BYOD, Policy Compliance Top Remote Access Concerns at Interop New York 2013

Another Interop New York conference has come and gone, and as usual, there were plenty of thought-provoking discussions. Unsurprisingly, security was a hot topic at this year’s event, with BYOD and policy compliance receiving a lot of attention. For example, Dark Reading’s Tim Wilson believes that as enterprises are looking at technology providers to help their organizations manage BYOD, it is important to have plans and policies in place that look at the big picture of network security. Many Interop vendors and experts agree that enterprises are relying on third-party service providers more than ever before. Businesses are acknowledging the growing prominence of trends including BYOD and the cloud, and are trying to be more flexible in terms of what applications, operating systems and devices they are supporting. The problem is, many organizations simply don’t have the resources or technology to efficiently manage secure remote access to their corporate networks with in-house support only. Especially in small- and medium-sized businesses, where there is often a lack of IT security employees, let alone a department, providing employees with the wide range of remote access options they want is extremely difficult. The lack of resources does not only hinder an organization’s telecommuting flexibility. It can also impact—and be responsible for—inadequate employee education. Unfortunately, unless an enterprise has a rock solid BYOD plan in place, undereducated employees may unknowingly fall out of compliance and leave holes in a network’s security. Cyber criminals are constantly getting more adept in finding security flaws to access corporate networks, allowing them to alter, steal or destroy sensitive information. From that perspective, it’s simple to see why...

5 Ways to Keep Your Data Secure While Traveling to Interop NY

By Patrick Oliver Graf, General Manager, Americas of NCP engineering When people travel, securing their data is often the last thing on their minds. However, the fact is that mobile devices, and the data contained within them, are extremely vulnerable to security breaches. By connecting to Wi-Fi hotspots in-between flights at airports and working on potentially unsecure wireless connections in places such as coffee shops, travelers leave themselves and their sensitive data open to attacks. Fortunately, there are several effective methods that Interop attendees can use to keep their devices and data secure as they travel to the Big Apple. 1.       Employ Strong Passwords A 2012 study by Joseph Bonneau of Cambridge University showed that password-cracking software is so efficient that using a cracking dictionary based on the 1,000 most common passwords would crack 8 percent of users’ passwords. Because modern hackers use cracking dictionaries that are based on a specific language and common password combinations, having a long password by itself isn’t enough. To ensure that your password isn’t compromised, choose one that is at least eight characters long, with upper- and lower-case letters, numeric and special characters. Choose uncommon words that are unlikely to be included in cracking dictionaries. 2.       Avoid Unencrypted Connections Yes, connecting to that free coffee shop Wi-Fi is tempting. It costs nothing, it’s in a comfortable location, and as you look around, you see that other conference-goers are connected to it and working away. However, it’s important to remember that public connections often require no authentication or password to log into, meaning that they’re completely open for anyone to access them, including hackers....

NCP Empowers Enterprise Mobility for Truesense Imaging

In a recent blog post, we discussed workforce trends identified by Forrester Research, which center on mobility as a tool being used with increasing frequency to bolster employee productivity. It seems that everywhere we look today, remote workers are becoming more prominent in the workforce, while traditional 9-to-5, face-to-face working environments are becoming few and far between. And considering the substantial research that shows workers can be more productive when working outside the office, more and more enterprise-level businesses will have to take a hard look at technologies that allow off-site workers to securely access company data and IT assets. One company that has embraced enterprise mobility is Truesense Imaging, a developer, manufacturer and marketer of the world’s highest performance image sensor devices. Today, NCP announced its virtual private network (VPN) technology is enabling Truesense employees to securely connect to the corporate network and work from home or on the road, improving both workforce mobility and productivity. When Truesense’s increasingly-mobile technical and sales teams demanded secure, remote access to their corporate network in order to work seamlessly while off-site, the company recognized how important this was, not only for productivity, but also workforce morale and future recruiting efforts.  In order to attract top-level talent, organizations need to show that they are willing to invest in technologies that help employees do their jobs to the best of their ability. For these reasons, Truesense chose NCP’s enterprise IPsec VPN clients and fully automated VPN management system, which provide a secure tunnel from any Internet access point into the corporate network using their company-owned Windows XP, Windows 7 or Mac OS X...

BYOD Dominates Interop New York

Among many key takeaways from last week’s Interop NY conference, the top-of-mind concern for CIOs, security professionals and other IT stakeholders remains mitigating the security risks associated with BYOD. While organizations that attended the conference recognize that supporting mobile devices in the workplace is inevitable, many admit to lacking the proper infrastructure to secure their mobile users. In fact, a recent industry survey reveals that only 16% of IT shops currently have a BYOD policy in place, increasing organizations’ risk to exposure as a result. Is the concern revealed at Interop justified? Yes, but it’s certainly manageable. In fact, Rainer Enders, CTO, Americas for NCP engineering,has advocated for remote access solutions that allow businesses to manage the devices their employees are bringing in. Earlier this year, Rainer spoke with Ericka Chickowski, of Dark Reading, on this very topic. Here’s an excerpt from her piece: According to Enders, too few organizations factor risk into their cost considerations, making it one of the most costly hidden costs if proper precautions aren’t taken. “In my mind, the biggest hidden cost lies in the worst case scenario–when bigger issues arise like a lawsuit or a major security breach,” he says. “It really comes down to the standard security question about what are the assets. What do I need to protect from a company point of view. My legal situation–how is my IP sufficiently protected. I think that is where the main costs are: This is something that is often overlooked. Companies don’t really do a good job at assessing this kind of risk.” As such, Enders suggests that organizations start implementing risk assessment formulas into their...

Less is More: Why SSL VPN is NOT What You Think It Is – #Interop

*Editor’s Note: This post is syndicated from the Interop Blog.You can see the original post by clicking here.  By Rainer Enders, CTO at NCP engineering At Interop 2012, I’ll be hosting a session, “Less is More: Why SSL VPN is NOT What You Think It Is” that explores the inherent flaws of SSL VPN. The reality is, SSL has been buoyed by a staggering number of myths and security assurances promised by vendors and assumed as safe by VPN users. But in fact, high profile security breaches have occurred as a result of using key security building blocks of SSL VPN technology. These have included various Certificate Authority (CA) breaches, such as those at ComodoDigiNotar, GlobalSign, Gemnet and KPN. So, why is this happening? Do users implement the technology incorrectly, or is it simply not as good as all the hype makes it out to be? Is there something else or different we should be doing? What are solutions to the underlying problems? These are the very questions I’ll answer in this session, drawing upon my 20 years of experience in the networking and security industry. As CTO, Americas for NCP engineering – I’m confronted with examples of SSL misunderstanding and misuse on a daily basis. With this session, I’ll expose SSL VPN security myths and dispel dangerous hype, which is leading to over-reliance on the protocol. I’ll also leverage real-life examples and provide practical ways you can strengthen your remote access connectivity. Clearly, confusion exists about the security capabilities of SSL. Ultimately, this misinformation undermines the technology and lessens its appeal in scenarios where SSL is an ideal solution. This session will...