August 2011 Archives

The security challenges of modern data centres

| 4 Comments | No TrackBacks
| More

To reduce complexity, a high proportion of organisations are looking at modernising their data centre infrastructure through consolidation, virtualisation and by leveraging the cloud. In traditional data centres, security controls can be applied to each physical system and systems with different levels of criticality or those that contain the most sensitive data can be physically separated. This is no longer the case for next-generation data centres where virtual resources cannot be compartmentalised in the same way and security controls can no longer be tied to physical resources.
While the chief goals of data centre modernisation projects are to enable the business by being able to accommodate rapidly changing business needs, while reducing operational complexity and cost, risk and compliance obligations must also be prioritised.
The modern data centre requires an integrated set of security controls that are applied consistently across physical and virtual systems, as well as those residing in the cloud, with federated management and reporting across hybrid environments that may include extensions to private and public clouds. The only way that this can be achieved is by building security into the design phase during key inflection points as data centres are built out, virtualised or upgraded and must be applied consistently across all systems in a hybrid environment that spans physical and virtual systems, as well as cloud-based computing. This will enable the busi¬ness by improving its ability to offer dynamic services that are always available, and that are resilient and secure, which will improve the capability to manage risk, apply and enforce consistent security policies, and to achieve compliance objectives.
A recent paper discusses these issues in greater detail and provides details of the key issues and security controls that organisations should be looking at. The paper can be accessed here:Architecting the security of the next-generation data centre.

What did IPv6 Day prove?

| No Comments | No TrackBacks
| More

IPv6 Day came and went without much fanfare. That is because, according to participants, it worked. True, there were a few problems encountered, but no more than expected and that was one of the main points of the exercise anyway. According to Cisco, the event proved that careful and gradual adoption will be easier than believed. And Arbor Networks reported that the test was enough to tell us that we can handle the transition to IPv6.
So what happens next? One of the benefits seen from the day is that it has persuaded hardware and software vendors to add support for IPv6 into their products, which has been one of the biggest sticking points to date. There are still further challenges to be overcome, including details of running dual stack IPv4 with IPv6 and new security challenges that are unique to IPv6. But now is the time for all organisations to at least be planning for their own transition.
IPv6 will allow continued growth of the internet, which has become essential for commerce, communication and social interaction. According to Verisign, internal drivers for adoption are for organisations to be as technologically current and future-proofed as possible, whilst external drivers include the need to keep up with the increasing number of devices requiring IP addresses, ranging from mobile and streaming technologies, to smart meters, cars, TVs, game consoles and medical devices, plus a surge in new users from emerging markets who all need IT addresses.
Another push for IPv6 take up is that governments worldwide are increasingly looking to promote take up of IPv6. In Europe, national governments are undertaking their own initiatives, as well as efforts being made at an EU level. The US government is going even further as it believes that IPv6 technologies will allow it to pursue policy goals in areas such as healthcare, education and energy. In September 2010, the federal government mandated that all agencies must upgrade external-facing systems to IPv6 by end-2012 and internal applications that communicate with the internet by 2014.
The transition to IPv6 will not happen overnight, but there is finally a great deal happening to spur adoption. There are workarounds that have been in put in place to extend the life of IPv4 and organisations, but these are just that--temporary workarounds, not a long-term solution. According to Alan Way of Spirent: "The organisation that sticks doggedly to its old IPv4 inheritance won't be cut off from the outside world, it will simply suffer increasingly degraded performance as more and more communications move to IPv6. For financial services and such high speed transactions this would be disastrous. For other businesses, it could still erode their competitive edge."

Whitelisting and change control for improving integrity

| 2 Comments | No TrackBacks
| More

Taking back control in today's complex threat landscapeToday's security threats are complex and sophisticated and are getting ever harder to defend against. Attackers use multiple methods and vectors to try to bury deep into networks and are increasingly looking for longer term gain, rather than just a one-off theft. Traditional security controls that focus on previously seen attacks are no match for these complex, blended exploits.
Organisations deploy multiple security controls to defend their networks and these still have their place. However, there are newer technologies that have emerged recently that can improve their chances of defending against the insidious threats seen today--those of application control and change control.
Application control uses whitelisting to ensure that only authorised applications can be allowed to run and to prevent those with a malicious payload from executing. This is because if an application is not on the whitelist it can be automatically blocked. Change control technologies prevent vulnerabilities from being introduced into networks that can be exploited by controlling the configuration creep that occurs when changes are introduced into the network, whether intentional through patching or upgrades, or where misconfigurations have been introduced by mistake. Such controls can do much to ensure that the integrity of the network is kept as intact as possible.
Bloor Research has recently published a report that looks at the role played by these technologies in greater detail. The report can be accessed here upon registration: There will also be a webinar on this subject tomorrow, 10th August 2011, at 10am BST. The registration page for this event is here:

About this Archive

This page is an archive of entries from September 2011 listed from newest to oldest.

August 2011 is the previous archive.

October 2011 is the next archive.

Find recent content on the main index or look in the archives to find all content.

-- Advertisement --