The Top 10, Top Predictions for 2012

Around this time of year, almost everyone and their brother put out their annual predictions for the coming year.  So instead of coming up with my own, I figured I’d simply regurgitate what many others are expecting to happen. 

• Security Predictions 2012 & 2013 - The Emerging Security Threat – SANS talks Custom Malware, IPv6, ARM hacking and Social Media.
• Top 7 Cybersecurity Predictions for 2012 - From Stuxnet to Sony, a number of cyberattacks emerged in 2011 that experts have predicted for quite some time.  Webroot’s top seven forecasts for the year ahead.  Zero-day targets and smartphones are on this list.
• Top 8 Security Predictions for 2012 – Fortinet’s Security Predictions for 2012.  Sponsored attacks and SCADA Under the Scope.
• Security Predictions for 2012 - With all of the crazy 2011 security breaches, exploits and notorious hacks, what can we expect for 2012?  Websense looks at blended attacks, social media identity and SSL.
• Top 5 Security Predictions For 2012 – The escalating change in the threat landscape is something that drives the need for comprehensive security ever-forward.  Firewalls and regulations in this one.
• Gartner Predicts 2012 – Special report addressing the continuing trend toward the reduction of control IT has over the forces that affect it.  Cloud, mobile, data management and context-aware computing.
• 2012 Cyber Security Predictions – Predicts cybercriminals will use cyber-antics during the U.S. presidential election and will turn cell phones into ATMs.
• Top Nine Cyber Security Trends for 2012 – Imperva’s predictions for the top cyber security trends for 2012.  DDoS, HTML 5 and social media.
• Internet Predictions for 2012 – QR codes and Flash
• TOP 15 Internet Marketing Predictions for 2012 – Mobile SEO, Social Media ROI and location based marketing.

Certainly not an exhaustive list of all the various 2012 predictions including the doomsday and non-doomsday claims but a good swath of what the experts believe is coming.  Wonder if anyone predicted that Targeted attacks increased four-fold in 2011.

ps

Technorati Tags: F5, cyber security, predictions, 2012, Pete Silva, security, mobile, vulnerabilities, crime, social media, hacks, the tube, internet, identity theft

Connect with Peter:	Connect with F5:

Drive Identity Into Your Network with F5 Access Solutions

This webinar focuses on F5 Access solutions that provide high availability, acceleration and security benefits critical to your organization.  Running time: 55:51

ps

Technorati Tags: F5, interop, Pete Silva, security, business, education, technology, internet, big-ip, VIPRION, vCMP, ixia, performance, ssl tps, testing

Connect with Peter:	Connect with F5:

Lost Your Balance? Drop The Load and Deliver!

It’s not named dough, melted cheese, mushrooms and pepperoni balancing.  Its called Pizza Delivery.  The user makes a request either over the phone or on-line with all the context of the ingredients and specifics of the request.  The Pizza Parlor then confirms the delivery location, gets to work and tries to deliver it to the destination as fast as they can.  The request arrives, both parties validate the order sometimes with a two-person handshake and the user consumes the content that was delivered.  Somewhat similar but much faster is what happens when a user makes a request from a web application.  They type in the location they want to go to, the ADC considers such contextual information like user, IP address, browser type, location and other variables to then deliver the specific content that is being requested – as fast as possible.  It’s not about load balancing an application, it’s about Application Delivery.

If you’ve lost your balance, then your equilibrium might be off and that is not a good thing.  You might have blurred vision, trouble hearing, dizziness and headaches and your decision making process could be off kilter.  You are slow to react, misunderstand requests, and give someone something they didn’t ask for or something different than what they asked for.  You are unable to take requests, process the information load and deliver an answer. 

Load balancing an application is no longer sufficient to ensure that the right users are receiving the right information at the right time, quickly, efficiently and securely.  Load balancing almost seems like an afterthought, or late in the process of delivering an application. You need to take into context the various variables of the user request and deliver that application based on the contextual information.  We use contextual information all the time to make our little daily decisions.  Which jacket to wear?  Well, what’s the temperature; is it raining; what am I doing; what’s the forecast; does it have pockets; does it have a hood; is it zipper or pull over and so forth.  Of course all this happens in an instant and we select what is needed.  You can’t make application delivery decisions simply based on ‘next in line,’ those judgments need to consider all the available information to make an informed application delivery decision.

ps

Resources:

• All “50 Ways” to use your BIG-IP system entries
• 50 Ways to Use Your BIG-IP: Availability
• 50 Ways to Use Your BIG-IP: Availability Presentation
• Availability resources on DevCentral
• Availability Solutions on F5.com
• Follow #50waystousebigip on Twitter

Technorati Tags: F5,F5 News,Interop,NOC,IPv6,BIG-IP,application delivery,network,Pete Silva, event, #50waystousebigip,50 Ways,availability,BIG-IP

Connect with Peter:	Connect with F5:

CloudFucius Ponders: High-Availability in the Cloud

According to Gartner, “By 2012, 20 percent of businesses will own no IT assets.”  While the need for hardware will not disappear completely, hardware ownership is going through a transition: Virtualization, total cost of ownership (TCO) benefits, an openness to allow users run their personal machines on corporate networks, and the advent of cloud computing are all driving the movement to reduce hardware assets.  Cloud computing offers the ability to deliver critical business applications, systems, and services around the world with a high degree of availability, which enables a more productive workforce.  No matter which cloud service — IaaS, PaaS, or SaaS (or combination thereof) — a customer or service provider chooses, the availability of that service to users is paramount, especially if service level agreements (SLAs) are part of the contract.  Even with a huge cost savings, there is no benefit for either the user or business if an application or infrastructure component is unavailable or slow.

As hype about the cloud has turned into the opportunity for cost savings, operational efficiency, and IT agility, organizations are discussing, testing, and deploying some form of cloud computing.  Many IT departments initially moved to the cloud with non-critical applications and, after experiencing positive results and watching cloud computing quickly mature, are starting to move their business critical applications, enabling business units and IT departments to focus on the services and workflows that best serve the business.  Since the driver for any cloud deployment, regardless of model or location, is to deliver applications in the most efficient, agile, and secure way possible, the dynamic control plane of cloud architecture requires the capability to intercept, interpret, and instruct where the data must go and must have the necessary infrastructure, at strategic points of control, to enable quick, intelligent decisions and ensure consistent availability.

The on-demand, elastic, scalable, and customizable nature of the cloud must be considered when deploying cloud architectures.  Many different customers might be accessing the same back-end applications, but each customer has the expectation that only their application will be properly delivered to users.  Making sure that multiple instances of the same application are delivered in a scalable manner requires both load balancing and some form of server virtualization. An Application Delivery Controller (ADC) can virtualize back-end systems and can integrate deeply with the network and application servers to ensure the highest availability of a requested resource.  Each request is inspected using any number of metrics and then routed to the best available server.  Knowing how an ADC can enhance your application delivery architecture is essential prior to deployment. Many applications have stellar performance during the testing phase, only to fall apart when they are live. By adding a Virtual ADC to your development infrastructure, you can build, test and deploy your code with ADC enhancements from the start.

With an ADC, load balancing is just the foundation of what can be accomplished.  In application delivery architectures, additional elements such as caching, compression, rate shaping, authentication, and other customizable functionality, can be combined to provide a rich, agile, secure and highly available cloud infrastructure.  Scalability is also important in the cloud and being able to bring up or take down application instances seamlessly — as needed and without IT intervention — helps to prevent unnecessary costs if you’ve contracted a “pay as you go” cloud model.  An ADC can also isolate management and configuration functions to control cloud infrastructure access and keep network traffic separate to ensure segregation of customer environments and the security of the information.  The ability of an ADC to recognize network and application conditions contextually in real-time, as well as its ability to determine the best resource to deliver the request, ensures the availability of applications delivered from the cloud.

Availability is crucial; however, unless applications in the cloud are delivered without delay, especially when traveling over latency-sensitive connections, users will be frustrated waiting for “available” resources.  Additional cloud deployment scenarios like disaster recovery or seasonal web traffic surges might require a global server load balancer added to the architecture.  A Global ADC uses application awareness, geolocation, and network condition information to route requests to the cloud infrastructure that will respond best and using the geolocation of users based on IP address, you can route the user to the closest cloud or data center.  In extreme situations, such as a data center outage, a Global ADC will already know if a user’s primary location is unavailable and it will automatically route the user to the responding location.

Cloud computing, while still evolving in all its iterations, can offer IT a powerful alternative for efficient application, infrastructure, and platform delivery.  As businesses continue to embrace the cloud as an advantageous application delivery option, the basics are still the same: scalability, flexibility, and availability to enable a more agile infrastructure, faster time-to-market, a more productive workforce, and a lower TCO along with happier users.

And one from Confucius: The man of virtue makes the difficulty to be overcome his first business, and success only a subsequent consideration.

ps

The CloudFucius Series: Intro, 1, 2, 3

Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog

twitter: @psilvas

F5's BIG-IP with Oracle® Access Manager to enhance SSO and Access Control

Learn how F5's BIG-IP LTM/APM helps in conjunction with Oracle Access Manager centralizing web application authentication and authorization services, streamline access management, and reduce infrastructure costs Watch how BIG-IP APM can reduce TCO, lower deployment risk, and streamline operational efficiencies for customers along with having a unified point of enforcement to simplify auditing and control changes in configuring application access settings.

ps

Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog

twitter: @psilvas

Virtualization is Real

I remember back-in-the-day when Virtual meant ‘almost,’ ‘simulated’ or ‘in essence’ as in, ‘I’m virtually there.’  Today, as it has made it’s way into computer terminology, it can mean actual or real things that are done over computers.  Virtualization has been the main enabler of Cloud Computing and has become an important tool for IT.  I recently attended the 2009 Cloud Computing and Virtualization Conference & Expo in Silicon Valley and wanted to share some of my observations.  The show has certainly grown from last year but still a nice small(er) conference with a lot of opportunity for good conversations.  Cloud ‘solutions’ seemed to dominate the talks even though there is still a lot of confusion about the Cloud with a good portion of participants appearing to be in the investigative/learning stage.  Many of the attendees were still just trying to understand the whole ‘cloud’ terminology and I felt like one of the most informed – which means there is still plenty of opportunity to educate folks.  Security was a big topic as you can imagine but this year it seemed like the presentations were focused on solving those fears instead of just listing them as inhibitors.
   
One of the sessions I enjoyed was ‘Cloud Security - It's Nothing New; It Changes Everything!’ (pdf) from Glenn Brunette, a Distinguished Engineer and Chief Security Architect at Sun Microsystems.  He first reviewed the hallmarks of information security: CIA, the Guiding Principals, Managing Risk and so forth and indicated that the Cloud doesn’t change any of that – there’s no difference in what drives security or the concepts, it’s the Implementation that is different.  So if the overall Security Services are the same, and if the traits are the same – what’s missing?  According to Glenn, the thing that Cloud Computing Security demands is: CONTEXT.

He reviewed some of the challenges facing Cloud Security:

Speed – the agility to quickly configure services.  Security is usually the last part of the architecture but how do you secure services and enforce them when units are getting spun up/down at a rapid pace. It’s an opportunity to re-think.  One thing Sun (and others) are starting to do is bake security best practices right into the image before sending it to the cloud. Why make the customer deal with securing the underlying system when the provider can build the needed security right into the image.  Pre-integration and assembly allows the customer to still deploy quickly but securely.

Scale – Today Security administrators deal with 10’s, 100’s, even 1000’s of servers but what happens when potentially tens of thousands of VM’s get spun up and they are not the same as they were an hour ago. Security assessments like Tripwire, while work, inject load and what if those servers are only up for 30 minutes?  How can you be sure what was up and offering content was secure?  One idea he offered was to have servers only live for 30 minutes then drop it and replace.  If someone did compromise the unit, they’d only have a few moments to do anything and then it’s wiped.  You can keep the logs but just replace the instance.  Or, use an Open Source equivalent every other time you load, so crooks can’t get a good feel for baseline system.

Assessability – anyone with a credit card can now deploy cloud services.  Maybe someone feels IT is too slow in deploying a particular service and decides to do it themselves.  They now have substantial resources available and not a lot of knowledge of current policies.  How can you be sure that the policies are enforced across the board on all deployments.

Transparency – Customer’s need a comfort level to know how the data is kept safe, how keys are managed, how do they constrain a problem in the cloud - essentially understanding the provider’s standards and processes.  There are more IT elements, more change events, more data and less control – that’s the fear.  The cloud makes these challenges more visible.

Consistency & Integrity – knowing the exact configuration of any machine at any time.
Key Management – this is a huge problem with providers. Doing a backup to the cloud (while keeping the keys close) is OK but if you intend to use that data then the keys also need to be stored in the cloud. Being able to do a fast recover can also require keys out there. Additional legal verbiage is what typically covers key management today.

Accountability – Service Level Agreements. SLA are not so strong on the provider end and customers often need to negotiate this area.

Compliance – auditors.

There are changing architectural strategies in the cloud. Tight Integration becomes Dynamic Assembly; Inspections become Telemetry of Objects; Repair & Recover turns to Recognize & Restart; and Log Scraping becomes Analytics. You just need to change some of the old habits. Opportunities exist for standardization but in the meantime, get to a manageable set of things that need to be done and build upon the automation. Glenn closed with his Cloud Security Rules:

• Embrace Security Systematically
• Design for High Survivability (fight thru)
• Compartmentalize failure (nodes going down)
• Minimize Trust Boundaries (how far does the data go)

Good advice.
ps

• #22 out of 26 Short Topics about Security
• previous stories: 21, 20, 19, 18, 17, 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1

Related Resources

• F5 and the 8 Ways to Virtualization (pdf)| Audio |
• Virtualization Changes Application Deployment But Not Development
• Server Virtualization versus Server Virtualization
• Architects Need to Better Leverage Virtualization
• Audio White Paper – Intelligent File Virtualization
• f5 Networks and GoGrid Share Their News
• Cloud Computing Expo - An Interview With Pete Silva
• Cloud Computing Expo - An Interview With Michael Sheehan

You’ve Taken That Out of Context

Hello and Welcome to the new hit Game Show: You’ve Taken that Out of Context!  Hilarity ensues in this action packed half-hour when contestants try to deliver the appropriate resources to end users depending on several factors and circumstances.  So let’s get right to it: Our first contestant is Danny, an IT Director from Boston and he’s getting his first request…..OK, user is coming from a home computer, without a certificate, from a broadband connection and is a partner – what are you going to give them Danny?  Wow, Excellent!  You’ve provided a simple web application, delivered through a reverse proxy so he can enter his time & materials expense report.  Great decision, Danny!  Our next contestant hails from Chicago and runs a data center for a large manufacturer, please welcome Greg.  Whoop, here comes Greg’s request…..User is a trusted employee in sales needing to enter customer info, using an IT issued laptop with specific reg-keys and updates but working from a wireless network.  How you going to handle it Greg?  Nice move!  Offering them not only their specific order entry application that’s optimized but also giving them a connection to Exchange so they can download their email to stay current.  Sweet – keeping users productive while on the road – great work.  And our last contestant comes from Texas where he’s the Network Engineer for  a distribution company – round of applause for Tom!  Alright Tom, let’s see your request.  It’s coming fast, user is a vendor who needs to see inventory levels.  They are coming from their corporate LAN on an IT issued computer and does have a certificate for certain applications.   Whatcha gonna do Tom?  A full Layer 3 network connected tunnel?  Well, let’s see.  They get connected, they are navigating to their favorite app, so far so good, and logging in, cool.  Wait, what’s this – the user has initiated a sniffer and found some financial docs.  Oh no!  He’s downloading the latest financial statements that aren’t public!  That spreadsheet has much of our sensitive data but it’s too late, they are long gone along with your data.  Sorry Tom, a little too generous with that but you do get a copy of our home game where players act out partial scenes and you have to guess the context!  Thanks for playing.

User Centric or Contextual Aware Computing is finally starting to gain  some traction partially driven by cloud computing.  User Centric or Contextual Based networking is simply Adaptive Access using intelligence to dynamically change the security applied to a specific access request based on the context of that request, the resources being accessed and the policy applied between the two.  The goal is to provide a unified method of applying security and delivering applications regardless of the actual security in effect, the network or the device being used to request access.  It’s access security based on user, device, location and integrity both at the time of the request and the duration of access.  It provides intelligence, adaptability and auditability for every user, every time.  It is about the environment or conditions surrounding an event and  informs us about it. With that information, we may perceive something differently which might change our view and maybe our decisions.  It’s about seeing the bigger picture and making better decisions by comparing the information we have about the request along with the requirements of the application and policies in place to deliver the proper access.  Garner calls this the ‘Digital Me.’

Gartner predicts that by 2012, there will be more than 7.3 billion networked devices worldwide and 298 million subscribers of location-based services.  This is more than just delivering secure applications, it’s also about delivering the right resources to the right user at the right time.  More than ever users are dispersed all over the globe, arriving from a multitude of devices and networks while requesting access and information from your systems.  You need to offer the proper access to that user in a quick, secure and efficient manner with the proper controls.  You need to make the right decisions based on that moment of information as we move from Identity (user/password with some customization) based to Contextual (Identity plus a whole lot more) based delivery models.  You need to ensure that no-one is coming in or taking anything out, without context.

ps

• #21 out of 26 Short Topics about Security
• previous stories: 20, 19, 18, 17, 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1

Related Blogs

• The Context-Aware Cloud
• Windows Vista Performance Issue Illustrates Importance of Context
• WS-Context
• Location, Location, Location
• Context-aware