Posted by: Greg Ness | May 15, 2017

NAC versus Trusted Access Control

After my Goodbye NAC (network access control) blog the Vidder team created a very useful chart comparing key characteristics of NAC with Vidder’s Trusted Access Control.

NAC vs TAC

Posted by: Greg Ness | May 1, 2017

The Cloud will Crush Network Security HW Industry

Because Complexity Doesn’t Scale Very Well…

Last week Amazon announced another stellar quarter, with AWS again being the main headliner for the ecommerce high flyer. Yet I’m convinced AWS growth and profitability has even deeper implications for traditional hardware-bound network security vendors.

Two weeks ago I spoke with a CISO at a forward-thinking IT shop. It was one of the most encouraging and thought-provoking IT discussions I’ve had in a while. He said they were betting on the cloud to “transform” their security posture by enhancing security and scale and reducing costs and complexity.blindfolded senior business man walking through social media data

The Cloud as a Driver of Security Transformation

This is a substantial shift in thinking from just a few years ago when the cloud was seen as being less secure by most CISOs. While I’ve certainly seen the enterprise cloud shift firsthand, most of the drivers were operations-driven.  IT wanted more agility and scale or some cost savings for unpredictable or seasonal workloads. Security concerns were seen by many as obstacles to cloud migration.  That has clearly changed.

The cloud is now seen as transformational versus as a potential security posture tradeoff. This is a big deal than a stellar AWS quarter.

It threatens the future growth and margin potential of today’s powerful security hardware and infrastructure players, those who have benefited from rising cyber threats and growing, increasingly connected networks. Several seemed to have peaked in 2014/2015 when cloud enterprise workloads were mere outliers. It looks uphill from here onwards for all security vendors tied to hardware for critical enforcement capabilities.

If he is right (and I think he is) the cloud will be the wheelhouse of security transformation. And many vendors are ill-prepared for such a software, service and IaaS-based disruption.

Why? Here is a list of factors that will drive the cloud software security transformation.

  • Consolidation of Buyers; Commoditization of Hardware

Cloud providers are usually building their own infrastructure, around new management, scale and security requirements, well beyond what most organizations can afford or even consider.  If needed, they can go to traditional hardware vendors and negotiate from a position of great volume / influence over terms, margins and specifications in ways that few enterprises and service providers ever could.

The long term effects of this shift will be dramatic, decisive and in some cases devastating to vendor models tied to specialized hardware and skill sets. Many will be pushed aside as enterprises look for single layers of enforcement and more granular access tunnels to address more sophisticated attacks aimed at increasingly connected systems.

  • Security with Scale is becoming Strategic

Cloud infrastructure is being architected for new, emerging demands, especially related to horizontal and vertical scale and security.  Cloud environments will increasingly adopt software and service-centric solutions that can scale globally and seamlessly, without location-specific constraints.

Digitalization will add to cloud delivery pressures and force IT into more software and services and away from hardware-defined tradeoffs.  This, combined with buyer consolidation and commoditization, will make IaaS and managed service providers (and best practice enterprise shops) powered by software-defined capabilities much more influential than the traditional hardware vendors.

  • Software and Services are Strategic to Security and Scale

After decades of innovation aimed at hardware differentiation and specialization as a means of growth and profitability the tables have turned and vendor operating models will need to shift to survive.  The virtualization, software and cloud-defined benefits of scale and agility will embrace security in ways that simple weren’t possible in complex networks of devices architected for simpler, slower times, manageable security demands and single vendor networks.

The cloud won’t compromise security; it will transform it.

Posted by: Greg Ness | April 6, 2017

Goodbye NAC, Hello Vidder!

The question that many IT security pros are asking is: Why hasn’t network access control (NAC) lived up to its promise?
I certainly did. And what I discovered helped me to make a career move.

I’ll explain, starting with what NAC does. Then I’ll get to the personal part.

NAC provides enterprises the ability to authenticate devices as they enter the network, monitor those devices, and deal with those devices that do not meet security requirements.

That all makes sense. Yet the history of NAC adoption has been less than stellar, even in recent years. Why? I think it’s because NAC still doesn’t meet the needs of today’s enterprises. NAC products are complex to deploy, scale, and manage. They’re also not able to stop an attack from an outsider who has compromised an internal device.  Once you are in, you’re in.

The NAC value proposition is a victim of its own self-inflicted shortcomings, from access control list fatigue to obsolete posture check parameters. NAC complexity combined with technical constraints, contribute to a very challenging business case for most enterprises. Substantial upfront hardware investments are typically required, followed by high ongoing operating expenses.

These investments are the high table stakes to get the weak outcomes promised by network security hardware architected for simpler days and more primitive attacks. Today, things get even worse for hardware-bound solutions facing agile, dynamic software-based attacks.

Those medieval fortresses and walls scattered around the world are now only being used to lure tourists. No one uses them anymore for protection because they’ve become anachronisms, symbols of fixed defenses that worked in their day. Today we live in fast-moving times, where the spirit of entrepreneurship sometimes takes the form of cybercrime. Network defense schemes from more than a decade ago are already starting to resemble their tourist trap predecessors.

Unlike the rise of WLANS (and internet worms), which helped NAC solutions establish a foothold in enterprise security, cloud and digitalization initiatives are destroying the last remnants of the NAC payoff by magnifying the negative impacts of existing NAC technical and operational shortcomings.

NAC Boulder

The NAC security challenge: increasing complexity degrades scarce resources

 

NAC solutions only protect internal servers. Any hybrid or cloud-centric network would need a different approach to access control.  With digitalization, business-critical servers and databases will be more accessible to other servers and often larger populations of users.

Adequate protection would require even bigger initial investments and likely infrastructure upgrades. Then you’ll need more highly-skilled people to manage the complex weave of devices and permissions and access points. As your network grows sequentially your costs and complexities grow exponentially.

The problem: NAC’s lack of granular access controls requires security teams to create and manage hundreds of ACLs with thousands of potential rules, even for smaller networks.  Existing security teams might have to double or triple in size to simply keep up with the management overhead of these new initiatives, after those substantial initial hardware investments.

This explains why a host of companies are now talking about the Software Defined Perimeter, or the use of a single layer of software to protect large, complex networks. Its ability to scale up or extend enforcement across dynamic infrastructure is far superior than any approach requiring dedicated hardware, specialized skills and manually-driven lists.

So… after four-plus great years at CloudVelox I joined Vidder.  I met Vidder’s CEO Mark Hoover more than ten years ago.  Before I joined CloudVelox we discussed working together again as well as the new enterprise security demands taking shape. Vidder was on the way to re-inventing access control by blending trust metrics with the Software Defined Perimeter.

So here I am, years later at Vidder in the midst of a new asymmetric cyber war between nation states, hacktivists and societies dependent upon trust for their very way of life.  Goodbye NAC! Hello Vidder!

Posted by: Greg Ness | February 16, 2017

RSA Security Bloggers Meetup: Best Bald Bloggers Award

Had a great time catching up with old friends last night at RSA.  We have much to talk about this year, including greater recognition for bald security bloggers.

Maybe we’ll even get Rothman to shave?

Media preview

Posted by: Greg Ness | February 4, 2017

RSA: Acknowledge that Security is Broken

Trust is under attack. So much so that security experts are calling networks “zero trust.” A recent Kaspersky Labs survey found 77% of US businesses had breaches in the previous 12 months.

This at a time when established, multi-billion dollar incumbents enjoy wide deployment in US enterprise networks. It is apparent that hackers have evolved tactics and strategies faster than leading security vendors, and exposure is increasing.

Can architectures created more than ten years ago adequately scale and adapt to survive an unprecedented onslaught of attacks and demands? Time will tell. With digitalization spreading, the worst is yet to come.

Without trust nothing is possible. Without security trust is not possible.

Read the rest of the story at TalkMarkets.

rsa-time-to-acknowledge-security-is-broken

Posted by: Greg Ness | November 23, 2016

Antioch: A Dystopian Sci-Fi Masterpiece

BookViral

venit-martius-xv

Ancient Rome/Egypt and the search for dark energy takes you on a “fantastic romp” through surreal dreams and nightmares as Western Civilization is born in the past and dying in the not too distant future.

The Series starts with Antioch then in March 2017 continues with Alexandria.

3d-cover2

Worrisomely on target…David Brin

=======

Antioch: a dystopian hard science fiction novel set in the near future and the distant past.

======

“Beautifully done…” – Real Laplaine, author of Earth Escape.

buy-now-on-kindle

======

Reviews

UK sci-fi blogger Faith Jones’ 2017 review.

FIVE STARS: This book could have been a mystical revelation about the beliefs of the Alexandriabig.jpgold world, which would have been fascinating historical fiction on its own. It could have been an exploration of sci-fi discovery, what would be suddenly possible and how people and religions might react to that. It could have been a Roman boy meets Egyptian girl sort of culture and identity metaphor. Reconciling it all together and sprinkling it with illusions, insights and points of reference in real history makes this book a bit special, when you think about it. That shouldn’t have worked, but it has.

David Brin mentions Antioch in his blog:

Worrisomely on-target is a novel by my friend Gregory Ness – Antioch – that combines hard SF with fantasy and fretful observations on a new American Civil War and dark age. “In 2025 the U.S. disintegrates into angry mobs fueled by social media and misinformation. The once great nation turns away from science and tech in an effort to protect entrenched interests and preserve economic stability. Scientists are killed or exiled and laws passed to regulate innovation. … An American biologist’s dreams take him back to the Great Library of Alexandria where he witnesses the birth of western civilization. During the day he watches its disintegration.”

From top Goodreads reviewer Real Laplaine:

FOUR STARS: Without spoiling this beautifully done story, it takes us back and forth between the present, which is some years ahead of contemporary times, and thousands of years into the past, and then rolls us back and forth in an ever-consuming tale between now and then. The detail and imagery laced into the text about ancient Rome and Egypt, as well as Persia and Turkey, and their cultures and people, animates them, as if the reader is walking the stony streets of Alexandria. There is a beautiful love story which transcends time, depiction of brutal wars and great power struggles between Rome, Egypt and others – and the perspective of how Julius Caesar was, as a man, and a leader, makes the history books seem shallow in design.

Posted by: Greg Ness | November 15, 2016

Cisco Study: Cloud Migration Will be Big

Infrastructure Tech Vendors: Prepare for the Wildest of Rides

Just as VMware reveals an intent to become Airbnb for the cloud… a new Cisco studyRoller coaster loops against evening sky underscores massive future growth for cloud migration. This is not a coincidence. You can expect to see more data from other traditional IT vendors as the cloud becomes strategic to brownfield IT, not just the cloud-first teams.

This will be the cloud wave that brings the greatest disruption to the infrastructure hardware space, from the shift to GPUs for stream processing to more “cloud-enabled AirBNB’s” who use software to monetize enterprise cloud portability and security for traditional IT workloads.

That makes two recent acquisitions even more interesting.

Guy Looking at Clouds 4 blogMigration to the cloud is the biggest agenda for business enterprises today, with many plunging head-on into the cloud-race. Cisco released its assessment of the cloud industry up to 2020, called the Global Cloud Index Report. Cloud is going to grow big, with an estimation that it shall account for 92% of the data center traffic by 2020. Moreover, cloud traffic is expected to increase 3.7 times to 14.1ZB per year by 2020, a phenomenal rise. This will be driven by decided and rapid migration of enterprises to cloud architectures, whether public, private or hybrid.

Read coverage: Cloud Traffc to Grow 3.7X from 2015 to 2020, says Cisco

See also: The Cloud is Much Bigger than you Think

Posted by: Greg Ness | October 19, 2016

IT Needs More Than a Pyrrhic Victory for Existing Apps

An important interview about the chasm between IT, existing apps and IaaS…

Yesterday NetworkWorld published a notable interview discussing one of the core challenges faced by IT as we enter the cloud and digital age: What to do with the existing, core apps residing in owned/leased data centers?nww-logo

John Gallant asked CloudVelox CEO Raj Dhingra about the importance of cloud automation to the success of “brownfield” apps and the role of IT in becoming cloud-enabled.

With AWS, Azure, Google and a host of other service providers hovering around looking for an angle of attack on the bulk of enterprise IT spend, Gallant shines a light on the great cloud migration irony:  The leading providers have been slow to address the cloud migration challenge with anything more than manual processes and image conversion tools re-branded as cloud migration tools, which aren’t feasible for enterprise apps with robust networking, management and security requirements.

They have not addressed the risks and costs required to migrate complex grownfield environments into their cloud. This issue came to light earlier with a groundbreaking Forrester survey: Labor costs can make up 50% of public cloud migration.

While the cloud providers grow quickly with new apps created in their clouds, they leave the bulk of IT spending on the table for competitors. They also leave traditional IT types stranded between cloud experts, extensive risks and processes, AMIs and complex, critical applications. It’s the essential recipe for a pyrrhic victory at a time of increasing budgetary scrutiny combined with security and digitalization pressures.if-we-are-victorious-in-one-more-battle-with-the-romans-we-shall-be-utterly-ruined

When the great cloud gap closes (because of automation) the real cloud battle will begin. Those who break the process lock-in with automation will be the real winners.

Read more cloud-related interviews and developments at the free Clouds monthly.

 

I spent most of last week at the Future in Review tech conference in Park City listening to afuture-in-review-kicks-off-in-park-city series of intense 30 minute sessions on tech disruptions occurring across multiple fields, from advanced materials and computing to oceanography and pharma. It’s the kind of breadth and depth that probably led The Economist to call Future in Review “The best technology conference in the world.” [Images are furnished courtesy of Kris Krug photography]

I’ve handpicked what I think are some of the most timely and relevant sessions for enterprise executives, including my session on Digitalization, Cloud and the 21st Century Enterprise.

===

Opening Keynote: William Janeway on Globalization, Trade, Immigration and Democracy

janeway-keynoteJaneway (Warburg Pincus) kicked off Fire with a brilliant keynote highlighting the micro effects of macro trends, explaining a great deal of the momentum behind Brexit and current US political realities.  It was one of the most poignant and precise explanations of domestic reactions to globalization.

One key takeaway: societies need to do a better job of addressing the stresses and strains of global integration, including migration and trade and preparing for various shocks to the system.

READ MORE ABOUT JANEWAY’S KEYNOTE AT THE FIRE BLOG

Watch Janeway’s Keynote on YouTube

===

Digitalization, Cloud and the 21st Century

It was a big panel because execs from Microsoft, Google/Waze, Accenture, Oracle, SOASTA and Avnet had a lot to say.  We concluded that most large enterprises were not prepared for the digital/cloud age and would likely be disrupted by smaller companies with more focused digitalization and cloud projects. Agility and data would triumph over inertia.  My mantra looking forward: “He (or she) with the best algorithm wins.”fire-panel-1-jpg

“The emerging trend of digitalization is blurring the line between the physical and digital world. The dramatic reduction in the cost of data collection, storage and analysis in the last several years has opened the door for this change, and it’s changing the nature of business. Greg Ness guided a discussion. Panel on the consequences of digitalization on Day 2 of the Future in Review 2016 conference. Preston McAfee, Michael Schwarz, Mark Sunday, Tim Fitzgerald [not pictured], James Urquhart, and Edy Liongosari were also present as panel members.”

READ MORE AT FIRE BLOG

View the Digitalization Panel on YouTube

===

China and IP Theft: Boiling the Frog

Perhaps one of the most grounded and provocative panels dealt with the rising tide of intellectual property being stole by nation-sponsored theft.  The panel included the CEO of American Superconductor, a firm recently featured on 60 Minutes (The Great Brain Robbery) as a case study of IP theft and the damage in can wreak on a company and a nation.china-ip-theft-panel

“The session began with a clip from 60 Minutes, which went through the findings of an INVNT/IP report on China’s government sponsored theft of American IP. The clip also introduced the story of McGahn’s company, which suffered serious damage due to IP theft despite their best efforts.

Anderson spoke on China’s end game with the consistent flow of stolen IP to eventually take over major parts of the global economy. He suggested that relentless development was being used as an anesthetic by the Chinese government to quell public discontent.”

READ MORE AT FIRE BLOG

 

===

Visualizing IP Theft: Looking at the Incidents Globally

If you think the previous panel was bleak, the visualization of IP theft was even bleaker. Evan Anderson developed a database of known and suspected thefts from nation to nation to show a powerful visualization of intellectual property leaving the US for China and other nations. Russ Dagget moderated the panel discussion.visualizing-ip-theft

Anderson started by pointing out that INVNT/IP has a database of IP flows going back to 2001, originating from geotagged data points logging publicly disclosed thefts.

“The asset of innovation is intellectual property,” he said.

Montgomery visualized these flows by uploading them to collaborate.org. The resulting data was displayed on a globe, with animated arrows flowing from the origin country to the destination country of the IP. Red arrows referred to public thefts, purple to known but publicly undisclosed thefts, and black being projected and unknown threats. 

READ MORE AT THE FIRE BLOG

===

It will be weeks if not months before I fully absorb all of the great content assembled by the Fire team. You can get a glimpse of the sessions here at the 2016 Fire agenda.  I plan to post highlights of several other “must read” sessions from Future in Review here in coming weeks, based on time. Stay tuned.

Given the rise of digitalization and cloud and the impact of growing cyber threats, successful enterprises will have to be faster and more secure than ever across the next 3-5 years. If you miss the cloud you increase your chances to be a victim of theft and disruption.  Check out the Clouds monthly newsletter for more on the much-needed cloud automation and orchestration revolution.

Special thanks to Kris Krug for the images used in this post. You can reach him at kk@kriskrug.com.

Join us for a world class panel on the impact of digitalization and cloud on the 21st century enterprise. Join us at Future in Review in Park City Sep 27-30.

FIRE.png

“Digitalization, the Cloud, and the Transformation of the 21st Century Enterprise”:

With R. Preston McAfee, Chief Economist and VP, Microsoft; Michael Schwarz, Chief Scientist for Waze, Google; Mark Sunday, SVP and CIO, Oracle America; James Urquhart, SVP SOASTA; Tim Fitzgerald, VP Avnet; Edy Liongosari, Chief Research Scientist, Accenture; hosted by Greg Ness, VP, WorldWide Marketing, CloudVelox, and SNS Ambassador for Cloud Computing

Looking forward to a great panel!

Just discovered an interesting cloud blog> Flackbox by Neil Anderson.

Older Posts »

Categories