Cisco Blogs


Cisco Blog > SP360: Service Provider

Securing the Internet of Everything: An Architectural View

As a follow up to my introductory blog on Securing the Internet of Everything, I would like to discuss further the security implications that will comprise proposed framework. As the applications of the IoT/M2M affect our daily lives, whether it is in the Industrial Control, Transportation, Smartgrid or Healthcare, it becomes imperative to ensure a secure IoT/M2M system. As the use of IP networks are employed, IoT/M2M applications have already become a target for attacks that will continue to grow in both quantity and sophistication. Both the scale and context of the IoT/M2M make it a compelling target for those who would do harm to companies, organizations, nations, and people.

The targets are abundant and cover many different industry segments. The potential impact spans from minor irritant to grave and significant damage and loss of life. The threats in this environment can be similarly categorized as those in the traditional IT environments. It’s useful to consider general platform architecture when discussing IoT security challenges. Below is the platform architecture that uses to frame IoT/M2M discussions.

While many existing security technologies and solutions can be leveraged across this architecture, perhaps especially across the Core and Data Center Cloud layers, there are unique challenges for the IoT. The nature of the endpoints and the sheer scale of aggregation in the data center require special attention.

The architecture is composed of four similar layers to those described in general network architectures. The first layer of the IoT/M2M architecture is comprised of Read More »

Tags: , , , , , , , , , , , ,

Cloud for Local Government Global Blog Series, Cloud and Law Enforcement (Part One): U.K.’s Facewatch Service Benefits Police, Businesses, and Citizens

This is the first in a two-part blog series that examines the opportunities that cloud-based services offer to law enforcement agencies—along with the challenges of this fundamental shift in the way information resources are managed.

Police forces have a well-established culture of owning and managing systems directly founded on concerns about security and control of access to information. Three trends, however, make this position unsustainable:

  • Traditional models for acquiring and running systems, which slow the pace of innovation
  • Pressure to reduce costs
  • Increasing need to form partnerships with other police agencies, public-sector bodies, and the private sector. Partnership depends on information sharing and open approaches to developing systems.

One of the most radical—and successful—cloud-based public-safety and security services is Facewatch. Using a network-based model, Facewatch provides an online reporting tool that allows U.K. businesses and citizens to report crimes and attach video evidence. The service enables crime victims to cancel credit cards instantly through Facewatch’s partners; allows users to share images of wanted people; and provides a channel for feedback from the police on the outcomes of cases.

Facewatch offers immediate benefits to the public, businesses, and law enforcement:

  • Citizens: ease of reporting and rapid management of associated processes
  • Businesses: less time required to deal with incidents
  • Law enforcement: reduces or eliminates the need to interact directly with premises to recover video footage

For all users, there is greater transparency about processes and reporting on outcomes, as well as the ability for communities to share information about wanted persons and crime trends.

Read More »

Tags: , , , , , , , , , , , , ,

Seven Things to Complete Before Deploying Cisco Identity Services Engine

Connected devices are spreading like kudzu on the Carolina roadside. Cisco Identity Services Engine (ISE) is a great way to manage the devices on your network and with implementing some best practices, I can say you will save time. Below are 7 ideas that will help:

1. Find an Executive Sponsor.

Security policies can now be supported at a network level using ISE. Official IT policies around accessing information based on BYOD were often circumvented. But now with ISE, we’ve been able to implement policies that provide the right access, but can’t be circumvented. This makes it more important than ever that you have executive-level sponsorship. Truth be told, which IT project wouldn’t benefit from the executive backing? My first experience with an executive sponsor was with an excellent CIO who resembled Pope Francis and spoke like a wicked good Bostonian. He tasked me with pursuing business groups and obtaining feedback on IT process changes. The CIO called me his “Man in Havana”. My coworkers lovingly changed it to “Cabana boy” because we made fun of each other at every opportunity. The point is, busy manufacturing and software development directors found time for my questions and follow-up meetings because an executive was driving the effort.

Read More »

Tags: , , , ,

Massive Canadian Pharmacy Spam Campaign

On Tuesday May 28, 2013 at 17:30 UTC a massive pharmaceutical-based spam campaign began, using the Subject: header “Only 24 Hours Left to Shop!”. Cisco witnessed volume rates peaking as high as 8 out of every 10 spam messages being sent. The indiscriminate nature of the attack’s recipients suggests that most anti-spam vendors, including Cisco, will have blocked this attack very quickly.

Pharma Spam Volume Graph

Read More »

Tags: , ,

Cisco Domain Ten: Domain 9: Security and Compliance

May 23, 2013 at 11:48 am PST

Security and Compliance is the next domain in our Cisco Domain TenSM model that I will cover, following on from my previous post on Applications.  And following on from my previous posts around Cisco Domain Ten, I’ll give you a brief overview of the questions that come up when we discuss data center security and compliance challenges with customers as we help them transform data centers, migrate applications to Cisco UCS, and adopt cloud computing solutions and architectures.  Security has and continues to be a major focus area in Cisco, so it was great to see Cisco come top in the recent survey by Infonetics Research, “Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey, March 2013”!

 

Domain 9: Security and Compliance

Domain 9: Security and Compliance

Security and compliance are indeed exciting areas, indeed security is often highlighted in surveys -- including my own survey of Cisco customers a few years back now -- as the #1 issue impacting customer adoption of cloud computing.  So what are come of the issues, challenges and considerations should be on your mind with respect to security and compliance in the data center and cloud?

Read More »

Tags: , , , ,