Cisco Blogs


Cisco Blog > SP360: Service Provider

Service Providers Can Take a Bite Out of the $30 Billion SaaS Pie

By Bryan Mobley, Director, IBSG Service Provider practice

Service providers continue to struggle to monetize the tsunami of data traffic flooding their networks from consumers and business customers alike. While data traffic is growing exponentially, revenue is relatively flat. In engagements with major service providers and global enterprises, Cisco’s Internet Business Solutions Group (IBSG) has uncovered potential ways for service providers to generate additional revenue by helping software-as-a-service (SaaS) providers deliver a better experience to their enterprise customers. This blog describes one way service providers can participate in a SaaS market estimated to reach $30 billion by 2013.  By 2015, Forrester Research predicts the SaaS market will exceed $78 billion, representing more than 80 percent of the global public cloud market.

Security Concerns Can Limit SaaS Benefits

Many large enterprises today have embraced SaaS as a way to Read More »

Tags: , , , , , ,

Bundled Third-Party Software Security at OSCON 2012

The practice of using Open Source Software (OSS) and other third-party software (TPS) to build products and services is well established. Not only can it create tremendous efficiency--why build an operating system or web server if you don’t need to?--it also allows individual products to leverage best-of-breed functionality. This best-of-breed functionality can be critical on today’s Internet as security and scalability are often difficult or even patently ignored until it is too late.

The use of TPS to build things has been so successful and is so widespread that many products may even be assembled from a majority of software written by unknown third parties. This practice is not without its challenges. One of those challenges is security.

How does the security of a product’s constituent TPS affect its own security? How does the creator of the product learn of, manage and ultimately resolve security issues that originate in the relevant TPS packages?

These are the types of questions I attempted to address during a recent presentation at O’Reilly OSCON 2012. During that session I touched on seven challenges and offered five tools that I believe can make a difference.

Our friends on the Cisco Security Marketing team have posted the slides from that presentation online at slideshare.net.

Managing the Security Impact of Bundled Open Source Software from OSCON from Cisco Security

Is this an area of concern for you? If it is, I’d like to know how you are tackling it. What is working well? What is working not-so well?

Tags: , , ,

Mobility vs Security – Can You Really Have Both?

From peeking at Brittany Spears medical records to the theft of almost five million medical records from a tape back-up, no healthcare issue garners more adverse publicity, or passion, than violations of patient privacy. While you might expect that since the institution of HIPAA and quarter million dollar fines that this is relatively uncommon now, you would be wrong.  A stunning incidence of nearly 18 million breaches of privacy has occurred over the past two years according to a recent report from ANSI, the American National Standards Institute.  That is equivalent to the population of the states of Florida or New York.

As the world moves towards adoption of Electronic Health Records and Health Information Exchanges, concern for the vulnerability of private health information is escalating as the scale of these data breaches reach epic proportions.  A West Coast health care system experienced the theft of electronic health information for 4 million of its patients.  And another major academic medical center inadvertently disclosed the electronic health records of 20,000 of its patients.  The risks are real and global.  And they leave an organization -- any organization -- subject to severe legal and financial damage, not to mention the damage to their reputation. None of these organizations were cavalier about their security compliance.  But let’s face it, the workforce is larger and more mobile. The data is more prolific and ubiquitous and takes  on many different forms.   And the thieves are getting more sophisticated.

But so are the solutions. In the past, it was necessary to balance mobility with security-the more mobile, the less secure.  Not anymore.  Cisco’s AnyConnect combines industry-leading Cisco cloud and premises-based web security and next generation remote access technology to deliver the most robust and secure enterprise mobility solution on the market today.

 

Read More »

Tags: , , , , , , , ,

Who Keeps Your IPS Up To Date?

The realm of Network security encompasses many perspectives and interests as is evident from the wealth of articles prevalent across the media and availability of various proactive protection measures. One particular technology recognized as integral to securing a network is the Intrusion Prevention System (IPS), which is used to detect and prevent suspected malicious network traffic or behavior. However, an IPS is not just a ‘set-it-and-forget-it’ type of solution. This is because of the necessity of employing current Cisco IPS signatures, which are the lifeblood of the IPS and are essential for it to identify and block attacks against specific vulnerabilities or certain types of threats. Because new threats and vulnerabilities are constantly being discovered, the IPS signature database for an IPS-capable device needs to be kept current to maximize the level of protection that it can provide. If you already use Cisco IPS technology, then you might already be familiar how crucial it is to use the most current IPS signatures. Otherwise, the IPS solution cannot provide optimal protection against new threats and attacks. Cisco IPS owners with a Cisco IPS Services License understand this fact and can receive signature updates as they become available. Signature updates can be installed manually or downloaded and installed automatically using native Cisco IPS capabilities or management tools such as Cisco Security Manager. For those inclined to write their own signatures, Cisco has published documentation on how to write customer signatures for the IPS.

And while the signatures are the “lifeblood” of the IPS and keeping them current is paramount, it is also important to make sure that the underlying operating system is kept up to date on the sensor as well. The underlying operating system and engines decompose and analyze the traffic as it passes through the device. Things like protocol decoding, features, and evasion resistance are handled here. The engines work but do not alert without the signature set as the signatures provide the matching framework for an alert to fire. The same can be said about the signatures. They do not work without the engines. Each requires the other to function and therefore keeping them both current is important.

Read More »

Tags: , , , , , , ,

Wireless Security and Monitoring via the Cisco Aironet 3600 Expansion Module

A recent highway project in Orlando had proposed that an off-ramp be built for a future neighborhood and development center. Because the area was planned for future development, this caused some debate within the community. Some argued that that there was no point to spending money on something that might not be possible in the future. Others argued that it was good idea to build the off-ramp and spend the money now so when the neighborhood and development center was ready, a cost savings would occur since building it now would save money in the future. Both sides have good arguments and after some healthy debate, the off-ramp was built for the future neighborhood and development center, which both are now thriving.

Well, what does this have to do with Cisco and wireless technology? This is a good example of how the 3600 Access Point was designed. Even with the pressures of time to market and cost management, the development team took the extra time to add the option for future modular expansion. The same debates in the Orlando community took place here between development engineering and product management. “It will cost too much and delay the release of the product (especially in an industry where time to market is essential)” versus “Let’s have modularity so we can address whatever future technology is available so our customers can take advantage of it without having to rip & replace their APs”. We like to say we’re “future proofing” the AP.

Well, the future proofing argument won, and the 3600 was released last January with an expansion module for additional features and emerging technology. Already in May  we announced the 802.11ac Radio Module that will support the emerging standard.

Now, we have another addition to this expansion: the Security and Monitor Module. Read More »

Tags: , , , , ,