Mobile Endpoint Security Limitations a Hot Topic at Interop Las Vegas 2013

*Editor’s note: This blog originally appeared as a guest post on the Interop Blog By: Rainer Enders, CTO, Americas at NCP engineering. The Android mobile platform and its oft-publicized security limitations, along with those of other mobile operating systems (OSs), are guaranteed to be a hot topic at this year’s Interop event. After all, they have even caught the attention of the American Civil Liberties Union (ACLU), which filed a complaint against the four major cellular carriers in the U.S. for not doing enough to protect the private information of subscribers using the Android OS. The security concerns associated with Android shouldn’t shock anyone. We’ve known there were problems for a long time now, and other popular platforms like iOS are not immune either. But, thanks to the bring-your-own-device (BYOD) and consumerization of IT trends, the implications of such issues are now much more significant. Enterprise network security architects and managers are limited in their abilities to secure certain remote access connections due to the lack of open APIs for security relevant functions, such as VPN and Device Firewall, in most mobile platforms. This also means that neither carriers nor enterprises can effectively deploy and manage such features built into a mobile OS to meet their specific security needs. So, if they choose to stick with the native security functions, if they exist at all, they are at the mercy of many limitations. The consumerization of mobile devices has led to another serious side effect: significant relevant security functions, required by major industry verticals and government entities around the world, are missing in action. It is clear that BYOD...

Why Two-Factor Authentication Matters

By Patrick Oliver Graf, General Manager, NCP engineering At the end of last year, we spent some time discussing a few projected network security trends for 2013. While there was room for debate on some topics, most people agreed that there was a clear need for more secure authentication methods. In hindsight, it appears that the experts were correct, and the traditional combination of username and password is no longer a strong enough security barrier to ward off hackers with increasingly sophisticated tools. But, this doesn’t mean that there is one answer that solves every problem. Two-factor authentication in particular has received heightened media attention in recent weeks. Many users on Twitter, one of the fastest growing social networking platforms in the world, are clamoring for it in light of recent high-profile hacks. Most notably perhaps, the Associated Press (AP) handle was used to tweet (falsely) that President Obama was injured in a White House explosion. After the ruse was exposed, one glaring question emerged in the minds of security experts: could it have been prevented if Twitter used two-factor authentication? In reality, two-factor authentication – a security process in which the user provides two means of identification – may not have prevented this attack. The Syrian Electronic Army, which claimed responsibility, reportedly obtained login credentials from a phishing email attack that prompted employees to enter their usernames and passwords. If this is true, Dan Kaplan of SC Magazine correctly points out that the perpetrators could have easily added another field for that second means of identification. What we should learn from this is that there is no one magic technology...

NCP Empowers Enterprise Mobility for Truesense Imaging

In a recent blog post, we discussed workforce trends identified by Forrester Research, which center on mobility as a tool being used with increasing frequency to bolster employee productivity. It seems that everywhere we look today, remote workers are becoming more prominent in the workforce, while traditional 9-to-5, face-to-face working environments are becoming few and far between. And considering the substantial research that shows workers can be more productive when working outside the office, more and more enterprise-level businesses will have to take a hard look at technologies that allow off-site workers to securely access company data and IT assets. One company that has embraced enterprise mobility is Truesense Imaging, a developer, manufacturer and marketer of the world’s highest performance image sensor devices. Today, NCP announced its virtual private network (VPN) technology is enabling Truesense employees to securely connect to the corporate network and work from home or on the road, improving both workforce mobility and productivity. When Truesense’s increasingly-mobile technical and sales teams demanded secure, remote access to their corporate network in order to work seamlessly while off-site, the company recognized how important this was, not only for productivity, but also workforce morale and future recruiting efforts.  In order to attract top-level talent, organizations need to show that they are willing to invest in technologies that help employees do their jobs to the best of their ability. For these reasons, Truesense chose NCP’s enterprise IPsec VPN clients and fully automated VPN management system, which provide a secure tunnel from any Internet access point into the corporate network using their company-owned Windows XP, Windows 7 or Mac OS X...

Expert Q&A: Establishing a Secure Data Center and Cloud with Remote Access

*Editor’s Note: This is Part One of an article that originally appeared in The Data Center Journal’s  Industry Perspective Column By: Rainer Enders, VPN Expert and CTO, Americas, at NCP engineering: Industry Perspective: What are some of the main security concerns for data center managers today? Rainer Enders: The evolution of modern data centers, while beneficial for many reasons, is exposing serious security pain points along the way. For one, as data centers grow in size to keep up with enterprise computing needs, it becomes increasingly difficult for IT managers to adequately protect all corporate assets, which include everything from data and documentation to software and supplies. As capacity expands, data center managers are finding it harder to maintain critical IT compliance and security measures, such as managing and de-provisioning privileged user access, and running compliance reports that are growing in both depth and volume. Additionally, with the rising popularity of virtualized and cloud environments, data center managers are tasked with baking security into all compute, network, storage and hypervisor layers. This is a considerably difficult task, in light of the numerous emerging attack vectors that constantly increase in sophistication, such as ever-morphing advanced persistent threats (APTs) that are compromising critical corporate information. IP: What specific security challenges arise as companies outsource to the cloud and rely on remote services with increasing frequency? RE: The most critical security challenges that arise in cloud deployments are compromises to remote access connections—in the form of session-hijacking attacks, for example—and compromises of cloud-hosted resources, such as virtual machines, from within the hosted provider network. Insufficient security architectures and controls in operator networks can cause...

Forrester Research: Mobility and Collaborative Technologies Key in 2013

Last week, Forrester Research hosted an event for tech vendors on 2013 IT spending trends in Australia and New Zealand. One of the key takeaways from this event highlights an emerging trend not just in that region, but all over the world. Business decision-makers are taking an increasingly proactive role in IT-related investments in order to bolster the mobility and collaborative capabilities of their workforces. According to Forrester, the goal is to streamline targeted business processes, improve employee performance and productivity, and enable faster and more fruitful innovation. This not only improves how companies work internally, but also how they deliver products and services to their clients. Furthermore, Forrester said in a recent blog post that the focus must shift from short-term profit realization to building long-term business value. As the global workforce becomes increasingly mobile, companies are searching for ways to become more flexible and productive without compromising security. Whether embracing bring-your-own-device (BYOD) policies or supplying workers with company-owned laptops, smartphones or tablet computers, remote working capabilities are clearly on the minds of business executives everywhere. No longer is this issue and related decisions solely under the purview of IT departments. Technologies like comprehensive VPN solutions with robust personal dynamic firewalls and seamless roaming features are highly sought-after by organizations that recognize the value of having security and convenience rolled into one package. BYOD popularity and mobile device use is only going to grow in 2013 and beyond, and businesses that invest in solutions that promote security, collaboration and innovation are likely to stand head-and-shoulders above the...