One of the responsibilities of the Key Master is to provide access to the sensitive and secure information hidden within the locked facilities. In my last post, I explained why the application delivery controller (ADC) is the Key Master for SSL/TLS communications on the internet. It is the responsibility of the ADC to manage and distribute the access to the different essential security services.
Just as cloud computing means different things to different people, so does the term Service Provider (SP). For the purpose of this blog, I include Cloud Service Providers (CSP), Hosting providers (colocation and managed) as well as Telcos in the SP category.
In the movies (and real life) one often needs to go through the Key Master to get to the destination. The job of the Key Master is to keep control of the access to the locks and barriers that protect important or sensitive material. Sometimes there is one key to get to the hidden rewards while other times, there is a long string of keys that must be maintained and managed. In other situations, the Key Master is more of a Key Maker, generating keys upon request.
Many organizations have a guidance to cut IT spending while rolling out secure application services in a continuous delivery model. Many R&D teams in these organizations have adopted Agile and DevOps practices to enable faster delivery. The goal of Agile and DevOps practices is to deliver applications quicker and to deploy them with a lower failure rate than traditional approaches.
Driving a car is like riding a bike, if one refers to the old expression. It is fairly easy to recall how to do it if there has been some time since the last time one has been behind the steering wheel. Of course, this old adage does not apply if the way cars are driven has changed. It can be disconcerting going from automatic to manual transmissions or driving on the right side of the road instead of the left.
It has been a while since Cisco announced end-of-life for its Application Control Engine (ACE) products. The last date of support, January 31, 2019, is fast approaching. If you rely on ACE for load balancing in your environment, it is time to migrate and look to the future.
How do we build a truly resilient security framework directly incorporating micro segmentation into the SCADA systems and our network in order to protect it, when we can’t add security controls for fear of the business consequences?
I think the solution is quite obvious on the surface: change the dynamic that has existed within our communication-centric IT world since the inception of ARPANET. What do I mean?
For Service Providers, Universal Customer Premise Equipment (uCPE) is getting more interesting every day. IHS Market analyst, Michael Howard, said in a recent SDxCentral article that “the uCPE [universal customer premises equipment] phenomenon is an almost perfect storm of five trends, whether it is white box, grey box, or more proprietary. This new uCPE market is resulting from enterprise demand that virtualized security functions reside physically inside the walls of enterprise locations.” The trends that Howard cites are:
The world is changing; it always has but the world is changing faster now than it ever has before. This general change is translating into even bigger changes in the cyber world. Some of the key areas that are evolving aren’t new, like availability or security. Others like automation are maturing quickly, and then there is the ever-present need for “easy.” Easy is a nebulous term, but in this case it refers to ease of procurement, ease of set up, flexibility in platform and ease of ongoing management.
This accelerated change is being driven by different market and business drivers. Some of the key market drivers are compliance, time to market, cyber loss risk, and increased competition around the user experience. This change is acutely felt in the ADC space.
Recently I spoke on security in Austin at the Big Communications Event, where Verizon announced their uCPE (Universal Customer Premise Equipment) platform. Notably, they are choosing a white box platform from Adva running Openstack on a generic Linux server with a KVM hypervisor. Verizon’s new platform will enable them to deploy the device as a generic piece of NVFi to host any VNF in this generic Linux/KVM/Openstack environment. If successful, this gives Verizon huge flexibility to configure and deploy new services completely remotely via SW and remove one of the major cost drivers of Carriers: deployment and maintenance of CPE.