My posts will be focused on bringing topics of interest to government and business decision makers and explaining topics that could be very technical at level to allow good business decisions. As a company, Cisco is blessed with some very smart and technical people who can go into much greater depth than I would even attempt. We also have many more prolific bloggers than me. If you would like more information and for good reading on Cybersecurity topics, I recommend you take a look at the Cisco Security Blog – especially this month. Since October is National Cyber Security Awareness Month, they are posting a blog every day on cyber topics. Check it out!
As we pass the halfway point of National Cyber Security Awareness Month (NCSAM), I wanted to call attention to some of our colleagues over on the Cisco Government Blog. Patrick Finn and Peter Romness have been busy this month espousing the need for security and we thought it would be beneficial to expose our readers to their thoughts on security that have been published on the Cisco Government Blog space. Read More »
Many organizations make the error of thinking that basic defensive software is sufficient to protect critical data and infrastructure. When in reality, in order for government and enterprise organizations to keep their data protected from increasingly advanced cyber threats, comprehensive defensive security approaches are critical. And even with advanced, comprehensive solutions, there are still risks.
No organization is ever going to be able to protect 100 percent of its assets 100 percent of the time, which is why I work on the 95/5 principle. No matter how many security solutions are deployed, if attackers are determined enough, they will find a hole. Humans make mistakes and without fail, attackers will take advantage of them.
With comprehensive security approaches, we can regularly block at least 95 percent of threats—but there is always going to be a margin of error—the other 5 percent. A proactive, continuous approach can help ensure the vast majority of offensive moves are rejected.
There’s no question that more people around the world are connecting to wireless networks at home, work and play via mobile devices, such as smartphones and tablets. This rise in mobile device usage begs the question: How soon will it be (if not already) before these mobile devices dominate the mobile network, especially in the workplace?
Just recently, I read an article in Forbes, by Louis Columbus, that addresses the issue of increased mobile devices and unprepared network infrastructures. The article examines a study by IDC that predicts that 87% of sales for connected devices will be tablets and smartphones in next four years. As many employees prefer working from their own mobile devices, corporate networks, as they’re currently designed, will not be capable of successfully managing such a large volume of mobile data traffic generated by these mobile devices. With such expansive growth expected, the majority of businesses will either need to adapt an existing strategy to support this increase in mobile devices or adopt a new strategy.
Currently, there is a clear need for enterprises to better prepare and invest in their IT infrastructure. As more employees use their own devices at work for business and personal use, it’s imperative that business organizations require a secure mobile device and BYOD strategy to accommodate their business needs and employee preferences. However, the decision to adopt BYOD comes with a set of challenges for IT organizations.
Many of the benefits of BYOD, such as having the choice of device and anywhere, anytime access, are somewhat adverse to traditional IT requirements for security and support. In the past, IT pre-determined a list of approved workplace devices, typically a prescribed desktop, laptop, and perhaps even a small, standardized set of mobile phones and smartphones. Employees could choose among these devices, but generally were not permitted to stray from the approved devices list. With BYOD, IT has to approach the problem differently. Read More »
At Cisco live! Orlando in June, Cisco unveiled its vision for an Application Centric Infrastructure (ACI), a next-generation, secure data center fabric design. At the time, we were only able to unveil key conceptual aspects of ACI, but as we lead up to more detailed product announcements later this fall, we want to bring a little more clarity to the ACI vision, what it will mean for customers, and set the context for those announcements.
[Join our ACI Announcement Webcast on November 6, 7:30 AM PT/10:30 ET/15:30 GMT. Register here.]
ACI is designed around an application policy model, allowing the entire data center infrastructure to better align itself with application delivery requirements and the business policies of the organization. The entire objective of ACI is to allow the data center to respond dynamically to the changing needs of applications, rather than having applications conform to constraints imposed by the infrastructure. These policies automatically adapt the infrastructure (network, security, application, compute, and storage) to the needs of the business to drive shorter application deployment cycles.