Friday, April 30, 2010

F5's BIG-IP with Oracle® Access Manager to enhance SSO and Access Control

Learn how F5's BIG-IP LTM/APM helps in conjunction with Oracle Access Manager centralizing web application authentication and authorization services, streamline access management, and reduce infrastructure costs Watch how BIG-IP APM can reduce TCO, lower deployment risk, and streamline operational efficiencies for customers along with having a unified point of enforcement to simplify auditing and control changes in configuring application access settings.

ps

Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog

twitter: @psilvas

Digg This

Thursday, April 29, 2010

CSRF Prevention with F5's BIG-IP ASM v10.2

Watch how BIG-IP ASM v10.2 can prevent Cross-site request forgery.  Shlomi Narkolayev demonstrates.  See how a CSRF is first accomplished then blocked by ASM. The configuration of CSRF protection is literally a checkbox.

ps

Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog

Digg This

Oracle Data Guard sync over the WAN with F5 BIG-IP

While at Interop 2010 this week, we shot some videos and in this one, learn how F5's WAN Optimization can enhance Oracle's Data Guard solution. I talk with Chris Akker, Solution Engineer, about the challenges of real-time database sync and Zero Data Loss over a Wide Area Network. Watch how F5's WAN Optimization can reduce latency, extend the distance required between data-centers and enable an enhanced disaster recovery solution.

ps

Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog

Digg This

Tuesday, April 27, 2010

CloudFucius Hollers: Read All About, F5’s On-Demand IT

Yesterday F5 announced a holistic approach to enable a common cloud architectural model—regardless of where IT resources actually reside.  Unifying Application Delivery, Access Control and Optimization to the cloud along with ongoing collaboration with technology partners like Microsoft, VMware, and Gomez, enables enterprises and service providers to realize the potential of ‘On-Demand IT’ through a dynamic services model.  There is a lot of information on this and wanted to share some of the technical whitepapers available for this solution.
The F5 Powered Cloud
How F5 solutions power a cloud computing architecture capable of delivering highly-available, secure, and optimized on-demand application services.
The Optimized and Accelerated Cloud
As more organizations begin moving applications into the cloud, congestion will become an increasingly critical issue. F5 offers solutions for optimizing and accelerating applications in the cloud, making them fast and available wherever they reside.
Availability and the Cloud
Cloud computing offers IT another tool to deliver applications. While enticing, challenges still exist in making sure the application is always available. F5’s flexible, unified solutions ensure high availability for cloud deployments.
Securing the Cloud
Cloud computing has become another key resource for IT deployments, but there is still fear of securing applications and data in the cloud. With F5 devices, you can keep your most precious assets safe, no matter where they live.
Cloud Balancing: The Evolution of Global Server Load Balancing
Cloud balancing evolves global server load balancing from traditional routing options based on static data to context aware distribution across cloud-based services.

F5 Cloud Computing Solutions

And one from Confucius himself: Go before the people with your example, and be laborious in their affairs.

The CloudFucius Series: Intro, 1, 2
ps
Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog
Digg This

F5 at Interop - Ken Salchow talks about Recent Announcements

Peter Silva interviews Ken Salchow who talks about F5's recent announcements about BIG-IP LTM VE, F5's new hardware platforms, VMotion across data centers and cloud architecture.

ps

Digg This

Wednesday, April 21, 2010

CloudFucius Wonders: Can Cloud, Confidentiality and The Constitution Coexist?

This question has been puzzling a few folks of late, not just CloudFucius.  The Judicial/legal side of the internet seems to have gotten some attention lately even though courts have been trying to make sense and catch up with technology for some time, probably since the Electronic Communications Privacy Act of 1986.  There are many issues involved here but a couple stand out for CloudFucius.

First, there is the ‘Privacy vs. Convenience’ dilemma.  Many love and often need the GPS Navigators whether it be a permanent unit in the vehicle or right from our handheld device to get where we need to go.  These services are most beneficial when searching for a destination but it is also a ‘tracking bug’ in that, it records every movement we make.  This has certainly been beneficial in many industries like trucking, delivery, automotive, retail and many others, even with some legal issues.  It has helped locate people during emergencies and disasters.  It has also helped in geo-tagging photographs.  But, we do give up a lot of privacy, secrecy and confidentiality when using many of the technologies designed to make our lives ‘easier.’ 
Americans have a rather tortured relationship with privacy. They often say one thing ("Privacy is important to me") but do another ("Sure, thanks for the coupon, here's my Social Security Number") noted Lee Rainie, head of the Pew Internet and American Life Project. From: The Constitutional issues of cloud computing
You might not want anyone knowing where you are going but by simply using a navigation system to get to your undisclosed location, someone can track you down.  Often, you don’t even need to be in navigation mode to be tracked – just having GPS enabled can leave breadcrumbs.  Don’t forget, even the most miniscule trips to the gas station can still contain valuable data….to someone.  How do you know if your milk runs to the 7-Eleven aren’t being gathered and analyzed?  At the same, where is that data stored, who has access and how is it being used?  I use GPS when I need it and I’m not suggesting dumping it, just wondering.  Found a story where Mobile Coupons are being offered to your phone.  Depending on your GPS location, they can send you a coupon for a nearby merchant along with this one about Location-Based strategies.

Second, is the Fourth Amendment in the digital age.  In the United States, the 4th Amendment protects against unreasonable searches and seizures.  Law enforcement needs to convince a judge that a serious crime has/is occurring to obtain a warrant prior to taking evidence from a physical location, like your home.  It focuses on physical possessions and space.  For instance, if you are committing crimes, you can place your devious plans in a safe hidden in your bedroom and law enforcement needs to present a search warrant before searching your home for such documents.  But what happens if you decide to store your ‘Get rich quick scheme’ planning document in the cloud?  Are you still protected?  Can you expect certain procedures to be followed before that document is accessed?  The Computer Crime & Intellectual Property Section of the US Dept of Justice site states:
To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or file cabinet. The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer if it would be prohibited from opening a closed container and examining its contents in the same situation….Although courts have generally agreed that electronic storage devices can be analogized to closed containers, they have reached differing conclusions about whether a computer or other storage device should be classified as a single closed container or whether each individual file stored within a computer or storage device should be treated as a separate closed container.
But, you might lose that Fourth Amendment right when you give control to a third party, such as a cloud provider.  Imagine you wrote a play about terrorism and used a cloud service to store your document.  Maybe there were some ‘surveillance’ keywords or triggers used as character lines.  Maybe there is scene at a transportation hub (train, airport, etc) and characters themselves say things that could be taken as domestic threats – out of context of course.  You should have some expectation that your literary work is kept just as safe/secure while in the cloud as it is on your powered down hard drive or stack of papers on your desk.  And we haven’t even touched on compliance, records retention, computer forensics, data recovery and many other litigating issues.  The cases continue to play out and this blog entry only covers a couple of the challenges associated with Cloud Computing and the Law, but CloudFucius will keep an eye on it for ya.
Many of the articles found while researching this topic:
Finally, you might be wondering why CloudFucius went from A to C in his series.  Well, this time we decided to jump around but still cover 26 interesting topics.
And one from Confucius himself: I am not one who was born in the possession of knowledge; I am one who is fond of antiquity, and earnest in seeking it there.

ps

The CloudFucius Series: Intro, 1
Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog, law

twitter: @psilvas

Tuesday, April 13, 2010

CloudFucius Says: AAA Important to Cloud

Konfuzius-1770 While companies certainly see a business benefit to a pay-as-you-go model for computing resources, security concerns seem always to appear at the top of surveys regarding cloud computing. These concerns include authentication, authorization, accounting (AAA) services; encryption; storage; security breaches; regulatory compliance; location of data and users; and other risks associated with isolating sensitive corporate data.  Add to this array of concerns the potential loss of control over your data, and the cloud model starts to get a little scary.  No matter where your applications live in the cloud or how they are being served, one theme is consistent: You are hosting and delivering your critical data at a third-party location, not within your four walls, and keeping that data safe is a top priority.

Most early adopters began to test hosting in the cloud using non-critical data.  Performance, scalability, and shared resources were the primary focus of initial cloud offerings. While this is still a major attraction, cloud computing has matured and established itself as yet another option for IT.  More data—including sensitive data—is making its way to the cloud.  The problem is that you really don’t know where in the cloud the data is at any given moment.  IT departments are already anxious about the confidentiality and integrity of sensitive data; hosting this data in the cloud highlights not only concerns about protecting critical data in a third-party location but also role-based access control to that data for normal business functions.

Organizations are beginning to realize that the cloud does not lend itself to static security controls.  Like all other elements within cloud architecture, security must be integrated into a centralized, dynamic control plane.  In the cloud, security solutions must have the capability to intercept all data traffic, interpret its context, and then make appropriate decisions about that traffic, including instructing other cloud elements how to handle it.  The cloud requires the ability to apply global policies and tools that can migrate with, and control access to, the applications and data as they move from data center to cloud—and as they travel to other points in the cloud.

One of the biggest areas of concern for both cloud vendors and customers alike is strong authentication, authorization, and encryption of data to and from the cloud.  Users and administrators alike need to be authenticated—with strong or two-factor authentication—to ensure that only authorized personnel are able to access data.  And, the data itself needs to be segmented to ensure there is no leakage to other users or systems.  Most experts agree that AAA services along with secure, encrypted tunnels to manage your cloud infrastructure should be at the top of the basic cloud services offered by vendors.  Since data can be housed at a distant location where you have less physical control, logical control becomes paramount, and enforcing strict access to raw data and protecting data in transit (such as uploading new data) becomes critical to the business.  Lost, leaked, or tampered data can have devastating consequences.

Secure services based on SSL VPN offer endpoint security, giving IT administrators the ability to see who is accessing the organization and what the endpoint device’s posture is to validate against the corporate access policy. Strong AAA services, L4 and L7 user Access Control Lists, and integrated application security help protect corporate assets and maintain regulatory compliance.

Cloud computing, while quickly evolving, can offer IT departments a powerful alternative for delivering applications. Cloud computing promises scalable, on-demand resources; flexible, self-serve deployment; lower TCO; faster time to market; and a multitude of service options that can host your entire infrastructure, be a part of your infrastructure, or simply serve a single application.

And one from Confucius himself: I hear and I forget. I see and I remember. I do and I understand.

ps

Related:

Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog

Follow: @psilvas

Digg This

Wednesday, April 7, 2010

CloudFucius Says: Blog Series, Good Idea

Konfuzius-1770 Last year I wrote a blog series called, ‘26 Short Topics About Security’ covering an alphabet soup of stories.   It seemed to be well received and this year I’ve decided to do another – this time focused on Cloud Computing with ‘CloudFucius’ as my guide.  Confucius, of course, was a Chinese philosopher who focused on personal growth, morals, good judgment, ethics and many other life enlightening behaviors.  He lived around 500BC and is credited with, ‘Do not impose on others what you yourself do not desire,’ and many other gems like, ‘Choose a job you love, and you will never have to work a day in your life.

First, I want to stake a claim here that CloudFucius (TM) is mine and I have started the copyright process.  :-)  I googled and did a copyright search for 'Cloudfucius' and absolutely nothing gets returned, which actually surprised me.  'Cloud-fucius' returns a bunch of 'fucius' stuff so I figured it’s good to take.  If you do have any rights, speak up now.  While I am well versed with the security stories, I can admit I'm no cloud super-expert; knowledgeable but certainly not to the level of MacVittie, Ness and the rest.  While weaving in what I do know, I was thinking of investigating a bunch of cloud topics that I’m not an expert on, learn along the way and report on it.  Education for all and playing off the fact that Confucius=wisdom.  Hopefully CloudFucius will teach us something along the way.  He’ll start next week with some easy doctrines like, CloudFucius Says: AAA Important to Cloud and in later weeks move into other areas like, CloudFucius Says: Secure Cloud is Possible.  I’m looking forward to what we uncover and CloudFucius is excited to spread some cloud knowledge to the masses and someday getting a Hasbro toy and game named after him.

下 周 见 - 下 for Next; 周 for week; 见 for see/meet.

ps

Technorati Tags: MacVittie, F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, greg Ness, context-aware, infrastructure 2.0, automation, web, internet, blog

Digg This

Tuesday, April 6, 2010

Today’s Target: Corporate Secrets

Intellectual Property is one of a company’s most precious assets and includes things like patents, inventions, designs, source code, trademarks, trade secrets and more.  These formulas, processes, practices and other inside information can differentiate your brand and give a competitive edge in the marketplace.  An often cited example is Coca-Cola’s formula or KFC’s 11 herbs and spices.  For technology companies it can be their software, hardware design, development process, roadmaps, patents and others pertinent to the company.  In F5’s case, we own the patent for Cookie Persistence technology and have had to lawfully protect that valuable intellectual property.

A new study from Forrester in conjunction with RSA and Microsoft entitled The Value of Corporate Secrets (pdf) concludes that while companies do focus and invest in compliance driven data security programs like PCI-DSS, they miss the mark on protecting corporate secrets and valuable intellectual property.

"Nearly 90% of enterprises we surveyed agreed that compliance with PCI-DSS, data privacy laws, data breach regulations, and existing data security policies is the primary driver of their data security programs. Significant percentages of enterprise budgets (39%) are devoted to compliance-related data security programs," according to Forrester Consulting's study. "But secrets comprise 62% of the overall information portfolio's total value while compliance- related custodial data comprises just 38%, a much smaller proportion. This strongly suggests that investments are overweighed toward compliance."  (from the RSA press release)

Companies spend enormous amounts of time and money protecting the Custodial Data; things like medical & card payment information along with sensitive customer data, as they should and are required to do, yet losing Intellectual Property or Trade Secrets can have long lasting ramifications.  The study indicated that loss of sensitive information from employee theft is 10 times more costly to a company than a single accidental loss – ‘hundreds of thousands verses tens of thousands’, the study says.  Also, companies are targeted and attacked more frequently the more valuable their information. 

From the study, the key findings are:

  • Secrets comprise two-thirds of the value of firms’ information portfolios.
  • Compliance, not security, drives security budgets.
  • Firms focus on preventing accidents, but theft is where the money is.
  • The more valuable a firm’s information, the more incidents it will have.
  • CISOs do not know how effective their security controls actually are.

The study’s Key Recommendations:

  • Identify the most valuable information assets in your portfolio.
  • Create a “risk register” of data security risks.
  • Assess your program’s balance between compliance and protecting secrets.

and

  • Reprioritize enterprise security investments.
  • Increase vigilance of external and third-party business relationships.
  • Measure effectiveness of your data security program.

ps

Related:

Technorati Tags: Pete Silva,F5,security,application security,network security, business, education, technology

Bookmark and Share
Digg This

Thursday, April 1, 2010

How Terms Have Changed over Time

me 1st_camera_web Meanings and terms often change or get adjusted over time, especially with Information Technology.  While never walking 5 miles to school in two-feet of snow, I did live during an era of TV’s without remotes and vinyl record players.  I tend to include many ‘remember when…’ type stories in my blogs so just chalk (or chuck) this one in the nostalgia pile.  A few are a stretch and most still hold their old definition but come along for the ride anyway.  :-)

When I was a kid:

  • An Appliance was a fridge, oven, toaster, etc.
  • You Breached a contract not a network and used a Buffer for shiny car polish.
  • A Cloud was in the sky, Cache was money, and C is for Cookie – which is good enough for me.
  • A Disk was made by Frisbee.
  • An Engineer drove a train.
  • A Firewall was an actual physical barrier in a building or vehicle.
  • Googol meant the highest number before infinity. 
  • Bears went into Hibernation
  • Inter and Intra described personal relationships.
  • Java was coffee.
  • Keys opened the house, started the car and got lost.
  • Your Local Host was your guide when traveling to foreign places.
  • When someone got too close you told them, ‘Get out of My Space.’
  • The Networks were ABC, NBC and CBS.
  • An OASIS was your own personal paradise, tropical for many.
  • You could stand on a Platform, I turned my head for my Profile and Port was a sweet wine.
  • QWERTY is still the same.
  • RAM was a male sheep & the NFL team from Los Angeles.
  • Spam and eggs, Hawaiian style.
  • There’s a game called Tag, and you are IT.
  • Utility had nothing to do with computing but could be a belt.
  • Viral meant a doctor visit.
  • Rode a WAV on the North Shore.
  • 802.1X flipped is an extension in Idaho or maybe Vermont.
  • A Yahoo was a local yokel.
  • Finally, Zip up your pants!!

Come on everyone, play along!  I’m sure you got your own entries to add.

ps

Technorati Tags: Pete Silva, F5, security, application security, network security, business, education, technology

Follow me on Twitter

Digg This