SSL: Still Secure When Configured Correctly

The Secure Socket Layer (SSL ) protocol is under attack: in recent months, a succession of vulnerabilities and successful breaches have raised questions about the effectiveness of this ubiquitous security standard. The emergence of DROWN (Decrypting RSA with Obsolete and Weakened Encryption) in early March 2016 may have finally forced IT admins to take action.

The fact that so many attacks are now focused on SSL is more important than you might think.

Cloud Security Pitfalls to Avoid

Cloud computing technology is fast becoming an attractive alternative to maintaining IT systems and applications on premise. In-house management and maintenance of IT is costly and resource-hungry. Small and medium-sized businesses in particular benefit from the way cloud services give them access to greater processing power and IT expertise than they could ever aspire to with the modest budgets and resources of their own. Cloud computing also provides an opportunity for large organizations to enjoy economies of scale for the high data volumes produced by the many and various devices, operating systems and applications they use.

A Look at BYOD in 2016

Happy 2016! It’s a new year, and a time for fresh resolutions to improve your life over the next 12 months, whether that involves running a marathon, getting a new job or taking that trip abroad you’ve been putting off.

But for businesses, those New Year’s resolutions should be expressly focused on stronger security. With data breaches, email hacks and password thefts becoming more and more commonplace – and each cyberattack casting wider nets of victims – this is one resolution that can’t be allowed to fall through.

A Closer Look at Cloud VPNs

Virtual Private Networks as a Service (VPNaaS), Managed Security Service Providers (MSSP) and Cloud Remote Access are different solutions addressing the same market requirement – the ability for remote employees to securely access corporate networks via the Internet with a managed solution.  Many enterprises have realized the benefits of using cloud services in other areas of their IT infrastructure. As a result, they no longer want to absorb the costs and management effort involved in hosting their own VPN gateways, especially ones with large numbers of remote endpoints. Striking a balance between giving remote employees the flexibility they desire while ensuring sensitive company data remains secure is admittedly a fine line to walk. Enterprises have faced that challenge for several years now as they’ve wrestled with the bring-your-own-device (BYOD) movement. Factoring the cloud into the equation only compounds the complexity of the situation. That’s why many companies today are outsourcing the operation of the VPN to a cloud solutions provider such as HOSTING. However, not all VPNs are created equal, and enterprises need to carefully examine what a provider is offering. What to look for Be sure the provider offers simple, yet efficient management of your cloud-based VPN. For example, centrally managed VPNs give administrators the ability to easily set up, add or dele te users as needed. With this approach, all configuration parameters are centrally stored. This approach makes it substantially easier for end users to establish connections while making it nearly impossible for employees to bypass or manipulate them. Will end users need to reestablish a secure network connection each time their connection channel changes? If the...

Expert Q&A: Establishing a Secure Data Center and Cloud with Remote Access

*Editor’s Note: This is Part One of an article that originally appeared in The Data Center Journal’s  Industry Perspective Column By: Rainer Enders, VPN Expert and CTO, Americas, at NCP engineering: Industry Perspective: What are some of the main security concerns for data center managers today? Rainer Enders: The evolution of modern data centers, while beneficial for many reasons, is exposing serious security pain points along the way. For one, as data centers grow in size to keep up with enterprise computing needs, it becomes increasingly difficult for IT managers to adequately protect all corporate assets, which include everything from data and documentation to software and supplies. As capacity expands, data center managers are finding it harder to maintain critical IT compliance and security measures, such as managing and de-provisioning privileged user access, and running compliance reports that are growing in both depth and volume. Additionally, with the rising popularity of virtualized and cloud environments, data center managers are tasked with baking security into all compute, network, storage and hypervisor layers. This is a considerably difficult task, in light of the numerous emerging attack vectors that constantly increase in sophistication, such as ever-morphing advanced persistent threats (APTs) that are compromising critical corporate information. IP: What specific security challenges arise as companies outsource to the cloud and rely on remote services with increasing frequency? RE: The most critical security challenges that arise in cloud deployments are compromises to remote access connections—in the form of session-hijacking attacks, for example—and compromises of cloud-hosted resources, such as virtual machines, from within the hosted provider network. Insufficient security architectures and controls in operator networks can cause...