How are you securing ActiveSync access to Exchange on-prem
Looks like I'm going back to the drawing board for APM and ActiveSync. I have forever user a user-cert check, issued by an MDM system to assure the user and device are trusted, before authentication. This method will not work with Outlook for iOS, at least no that I've seen. Also, we'll be looking at Online mailboxes soon. How are others securing ActiveSync? Have you found that APM just doesn't work well for this going forward?
Sudah Saatnya Perusahaan Mengkaji Kembali Kebutuhan Sistem IT Agar Mampu Mengatasi Tantangan Bisnis Di Masa Depan
Please find the English language post from which this was adapted here. Pesatnya perkembangan teknologi digital di Indonesia saat ini, membuat pola konsumsi berubah-ubah; baik di level konsumen maupun enterprise. Perubahan ini berpengaruh besar terhadap bagaimana para eksekutif perusahaan mengkaji kebutuhan teknologi perusahaan mereka, karena kini untuk bisa mengakses informasi dari perangkat apapun, kapanpun, dan di manapun sudah menjadi kebutuhan yang semakin meningkat. Kebutuhan ini menimbulkan tantangan bagi perusahaan untuk mampu menyediakan lebih banyak layanan kepada karyawan dan konsumen mereka, dalam batasan infrastruktur yang sudah ada, ditambah lagi dengan budget anggaran belanja IT yang kian menyusut dari tahun-ke-tahun, namun tanpa mengorbankan keamanan dan kinerja sistem IT perusahaan. Tantangan lainnya yang juga dihadapi perusahaan adalah semakin berkurangnya anggaran IT, yang dikarenakan keputusan belanja IT tidak lagi berada di tangan pimpinan divisi IT melainkan di tangan pimpinan divisi bisnis. Hal ini lumrah dilakukan karena perusahaan mencari berbagai cara untuk meningkatkan daya saing mereka dalam menghadapi pasar bebas dan salah satu cara yang paling mudah dilakukan adalah efisiensi biaya. Agar perusahaan mampu menjaga efisensi biaya namun tetap dapat menyediakan berbagai inovasi ke pasar serta meningkatkan layanannya, maka perusahaan membutuhkan solusi yang memungkinkan mereka untuk menerapkan berbagai teknologi yang penting bagi perusahaan melalui software. Solusi ini merubah model pembelanjaan anggaran dari CapEx (biaya investasi) menjadi OpEx (biaya operasional), karena itu, di masa depan, IT akan dianggap sebagai utilitas. Keuntungan bagi perusahaan adalah mereka mendapatkan fleksibilitas untuk bisa mengembangkan layanan IT mereka, hanya dengan menambahkan software yang dibutuhkan ke dalam server tanpa perlu menanamkan investasi berupa hardware; bayangkan penghematan anggaran yang bisa dilakukan oleh perusahaan! Pada akhirnya layanan-layanan on-demand yang didapat model lisensi software akan banyak digunakan oleh perusahaan, karena mereka dapat menyediakan berbagai layanan dengan cepat tanpa harus mengeluarkan biaya investasi yang besar di awal. Dengan model lisensi, para eksekutif perusahaan akan mampu meningkatkan (atau menurunkan) skala layanan mereka kapanpun dibutuhkan dengan mudah dan biaya yang efektif. Tren lainnya, yang juga mendorong perkembangan teknologi enterprise, adalah tingkat adopsi smartphone, tablet, dan PC portabel yang bertumbuh dengan pesat, serta kemunculan teknologi-teknologi ‘baru’ sepeti teknologi sosial dan Internet of Things. Khususnya untuk smartphone, saat ini banyak smartphone murah yang harganya sekitar 500 ribu rupiah, dan harga ini akan mampu menjangkau lebih banyak konsumen di Indonesia. Memang tidak dapat dihindari lagi, perusahaan perlu mempertimbangkan berbagai cara yang lebih cerdas untuk mengakomodir dan melayani pelanggan dan karyawan mereka kapanpun dan di manapun secara online. Salah satu kebutuhan yang semakin meningkat di kalangan karyawan adalah BYOD, karena itu perusahaan harus siap mengamankan akses kedalam layanan perusahaan yang dilakukan dari berbagai macam perangkat, milik perusahaan maupun pribadi. Tren ini tentu saja tidak lepas dari ancaman keamanan, dimana serangan cyber menjadi semakin canggih dan masif, karena itu keamanan perlu menjadi prioritas bagi sebuah perusahaan. Pada akhirnya baik itu untuk keamanan, mobilitas, kinerja ataupun memastikan ketersediaan aplikasi untuk diakses, perusahaan harus mampu menyelaraskan infrastruktur IT mereka dengan permintaan atau kebutuhan pengguna (pelanggan dan karyawan) yang berubah dari waktu-ke-waktu. Perubahan yang dapat terlihat saat ini adalah kebutuhan Generasi Y dan Generasi Z, di mana lingkungan sosial menjadi hal yang penting bagi mereka. Kedua generasi ini mengaburkan batasan antara aplikasi yang digunakan untuk pribadi dengan aplikasi yang digunakan untuk operasional kantor; seperti contoh mereka menggunakan perangkat pribadi untuk mengakses email perusahaan atau menyimpan data-data perusahaan di cloud publik karena alasan kemudahan akses, dan di perangkat yang sama mereka juga melakukan banyak aktifitas pribadi seperti menjelajahi internet, chatting, hingga beraktifitas di sosial media. Berbagai ancaman bisa saja muncul karena ‘perilaku’ ini; seperti serangan malware hingga kebocoran data, karena itu mau tidak mau para eksekutif perusahaan juga perlu mengatur elemen-elemen sosial di perusahaan mereka. Mereka (para eksekutif perusahaan) perlu mulai berpikir tentang bagaimana menerapkan kebijakan dan infrastruktur yang mampu mengakomodir kebutuhan karyawan-karyawan generasi baru, agar menjadi tetap kompetitif di pasar. Terlepas dari perangkat yang digunakan karyawan mengakses data-data perusahaan melalui sebuah aplikasi, mereka berharap bisa mengakses apliaksi dan data perusahaan dengan kinerja yang sama atau bahkan lebih baik dari yang mereka dapatkan ketika menggunakan dekstop PC. Untuk memenuhi kebutuhan tersebut, perusahaan perlu memiliki infrastruktur backend yang mampu membantu mereka untuk mengirimkan berbagai konten yang terdapat banyak gambar, mampu mengatur prioritas dari trafik untuk mengatasi latensi jaringan mobile, dan menawarkan visibilitas ke dalam kinerja sebuah aplikasi. Seperti yang sudah disebutkan, ancaman keamanan di dunia saat ini telah berkembang menjadi semakin rumit, canggih dan masif, dari berbagai sumber di berbagai perangkat, yang membuat sistem keamanan tradisional tidak lagi mampu menghadapi gempuran dari penjahat cyber. Akibatnya, sistem keamanan tradisional akan semakin tergerus dengan sistem keamanan IT yang multi-fungsi. Konvergensi ini juga akan terjadi di dalam konteks kinerja sistem IT perusahaan, karena bisnis akan menuntut perusahaan untuk dapat menyediakan pengalaman pelanggan yang memuaskan di berbagai perangkat. Salah solusi yang dapat memberikan perusahaan adalah solusi Application Delivery Controller (ADC), seperti yang ditawarkan oleh F5 Networks. Solusi ADC memungkinkan perusahaan untuk meningkatkan tingkat ketersediaan akses ke aplikasi di dalam sebuah jaringan. Selain meningkatkan ketersediaan, solusi ADC juga mampu meningkatkan kinerja aplikasi dan jaringan perusahaan dengan sumber daya yang lebih sedikit dan efektif. Tidak luput, solusi ini juga mampu mengamankan trafik yang ingin mengakses aplikasi dan data sekaligus mengamankan aplikasi tersebut.Protecting against mobile and web security threats
Estimates indicate that 37.3 million Internet users worldwide experienced phishing attacks from May 1, 2012 to April 30, 2013 and 1 million U.S. computers were infected with banking malware in 2013. Security threats to organisations Organisations with public-facing web services — particularly banks and financial institutions, e-commerce companies, and social media sites — are increasingly vulnerable to malware and phishing attacks designed to steal identity, data, and money. Organisations are also facing an escalated vulnerability to web-based malware, which has arisen with the increased use of the corporate network to access web- and cloud-based tools, SaaS applications and social media sites. Both have been the cause of innumerable security breaches in recent history with organisations of all sizes. The recent Heartbleed attack exposed all businesses that were running vulnerable versionsof the OpenSSL protocol. A closer look at the reported attacks on organisations such as Apple Daily and Paypal explains the consequences and sophistication of these attacks. A distributed denial-of-service (DDoS) attack launched on the Apple Daily site saw 40 million enquiries being sent to the site every second, blocking the site’s daily readers for hours. In the case of Paypal, a sophisticated phishing attack was launched after hackers saw redirection vulnerability in the wake of the Heartbleed bug. Even though Paypal had switched to a new SSL certificate, it had not revoked the compromised pre-Heartbleed one. Other high profile attacks, such as the Adobe data breach, attack by The Messiah in Singapore, the recent multi-layer distributed DDoS attacks, SQL injection vulnerabilities, and JSON payload violations in AJAX widgets, pose increasing risks to interactive web applications, data, and the business. Organisations will find themselves, the consumers and employees at risk if they don’t adequately protect their networks, applications, and data. Therefore, these days, a key business challenge is to ensure: firstly, data protection and safety of customers while maintaining an unchanged user experience across web-based and mobile platforms, and secondly, the protection against websites laden with malware that threaten to infect the organisation’s network. Multiple consequences may arise if the necessary precautions are not taken. Asset loss Many organisations have lost assets amounting to millions of dollars per year. Some banks, which tried to push these costs onto customers, not only suffered financial losses but also public backlash. Repeated breaches have also led to retail brands losing customer confidence in online banking and e-commerce. Overworked anti-fraud teams The sheer volume of data and security breaches have also led to in-house anti-fraud teams to become increasingly overwhelmed trying to find a root cause. Most have adopted or are considering the adoption of a multi-layered strategy of deploying multiple technologies in order to plug the gaps. Infection from web-based threats Should malware get an opportunity to sneak in and infect systems the network, sensitive data and company trade secrets may be at risk. How can F5 help? F5’s Web Fraud Protection and Secure Web Gateway (SWG) solutions provide both the breadth and depth of coverage organisations need to gain a full defense against malware, phishing attacks, and asset loss due to fraud. Edwin Seo, Regional Security Architect, APJ, at F5 Networks says, “Sophisticated attacks like these increasingly cause serious disruptions for organisations. F5 is one of the few security companies worldwide that can offer a broad range of security solutions. This range of solutions provide holistic protection for today’s organisations ranging from security against fraud, web-based malware, DDoS attacks and other threats via web applications.” F5’s Web Fraud Protection reference architecture comprises F5 MobileSafe™ and F5 WebSafe™. While MobileSafe provides fraud protection for mobile devices and applications, WebSafe enables enterprises to protect their customers from online-based threats such as credentials theft, automated fraudulent transactions, and phishing attacks. This solution is distinct from competitors’ offerings because it is a clientless solution that can transparently inspect the endpoint, detect malware activity, and provide protection from it. It also features year round support provided by F5’s Security Operations Center (SOC). The SOC monitors attacks in real time, notifies customers of threats, and if necessary, can shut down phishing sites. F5’s SWG helps organisations in the region defend themselves against potential malware encountered by their employees as they access websites, web-based applications, SaaS applications and social media platforms. F5 Secure Web Gateway Services ensures employees access the Internet in ways that enhance their productivity and, at the same time, protects the enterprise from potential liability and web-based threats.The New State Of Enterprise Mobility
US$181 billion. That’s what the BYOD (bring your own device) and enterprise mobility market is forecast to be worth by 2017, according to a recent report. It’s no surprise, with mobility increasingly becoming a centerpiece of IT strategy, as employees continue to clamor for the ability to work on the go and enterprises are starting to truly recognize the immense business benefits of a mobile workforce. Meanwhile, BYOD is becoming the norm in Asia Pacific, as evidenced by a recent IDC study finding that close to 60% of surveyed organizations across region had mobility policies catering to BYOD. However, as adoption of BYOD and enterprise mobility grows, so too does the associated IT management challenge, complicated with increasing users demands. Today’s employees require seamless access to a wide range of corporate resources and applications to get their work done on an increasing variety of devices. They expect LAN-like performance, even over mobile data networks, and high levels of availability. More importantly, they want their personal data and activity on these devices kept out of sight of the company. Amidst all that, IT departments just need to add 1 more responsibility to their shoulders – ensure security is not undermined from the data center to each endpoint. So how do you ensure your organization is equipped for the next generation mobile workforce? Maintaining Control, Simply The first key to meeting the new management challenge is to ensure the organization maintains firm control – over data, over access, over processes and over actions by users themselves. A simple, all-encompassing central point of control is required to provide organizations with the ability to consistently apply policies governing access, even in the face of new inventions, and provide a single location at which those policies and processes can be enforced and enabled. Keeping The Machine Well-Oiled From the data center to the mobile network to the device, all potential issues that could impact App performance and availability must be minimized and mitigated. For example, multiple authentication servers configured to process requests should be paired with intelligent traffic management solutions, so that if one authentication server goes down, the others can handle any incoming authentication requests and new sessions can be established as usual. Additionally, remote access solutions must able to optimize and accelerate traffic to accommodate the high latency of some mobile networks. Securing All Bases With enterprise mobility on the rise, mobile devices are increasingly being targeted by cyber criminals to carry out corporate attacks and steal corporate data. Malware that siphons data, intercepts transmissions, logs keystrokes and more is posing a real threat, and enterprises need to be on active defense. IT teams need solutions that can conduct a broad range of endpoint checks, including whether the device has been jail broken or rooted or contains any malware, as well as ensuring the necessary encryption and secure protocols are in place for data transmission. F5’s APM can even use data such as device ID, touch patterns and timing information to determine whether a transaction is genuine or if it’s being performed by malware, and then block as necessary. No Compromises The bottom line is, the future of enterprise mobility means no compromises. Employees will come to expect the same high level of access, availability, performance and security on the go as at their desks. Organizations that successfully tackle this will see that enterprise mobility not only has the power to transform IT, but business itself and the way we work.
Wireless network considerations for the enterprise
The announcement of Telstra’s plans to rollout a new WiFi network to provide 8000 new WiFi hotspots around Australia is no doubt welcome news to individuals and businesses alike. New modems will be provided to two million homes and businesses to serve as one interconnected public WiFi network, literally laying the foundations for a more connected nation and advanced economy. According to the latest research by Telsyte, the rollout of Wi-Fi networks are competing with dedicated mobile broadband devices. In addition, more than 80 per cent of businesses with more than 20 employees operate Wi-Fi networks giving people’s devices access to the Internet at work. For today’s mobile workforce, ensuring wireless network security can be a serious challenge for businesses. Administrators face an ever-growing need to protect critical company resources from increasingly sophisticated cyber attacks. When employees access private corporate data over a wireless network, the data may be compromised by unauthorised viewers if the user is not shielding the connection from outsiders, for example, via password-protected access. As such,businessesneed to consider the following options to ensure their data remains secure whilst offering wireless network access. 1. Use a VPN Enforcing users to connect to the WiFi network using a VPN will ensure any data that passes through the network is encrypted, thus securing your data from external threats. With iOS 7, Apple introduced a great way to accomplish this with theirPer app VPN. Per app VPN allows iOS to control which applications have access to the VPN tunnel. This gives organisations the ability to designate which applications are corporate apps and treat everything else as personal. 2. Encryption is key Encryption is the process of transforming information using an algorithm (referred to as a cipher) to make it unreadable to anyone except those processing special knowledge (usually referred to as a key). Encryption is especially important for wireless communications due to the fact that wireless networks are easier to "tap" than their hard-wired counterparts. Encryption is essential to implement whencarrying out any kind of sensitive transaction, such as financial transactions or confidential communications. Network devices implement the processing of encryption to the network layer eliminating the overhead required on individual servers. 3. Turn on two-factor authentication Two-factor authentication (TFA) has been around for many years and the concept far pre-dates computers. The application of a keyed padlock and a combination lock to secure a single point would technically qualify as two-factor authentication: “something you have,” a key, and “something you know,” a combination.It essentially involves setting up a two-step process in order to verify the identity of someone trying to gain access to a network.Evaluating Your Tech Needs
In our increasingly digitised world, consumption habits are changing – both at a consumer and enterprise level – which in turn will significantly impact the way the C-Suite assesses their company’s technology needs. Consumers and employees are demanding access to information from any device, anywhere, at any time. This places additional pressure on existing technology infrastructure to essentially deliver more with shrinking IT budgets, without compromising security or performance. What’s more, as businesses continue to recover in the aftermath of the Global Financial Crisis, many are still dealing with cutbacks in IT investment and a shift in purchasing decision makers from the IT manager to business division heads, and the C-suite. With the increasing ability to implement critical technology services via software, businesses will demand the flexibility to grow based on their requirements, simply by adding additional software resources on their servers. This shift from Capital Expenditure (CapEx) to Operational Expenditure (OpEx) will mean that IT is viewed more as a utility in the coming years, opening up huge cost saving opportunities for businesses. Ultimately, services available on-demand through flexible licensing models will become a well-trodden path – given the reported benefits are to address increasing demand on delivering services. By having access to flexible billing options, executives will be able to scale the services up (or down) as needed, without a major upfront investment. Another trend that set to cause a series of technology shifts for businesses is the proliferation of new device adoption such as mobile phones, tablets, and ultra-mobile PCs, along with social technologies and The Internet of Things. In fact, with the cost of smartphones predicted by Gartner to come down to below the US$50 mark, it will open up mobile technology to more people than ever before. Inevitably, businesses need to consider more intelligent ways to serve customers online and on-the-go. As consumer mobile devices become ‘corporatised’, end-users will expect secure access to services from any device, and with web applications under increasing attack, security will also need to be top of mind. Ultimately, whether it’s for security, mobility, performance or ensuring availability, IT infrastructure will need to align with new innovations and changing user demands. The velocity of non-traditional enterprise applications being used in business will open up risks and require organisations to consider the security implications. Gen Y and Z employees will continue to demand a socialised environment; blurring the lines between personal-social and business-social applications. From malware to data leakage, organisations will find themselves at risk if they don’t adequately manage the social element of their organisations. C-level executives will need to start thinking about introducing policies and ensuring their IT infrastructure is prepared to cater to this new breed of employees, in order to stay competitive. Regardless of how they access corporate information through applications, these users have come to expect equivalent or better performance on a mobile or tablet than that achieved on a typical desktop computer. What businesses need is a backend infrastructure that can help deliver image-heavy content, prioritise traffic to overcome mobile network latency, and offer visibility into application performance. Furthermore, as cyber crime becomes more complex, with attacks from multiple angles on different devices, single-purpose security machines will be phased out in favour of sophisticated multi-purpose machines. This convergence will also happen in the context of performance, as businesses come to expect fast, reliable user experience on any device.애플리케이션 딜리버리 네트워크는 혁신을 유도해야 한다
오늘날 운영이 잘 되는 조직들은 IT가 엄청난 속도로 진화함에 따라 끊임없는 도전을 겪고 있다.모빌리티, 클라우드 컴퓨팅, 가상화, 소프트웨어 정의 네트워킹(SDN) 등은 모두 중요한 애플리케이션 문제들의 해결에 기여하지만, 동시에 새로운 도전과제들을 불러오기 때문에 양날의 검과 같다.이처럼 계속해서 진화하는 환경에서 조직들은 하나의 상수를 필요로 하는데, 그것은 바로 지속적으로 혁신을 지원하고 발전시킬 수 있는 애플리케이션 딜리버리 패브릭이다. 혁신적인 애플리케이션을 성공적으로 전송하기 위해, IT는 반드시 아래 사항들을 수행할 수 있어야 한다. § 사용자들이 어디서, 언제나 그리고 어떤 기기에서든 사용할 수 있도록 애플리케이션 성능을 최적화; § 수요에 따른 유연성 및 확장성 확보; § 신속한 구축과 배치 지원 § 이 모든 것들을 안전하게 수행. 기존 인프라는 그 경직성으로 인해 이런 점들을 성취하는 데 장애물이 되는 것으로 입증되었으며.프로그램이 가능하고 확장성이 있는 애플리케이션 딜리버리 패브릭과 애플리케이션 서비스가 그 간극을 메울 수 있다.네트워크에 애플리케이션 서비스를 추가하면 사용자 경험과 보안을 향상시켜주는 풍부한 기능들을 이용하는 길을 열어준다. 그러므로, 이런 애플리케이션 패브릭에서는 하나의 애플리케이션이 성능 및 보안과 같은 여러 애플리케이션 서비스들에서 사용될 수 있다.동일한 패브릭 내의 또 다른 애플리케이션을 모빌리티나 가용성과 같은 또 다른 종류의 애플리케이션들에서 사용할 수도 있다. 그러나, 애플리케이션 환경이 더욱 복잡해지고 여러 종류로 이루어짐에 따라 애플리케이션에 대한 이해가 필수적이 된다.빈도가 잦게 일어나는 주식매매 애플리케이션을 위한 요건들은 Microsoft Exchange와는 매우 다르다.이러한 애플리케이션은 각각 다른 애플리케이션 서비스 정책을 필요로 한다.이런 정책들을 수립하고 테스트 하는 것은 매우 어렵고 노력이 많이 필요한 과정이 될 수 있다.각 애플리케이션마다 재사용이 가능하며 사전에 정의된 양식(템플릿)이 있다면, 관리에 드는 간접비용을 크게 감소시켜주며, 구축 시간을 단축시켜주고, 신뢰성을 높여준다. 계속되는 비즈니스 변화에 발맞추기 위해서는 애플리케이션을 신속하게 개발해, 프로토타입으로 만들고, 테스트해서 구축해야 한다.이를 위해서는 ‘혁신을 위한 준비가 된’ 인프라를 필요로 한다. 네트워크 인프라 내의 컨트롤 플레인과 데이터 플레인 모두를 쉽게 프로그램 할 수 있는 역량을 갖게 되면 IT 부서가 소프트웨어 정의 애플리케이션 서비스를 제공하는 것을 더 쉽게 만든다. 이를 위해서, IT 부서는 아래사항들을 실행해야 한다: § 확장가능하고 상호 연결된 디바이스들의 패브릭 생성 § 이 패브릭을 애플리케이션 및 클라이언트 네트워크에 연결 § 템플릿(양식)이 애플리케이션을 잘 이해하는 서비스를 제공하는 정책을 정의할 수 있도록 해야 하며, 해당 템플릿이 반복 가능해야 한다. § 해당 패브릭의 관리 및 컨트롤을 조정 및 통합 툴들에 개방해야 한다. 그 결과로 얻는 패브릭은 알맞은 애플리케이션 서비스를 알맞은 애플리케이션에 네트워크의 알맞은 지점에서 제공할 수 있는 역량을 갖추게 된다. 모든 네트워크 상의 모든 애플리케이션을 위하여. 이 패브릭은 그 중심에 애플리케이션 보안, 성능 및 가용성을 갖춘 서비스를 제공할 수 있는 플랫폼을 가지고 있어야만 한다.예를 들어, F5의 BIG-IP 플랫폼은 애플리케이션을 최적화하고 사용자에게 안전하게 제공하도록 고안된 광범위한 기능들을 제공한다. 이것은 궁극적으로 IT 부서가 애플리케이션을 더 빨리 개발하고, 최적화하며, 배치할 뿐 아니라, 비즈니스에 더 잘 맞도록 조정할 수 있게 만들어준다. 패브릭의 표준 애플리케이션 서비스를 이용함으로써 코딩작업과 비용을 절약할 수 있다. 효율적인 애플리케이션 딜리버리 패브릭은 서비스가 자원의 풀로부터 제공되기 때문에 용량을 최적화해서, 활용도를 높여 경비를 줄여준다. 변하지 않는 것은 오직 끊임 없이 변하고 있다는 사실뿐이라는 비즈니스 환경에서 확장과 프로그램이 가능하며 애플리케이션을 잘 이해하는 패브릭은 조직들이 신속하게 혁신할 수 있도록 해준다. Original blog postby Mohan.
Wie sieht die Zukunft der Cloud aus?
Auf channelpartner.de wurde vor kurzem eine Studie von TechConsult vorgestellt. Deren Ergebnis der Studie verblüffte selbst die Marktanalysten. Anscheinend haben die jüngsten Ereignisse die Nachfrage nach Cloud-Lösungen im Mittelstand nicht ausgebremst, sondern die Anforderungen an Sicherheit und Transparenz erhöht. TechConsult hatte im dritten Quartal 2013 unter mittelständische Unternehmen in Deutschland eine Umfrage gestartet und nach ihren Top-IT-Themen befragt. Man rechnete eher mit einer rückläufigen Nutzung und Planung von Cloud-Services. Doch die Antwort der Entscheider im deutschen Mittelstand fiel anders aus: Die Cloud ist bei mehr als 60 Prozent der Befragten unverändert das Top-Thema, noch vor Mobility und Bring Your Own Device (BYOD). Allerdings wurde deutlich, dass Sicherheitsfragen einen noch höheren Stellenwert erhalten haben. Viele Unternehmen entscheiden sich wesentlich häufiger für speziell zugeschnittene Private-Cloud-Angebote oder Hybrid-Cloud-Lösungen, einem Mix aus Private-Cloud-Angeboten und standardisierten Public-Cloud-Diensten. Techconsult Analyst Max Schulze Bilanz erwartet, dass die Forderung der Anwender nach höheren Sicherheitsstandards den Cloud-Markt langfristig transparenter werden lässt und den Fortbestand der Cloud-Technologie sichert. Ob Private oder Hybrid: Welche Lösung sich nun bei Ihnen im Unternehmen durchsetzen wird, Sie sollten auch die Netzwerkinfrastruktur und moderne Sicherheitsarchitekturen im Blick behalten. Wir empfehlen daher eine sichere Web Application Firewall und eine umfassende, Policy-basierte Herangehensweise bezüglich der Sicherheit von Web-Applikationen, wodurch Sicherheitsbedrohungen auf Application-Level adressierbar werden; eine Lösung für mehr Sichtbarkeit und Intelligenz von Layer 4 bis Layer 7, eine umfassende, leistungsfähige Plattform für systematische und integrierte Application Delivery Services Falls Sie noch weitere Fragen zu Cloud Services und den konkreten Vorteilen für Ihr Unternehmen haben, stehen Ihnen unsere Experten sehr gerne zur Verfügung.
Life outside the perimeter – mobility and cloud impact on enterprise security
As far as enterprises are concerned, perimeters are disappearing. The rise of a more mobile workforce, working wherever and whenever is convenient, and cloud computing means that what a business considers vital - data, applications, people - is no longer contained within its four walls. As we’ve pointed out so many times before this has huge benefits: workers are more productive and happier, IT can reduce costs associated with device hardware and the cloud offers a cheaper and more agile and flexible infrastructure. Sounds good, doesn’t it? But having so much critical infrastructure and information operating and residing outside a traditional business perimeter can make some organisations fearful about losing control of what’s important to them and raise questions over responsibility should something go wrong. Security is a big issue for some... if something is with a third party provider and hosted outside your own data center, how does one know how well it is being protected? How does a business know who is accessing its data? How does a business keep track of what data was accessed by its workers as well as where and from which device? In fact, we at F5 see the rise of mobility and cloud computing as an excellent opportunity to regain control of enterprise security. The technologies available can help organisations to understand the who, what, where and when of connections to its network, as well as ensure that any internal policies relating to security are enforced externally as well (meaning outside the perimeter). The focus for security has shifted from protecting devices to protecting data, wherever it is. This means controlling who - and where from and with what devices - can access certain data and applications; it also means any policies that govern users or certain applications/data will still apply. Remote workers will be able to access any corporate application they are allowed to regardless of their location or device. The emergence of cloud computing and a more mobile enterprise does not have to mean a disconnect in security access and policies. Consolidation of security policies and access control at the application delivery tier means a uniform approach to security. It also means an increase in the layers of security: device, location, application. So what I’m really saying here is that cloud and mobility have simply extended the traditional enterprise perimeter. Instead of being fixed within an organisation’s data centre it is a flexible, evolving and moving perimeter, going wherever a business needs it to go. And the good thing about that is that the technology is there to ensure security moves with it, so your critical data, applications and services are just as secure as you need them to be.
Workload Mobility: Is Your Cloning Strategy Shallow or Deep?
#SDN #cloud How low (into the workload stack) can you go? One of the more interesting sentiments expressed by attendees at a roundtable session at Gartner Data Center earlier this month was the notion that to them, " SDN is packaging app as code, server, and network and deploying where I need it". This is intimately tied to the idea of workload mobility, at least for enterprise customers, because they recognize the relationship between the application and its network infrastructure services as being critical to the success of migration from one environment to another. Now, I'm not saying I agree with this definition of SDN, but the notion that we need to be able to package applications holistically is not a new one nor is it something that should be ignored. What these participants were pointing to was the need for a "deep" copy of an application as a means to enable workload mobility. They don't want just the app; they need the whole kit and caboodle to be packaged up neatly and moved elsewhere, presumably the cloud. They want the cloning or packaging process to encompass everything, from top to bottom and bottom to top - not just the shallow upper reaches of the stack that starts and ends with the application. There are two core reasons this isn't possible today. First, not all infrastructure vendors have a packaging strategy themselves. Application-related rules and policies are not often able to be managed as a group of related configuration items. Take an application delivery controller, for example, cause well, they provide the critical load balancing services required to scale applications today in every environment. There are two approaches to packaging ADC services: Multi-tenant capable systems group application-related configuration objects and attributes together and enable export/import of that packaging. The suggested deployment is one ADC (usually a virtual instance) per application so that the configuration of the ADC is assumed to be the application's configuration. Packaging becomes a configuration management exercise. The latter is more common in the ADC market as most delivery platforms have not effectively made the jump from single to true multi-tenant support yet, which means configuration objects are independent of one another and not easily associated in the first place. Second, even when this is possible, there's no holistic method that can provide the packaging of application and related infrastructure services and migrate that to a generic cloud. There's no EAR file, in developer parlance, that is cross-environment. OVF is an attempt at such a beast, but it's lacking completeness in the stack that results in some infrastructure services being overlooked. There are a plethora of infrastructure services with which applications today are "integrated": identity federation, persistent load balancing, secure cookie gateways, firewall rules, and URI rewriting are just a few infrastructure services upon which an application may be dependent. These applications are not deployable without them, and thus cannot be migrated to the cloud - or anywhere else, for that matter - without them. This is the challenge for providers and vendors - to figure out how to enable workload mobility of applications that are dependent on services that may not be compatible or even exist in a cloud computing environment.
