Industry Solutions and Trends
Technology is more than just networking and Juniper experts share their views on all the trends affecting IT
Showing results for 
Search instead for 
Do you mean 

Auditing Security in the Data Centre

by Juniper Employee ‎04-28-2014 11:02 AM - edited ‎04-28-2014 12:59 PM

Your security is only as good as its weakest link. Auditing security means ensuring that you have the appropriate policies in place, and that you have confidence those policies are being followed. An external partner can help create both policies and the audit that supports them. Check out the 10 point Auditing Security in the Data Centre infographic, this offers you a framework to work with to ensure you have a comprehensive Data Centre Security Audit.


Guest blog by Paul Bonner, Head of Technical Services,


When companies reorganise or are brought closer together through merger or acquisition, questions over security are pretty low down the list of priorities to deal with. We assume security will adapt when moves and changes take place.


But anyone familiar with the huge range of headaches that can occur, and the increased potential for catastrophic data loss or theft, will tread carefully and seek to put security near the top of the agenda.


What can be done?


Rather like ensuring that your home will cope with all weathers, there is a need to start with the foundations – check they are secure and check them regularly.


So for data security it is all about knowing what data you have, classifying it into tiers, and creating a clear policy for each tier. Once such a policy is in place it needs to be regularly reviewed and certain data re-classified, which will mean that its access rights must be amended.


With a policy in place, all levels of reorganisation can be handled with appropriate care – or at least far more effectively than normally occurs.


A single staff reassignment seems insignificant, but it must be handled with care. At the most basic level staff are constantly moving within an organisation. The policy needs to cope with such changes so that an individual’s need for data is reassessed and changed appropriately.


The virtual world is a wake-up call for your security policy

by ‎04-28-2014 04:47 AM - edited ‎04-28-2014 04:49 AM

Guest blog by Paul Bonner, Head of Technical Services,


There is little doubt that the cloud and virtualisation is playing a big part in all our futures. Despite the odd horror story, virtualisation is ever-present in every area of commercial life.


But like all white knuckle rides, there is a time when we have to come to earth and face up to the implications. It’s a time to realise that our old-world view of security is not best suited to the world we now inhabit.


Companies have been attracted to such services for a range of very good reasons, but most have not redrawn their security policies to reflect the new risks posed by the combination of cloud and virtualised environments.


So what are these risks?


One of the key concerns for your data centre security strategy is coping with an increased attack surface due to vulnerabilities in virtualised environments.


While many providers can demonstrate high levels of physical security there are many more weaknesses evident within a virtualised environment, whether in-house or in a provider's location. A key area of weakness is in server virtualisation.


Guest blog by Mario Socarras, Presales Consultant, Logicalis UK


Cloud services have provided a solid alternative for enterprises to consume IT services, but most organisations use a hybrid cloud that combines private infrastructure with specific external cloud services.


There are still availability and security concerns about cloud services. Availability has proved not to be a problem when proper redundancy mechanisms are put in place such as links, bandwidth and DNS and VPN termination.


On the other hand, achieving proper security for a hybrid cloud requires a comprehensive set of processes, technology and people. When security is addressed as a practice with defined steps, it can to be both manageable and effective. Here is a summary of how to address hybrid cloud security:


Know yourself: It is fundamental to have visibility of assets, and properly assess risk. This means understanding the application's data flow, where the data is, who accesses the data, and when it is accessed. Identifying where the valuable or sensitive information resides means you can apply specific security measures through the whole infrastructure, from end users or devices to the data.


Scan, test and evaluate: Scan applications, server and network devices to discover vulnerabilities. Scanning should be a customised process in which each asset is analysed differently in the context of its use. Web applications, for example, will be exposed to different threats than routers and switches. Scanning can, and must, also be done for applications and infrastructure that are in a public cloud.



Guest Users : Friend or Foe to your network

by Juniper Employee ‎04-24-2014 05:44 AM - edited ‎04-24-2014 06:03 AM

Asset protection is nothing new; but the thorny issue of guest access remains. 


Visit a British castle, such as the magnificent Leeds Castle in Kent, and you will see a supreme example of medieval enterprise security. High walls, wide moats, buttresses, arrow loops and numerous surveillance points; all contributing to the desired effect. If the outward appearance didn’t put invaders off, the thought of boiling water thrown at them if they came too close to the drawbridge was a pretty good secondary deterrent. Such protective measures served a vital function; but as with today’s corporate networks, the best laid plans and fortifications were little protection against visitors or guest workers with ill intentions.


The question asked then and now is still:  When is a visitor or contractor a threat, and what can be done to mitigate that threat?

It has become expected that organisations provide wireless networks for visitors and staff but increasingly questions are being asked about the threats posed by outsiders given access to wireless services and allowed beyond into an organisation’s network. Aside from combating the obvious rogue element it is also important to remember that such users can have malicious effects without intending it, due to malware existing, unknown to them, on their machines.


Guest post by Adrian Ringrose, Enterprise Account Director, SecureData


The business needs access to data in order to do its job, and the challenge that security teams have is how to allow the business access that data, in a secure fashion, in increasingly diverse number of ways, across multiple geographies.


In the past, many networks have been hard on the outside and soft on the inside, but the attention paid to perimeter security has been partially successful, but at a cost. Security teams and business have been forced to wise up to the simple fact that, just because something is behind a firewall, it does not mean this is secure. We need to accept that unfortunately today everyone is a target and everyone will suffer a breach of some kind in the future.


The increased sophistication of attacks presents us with a "don't panic" moment. On one hand, it is natural to impose tighter security restrictions on the business. On the other, if these attacks are trying to stop the business functioning efficiently, then too many restrictions will do the hackers' job for them, even if the security measures successfully cut down the number of vulnerabilities.


When Juniper Networks surveyed business users at the end of 2013 Download the research here the consensus what that tightening internal rules around access to data would be the way for organisations to become more competitive. There was a strong suggestion that many IT managers and CIOs favoured a "lockdown" approach to managing the data centre, at least in the short term, and the imposition of more restrictive rules on devices.


How to measure security?

by Trusted Contributor ‎04-23-2014 12:27 PM - edited ‎04-23-2014 01:48 PM

No one would pretend that an organisation's threats and the effectiveness of its security policy should not be measured and quantified. But what does that mean in reality? In the aftermath of the discovery of the Heartbleed vulnerability Jodie Sikkel, Sales Manager and David Peters, Technical Director, from Juniper Networks’ Elite Partner Advanced Network Security and Gavin Thirlwall, Systems Engineer at Juniper Networks, debate the problem of discovering your risks, and then measuring your effectiveness at dealing with them. Read on to find out more from this insightful interview I commissioned with them:


Zoe: How should a business measure its vulnerabilities?


Jodie: There is no exact rule to measure this as every business has different goals and objectives, which are closely followed by the vulnerabilities and exposure that come with success. With the continual evolution of the threat landscape, often the security solutions put in place to protect an organisation are not dynamic enough or have the flexibility and scalability to keep up. Really, the best way to measure vulnerabilities is visibility. For an IT team to have the ability to see the business vulnerabilities at a glance is incredibly powerful and is something we often support our clients with.


Gavin: There are tools we provide such as Firefly Host that can do introspection, for example, we can identify how many of your virtual machines are missing a critical patch. But many non-technical managers naturally don't understand the threat landscape in detail.


Maybe we should go back to the basics of information security; what are the assets we are protecting? Who are the attackers? And what the threat vectors are? The problem is how many enterprises can pin-point who is attacking them? Are you being attacked by script kiddies and automated attacks looking for the “low-hanging fruit”? Or is it something more serious? We have a product called Junos WebApp Secure that can answer these questions. Few enterprises know who is attacking them, how serious a threat it is and how determined and well-resourced attackers are.


About Industry Solutions and Trends

Subscribe RSS Icon

Follow our Twitter Accounts:
Juniper Networks Twitter
UK Twitter
Japan Twitter
Australia Twitter
Juniper Networks Technical Books