Chattin’ With the Boss: “Securing the Network” (Waiting For the Jet Pack)
At the RSA security conference last week I spent some time with Tom Gillis on a live uStream video titled “Securing the Network.”
Tom happens to be (as he points out during a rather funny interlude) my boss’ boss — he’s the VP and GM of Cisco‘s STBU (Security Technology Business Unit.)
It’s an interesting discussion (albeit with some self-serving Cisco tidbits) surrounding how collaboration, cloud, mobility, virtualization, video, the consumerizaton of IT and, um, jet packs are changing the network and how we secure it.
Direct link here.
Embedded below:
Related articles by Zemanta
- Cisco outlines new plan for securing mobile, cloud apps at RSA (computerworld.com)
- Cisco beefs up VPN and cloud security (v3.co.uk)
- Virtual Networking/Nexus 1000v Virtual Switch Blogger Roundtable/WebEx Logistics – March 2nd. (rationalsurvivability.com)
- Cisco rolls out mobile VPN trifecta (go.theregister.com)
![Reblog this post [with Zemanta]](https://i0.wp.com/img.zemanta.com/reblog_e.png)
Categories: Cisco, Cloud Computing, Cloud Security, Consumerization Of IT, Data-Centric Security, Disruptive Innovation, Information Centricity, Information Security, Information Survivability, Security Conferences, Security Innovation & Imagination, Virtualization, Virtualization Security Cisco Systems, RSA, RSA Security, Security, Tom Gillis
Interesting.. but I did take issue with "your boss' boss'" comments about how great it is to be able to just open his notebook and auto-magically be connected over the VPN with no clicks, etc. I'm wondering how great it would be if his notebook got stolen? Is his notebook going to know it's not him using it?
Such "convenience" might be a cool "must have" for some kid's gaming device, but not for a working professional's computer. If there are some biometrics involved like a retinal scan or even a keystroke detector that could shut the VPN down if it sensed that it wasn't your boss' boss using it, then that should have been brought out in the discussion.
Your thoughts?
TJL a/k/a Sparkenstein
@Sparkenstein
…he left out the (common sense) part where you still have to enter a username/password to unlock said computer (or initially boot it) – he was referring to the VPN connection itself.
There are, for those who desire it, options for things like two-factor authentication also.
/Hoff
Ok, all well and good.. but now if his personal notebook is compromised, so is the VPN and the organization that is trusting that VPN connection.
I guess my point is that "convenience" is diametrically opposed to the "security" that a VPN represents, and that making things like a VPN connection "too convenient" is somewhat wrong-headed.
Maybe the VPN example was just the wrong one to use when talking about "convenient security" — a term which itself can be argued is an oxymoron. Just my 2 cents. No more, I promise.. 😉
Your point is well taken, but keep in context the remainder of the elements that make up what Tom was referring to as controls relevant to the VPN — MITM'ing SSL for DPI, DLP, certain firewall & NAC rules in place depending upon location and destination…
Per your example (assuming the controls I mentioned above were not in place) if his notebook is compromised, what would keep the agent that cause the compromise from simply abusing the tunnel once it was up?
Security has an always will be 1/convenience. What was being discussed was utilizing a little of the smarts we've gained over the years and implementing technology that is more than just a dumb tunnel.
Make sense?
(…and keep your comments coming.)
Yes it does.
Now having said that, I'll add that (IMHO) (a) strong authentication would be essential to making (almost?) everything else you mentioned work downstream, and (b) "convenient" strong authentication is hard to achieve — not impossible, of course. Just hard, and maybe a little expensive too when it comes to building it into low-cost consumer devices.
I guess I was responding mostly to the "sensational" aspect of the example — but, hey.. it was a video.. that's show biz! 😉
Mmh…I was hoping finding more info regarding Virtualization security software.
I am really concerned about how secure is a virtual environment from internal and external threats.
Any thoughts?
Might I suggest:
http://www.rationalsurvivability.com/blog/?cat=26…
/Hoff
Thanks for the link beaker.
I just found this interesting article as well http://www.vminformer.com/1213/
But never heard about this software beforehand.
I guess you should have an idea of the best virtualization security tool. What would be your suggestion(s)?