses need is a backend infrastructure that can help deliver image-heavy content, prioritize traffic to overcome mobile network latency, offer visibility into application performance, all these while keeping web vulnerabilities low. Furthermore, as cyber crime becomes more complex, with attacks from multiple angles on different devices, single-purpose security machines will be phased out in favor of sophisticated multi-purpose machines. This convergence will also happen in the context of performance, as businesses come to expect fast, reliable user experience on any device.
