Businesses and individuals are increasingly relying on computers and Internet-based networking. They experience several benefits, but also potential risks. When staff or business partners have constant access to internal networks from insecure locations, security is a major concern.
The Rise of Cybercrime
Cyberattacks generally refer to criminal activity involving the use of a computer network, normally conducted via the Internet. Internet users and organizations face increased risk of becoming targets of cyberattacks. An independent research report conducted by Ponemon Institute on organizations located in the United States in 2013 found that the U.S. experienced an increase of 18 percent in successful attacks from the previous year.
Today, criminals have more advanced technology and greater knowledge of cyber security. Attacks may include financial scams, computer hacking, virus attacks and distribution, denial-of-service, theft of an organization’s information assets, posting of sensitive business data on the Internet, and malware.
Risks of Cybercrime
For businesses and corporations, the cost associated with cyberattacks is large. Stolen or deleted corporate data can inflict financial damage on the victim, damage the company’s reputation, and negatively affect people’s livelihoods. The risks are even higher for small companies, since their businesses may rely solely on project files or customer data bases. The same Ponemon Institute study reported that in 2013, the average cost of cybercrime in the U.S. was $11.6 million annually - an increase in cost by 26 percent from the previous year.
Organizations should follow basic guidelines in order to reduce the security threat to their data and devices. To prevent cyberattacks, companies should:
1. Use a Secure Connection to the Corporate Data
This generally involves implementing a Virtual Private Network (VPN). VPN technology provides protection for information that is being transmitted over the Internet by allowing users to form a virtual “tunnel” to securely enter an internal network to access resources, data and communications.
2. Store Data Centrally
Centralized storage of data offers protection and increases speed, convenience and efficiency for accessing files. Sharing of files enables rapid and easy access to important data from virtually anywhere in the world. The relative mobility and control of data improves effectiveness of workflow. Another crucial advantage of centralized data is cost. Although it is possible to store and backup data on multiple machines, it is considerably more cost effective to use central storage. For instance, data can be stored on a server within the corporate LAN behind the firewall.
3. Use Modern Authentication Methods
Authentication is the process by which the parties at either end of a network connection can verify the identity of the other party. Verification is typically based upon something you know (such as passwords), something you have (smart card or tokens), or something you are (biometric techniques, including fingerprint and eye scans). Deployment of modern authentication methods, such as Kerberos authentication protocol, ensures confidentiality through encryption that ensures no one can tamper with data in a Kerberos message.
4. Use Reliable, Strong Encryption Technology
Encryption is the process of changing information in a manner that cannot be deciphered by anyone except those holding special knowledge (generally referred to as a "key") that enables them to alter the information back to its original, readable form. A VPN turns the Internet (an unsecure environment) into a secure private network, by providing heavy encryption. In particular, an SSL VPN is best-suited for mobile apps.
5. Enforce Strong Passwords
Implementation of strong passwords is a basic security procedure, however it is often overlooked. Complex, hard-to-crack passwords are a simple line of defense against a security breach. Password policies, which offer advice on proper password management, should be in place. Password best practices include:
• Avoid using dictionary words or common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.
• Do not use personal information.
• Use special characters, such as * and #. The majority of passwords are case sensitive, therefore, a mixture of both upper case and lower case letters, as well as numbers, should be used.
• Choose a long password, as passwords become harder to crack with each added character.
• Create different passwords for different accounts and applications. Therefore, if one password is breached, the security of other accounts is not at risk.
• Never write down passwords and leave them unattended in a desk drawer or any other obvious place.
• Never communicate a password by telephone, e-mail or instant messaging
• Never disclose a password to others, including people who claim to be from customer service.
• Change passwords whenever there is any doubt that a password may have been compromised.
The growing popularity and convenience of digital networks has led to an increase in cyberattacks; consequently, keeping up to date with the most recent and important concerns facing the organization is in itself a challenge. Organizations can protect their highly sensitive information by following a safety plan and adopting reasonable security practices.
If you would like to learn more about VPN technology, and review some tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?
Controls are a mode of living. Whether it’s the workplace that requires a key fob or an identification badge, a password to log into the company network, or an access permission to use a copier, there are numerous controls/safeguards that we encounter during the normal course of our everyday lives.
Defining Control Activities
Control activities are actions taken to minimize risk. A risk is the probability of an event or action having adverse consequences on an organization, such as information assets that are not adequately safeguarded against loss.
Control activities occur throughout the organization and include diverse activities, including approvals, authorizations, verifications, reviews of operating performance, and security of assets.
Internal controls are a fundamental part of any organization’s financial and business policies and procedures. The advantages of internal controls are:
- Prevention of errors and irregularities; if these do occur, the inaccuracies will be detected in a timely method
- Protection of employees from being accused of misappropriations, errors or irregularities by clearly outlining responsibilities and tasks
IT controls are a subdivision of internal controls, and refer to policies, procedures and techniques on computer-based systems. IT controls are essential to protect assets, highly sensitive information and customers. IT controls support business management and governance; they also offer general and technical controls over IT infrastructures.
Subdivisions of IT Controls
Generally, IT controls are divided into two main categories:
1. General Controls
These apply to all system components, processes and data for a specific organization. General control activities are conducted within the IT organization or the technology they support, which can be applied to each system that the organization depends upon. These controls facilitate confidentiality, integrity and availability, contribute to the safeguarding of data, and promote regulatory compliance. General controls make safe reliance on IT systems possible. Examples of such controls include access controls (physical security and logical access) and business continuity controls (disaster recovery and back-up).
2. Application Controls
These controls are business process controls, and contribute to the efficiency of individual business processes or application systems. Examples of application controls include access authorization, which is essential for security of the corporate network. This prevents users from downloading illegal material or viruses, and may also block unproductive or inappropriate applications. Other examples of application controls include segregation of duties and concurrent update control.
Modern IT Solutions
Virtual private network (VPN) technology enables a secure connection to the organization’s data to be made over insecure connections, such as the Internet, and is essential to providing comprehensive security, safety and flexibility to businesses. Furthermore, advanced VPN technology offers several services which help users maintain access to critical information. VPNs facilitate the implementation of IT controls. For instance, VPNs provide dynamic access portals, whereby network managers can define server access with application publishing in such a way that the user only sees his or her personal, customized portal.
Control activities occur throughout the organization, and IT controls are fundamental to protect information assets and mitigate business risks. Deployment of a modern virtual private network (VPN) technology facilitates the implementation and management of IT controls.
If you would like to learn more about VPN technology, and review some helpful tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?
Today, mobile workforces stay connected in and out of the office and use their devices for work and personal purposes. The ultimate goal of a remote working strategy is to increase productivity and reduce costs; indeed, studies by Best Buy, Dow Chemical and many others have proven that teleworkers are 35-40% more productive than their in-office counterparts.
The drafting and implementation of an organization-wide workplace strategy will ensure that end users at all levels of the organization will enjoy a positive experience. The following are five best practices that effectively boost remote workers’ productivity:
1. Maximize Employee Participation
Maximizing employee participation is the first step to maximizing employee productivity. Not all employees benefit equally from remote working; however, without a critical mass of users, the benefits will be limited. IT teams should not restrict solutions, such as mobile workplaces, to only those who “seem” to need it. Remote working allows employees to respond to colleagues and customers faster, therefore IT teams and managers should not deter employees from working anywhere and anytime.
2. Ensure Employees Have the Productivity Tools they Require
Employees should be encouraged to use a wide range of productivity tools which do not pose network security risks. However, if IT teams are uncertain how to handle such employee requests, they generally allow employees to use these tools without providing adequate security, or block the use of the tools entirely. Regardless of the circumstances, IT teams should circumvented security risks by deploying security solutions that allow employees to utilize tools without compromising the network security.
3. Free Use of Personal Apps and Services
Whether the device is personally owned or provided by the company, employees should be able to use their personal apps and services. Blocking an employee from storing their personal information with a cloud service provider is significantly different from ensuring corporate data does not end up in the public cloud. IT teams should focus on controlling data rather than controlling devices.
4. Offer Self-Service Support for Everyday Activities
There is a common notion that mobile devices will result in an increase in support costs – however this is a misconception. Conversely, if the IT teams provide a self-service capability, particularly for routine activities, it usually results in decreased in support costs. IT teams should stop short of supporting personal apps and services, but should invariably offer to assist with supporting business apps.
5. Support Wide Range of Devices
For the mobile workplace program to be widely adopted, the program should support a wide range of devices. Though challenges may arise, such as Android’s variability regarding support for on-device encryption and other enterprise-level security and management controls, the overall benefit is net positive.
The Future of Remote Working
The current trend towards remote working is expected to become even more prevalent in the future. With the right practices and controls in place, employee productivity can be maximized, without putting the security of the network at risk.
If you would like to learn about the advantages and limitations of mobile workplaces, and find out how to develop a strategy for mobile workplaces with the help of VPNs, please download our free eBook “Home Offices Made Easy”.
Author: Hazel Farrugia
Remote access via virtual private networks (VPNs) is a major technological advancement reshaping organizations worldwide, including educational institutions. The IT solutions of all educational institutions, ranging from primary schools to universities, face unique challenges in order to provide a more advanced learning and working environment, while also maintaining security requirements and optimal IT efficiency.
Common Applications in an Educational Institution:
Educational institutions require numerous IT applications, which are managed by the network support teams. These include:
- email accounts for students and faculty
- secure email access
- intranet set up and functionality
- web and mail services
- storage and management of sensitive data
- online examination management and results posting
- secure intra-departmental data transfer
- secure remote access to server rooms and on-site data centers; and
- maximum security levels preventing hacker attacks, and enabling secure login and sensitive information transfer
In addition to providing a secure mechanism to access the above list of necessary applications, IT administrators are also responsible for minimizing network downtime, monitoring uptime, and keeping service costs under control. In order to provide this, remote access technology is the optimal solution.
Reasons for Using Remote Access:
1. 24/7 Accessibility
Remote access through VPNs provides cost-effective 24/7 data access to students and staff from anywhere.
2. Reduced Security Concerns
VPN technology allows secure remote access to educational resources and individual desktops for faculty and staff members through encrypted connections, via Web Secure Proxy and secured authentication methods.
Innovative remote access solutions implement a security strategy that also includes firewalls, anti-virus software and intrusion prevention services to protect vital and sensitive information within the network.
3. Reduced Investment in Technology Infrastructure
Due to the potential for mechanical failure, hardware solutions are prone to break downs. Initial costs and costs to repair cause hardware solutions to be significantly less viable than pure software solutions. Additionally, software solutions enable IT administrators to resolve several problems remotely, thereby further reducing costs and resource use. The implementation of a software based solution has the additional benefit of optimizing existing server resources, which reduces total cost of ownership.
4. High Availability
Access from the client requires a Web browser only. This allows for specialty software applications to be made more readily and widely available to the students, staff and faculty. This high application availability allows for e-learning programs and superior online delivery methods after school hours.
The total enrollment in public and private postsecondary institutions increased 47% between 1995 and 2010, and a further increase of 15% is expected between fall 2010 and fall 2020. The growth in the number of students attending educational institutions puts network administrators under pressure to increase the amount of PCs and network facilities in order to accommodate their staff and students. An increase in terminals necessitates an increase in the number of servers; since these servers are the pillar of the institution’s Network, it is important that they be consistently reliable, as network downtime implies an interruption of essential services.
High-quality VPNs allow for workload balancing of cluster servers, meaning the division of a computer/network’s workload between two or more computers/servers. This process facilitates the system’s optimum performance, which results in faster data access. Load balancing also prevents failover, which occurs when a user cannot access a database in a cluster - either because they cannot access the database itself or they cannot access the database server.
A VPN is highly scalable and supports many different platforms. VPN technology provides remote access via any device, such as desktop computers, notebooks and tablets, and all operating systems are supported, including Microsoft Windows, Apple MAC OS X, and Linux. In addition, this technology allows educational institutions to purchase resources as needed. If the institution experiences significant growth, it can easily increase the capacity of their remote access solutions. Conversely, if their needs decrease, they can scale down.
6. Single Sign-On
Single sign-on is a capability that enables secure authentication across many services with only one password. It allows users to be logged into multiple services once the user has signed in to one. Single sign-on streamlines the authentication process for the user, while simultaneously protecting the institution’s resources.
Remote access technology has proven beneficial to several organizations as it optimizes resources, decreases administrative costs, increases productivity and enhances the learning process. Today, remote access technology for educational institutions is considered an essential part of a comprehensive IT security infrastructure.
Author: Hazel Farrugia
On June 17-18, 2014 HOB will be exhibiting again at the F5 Agility Roadshow in Copenhagen, Denmark! At the end of April we went Down Under to Australia to present our software solutions to the Asian Pacific market. This time, we will make a shorter journey to Copenhagen where we will attend the F5 Agility Roadshow for a second time as a Gold Sponsor.
At the HOB booth, we will be presenting exciting live demos of our software solutions. One of the many highlights will be the presentation of HOBLink JWT for F5® BIG-IP Access Policy Manager® (APM), which is the result of a technology partnership with F5. HOBLink JWT is a scalable solution that provides all F5 BIG-IP users a Remote Desktop Client which enables communication with Microsoft Windows Terminal Server with Remote Desktop Services.
Our proprietary and high performing Remote Desktop Protocol is platform-independent and requires no client-side installation. This reduces IT administration efforts and total cost of ownership. This purely software-based solution allows enterprises to leverage existing physical and virtual IT infrastructure investments while ensuring security.
We’re already looking forward to presenting our latest innovations to the Copenhagen audience and engaging with other IT experts!
If you can’t make it to Copenhagen, don’t worry! To learn more about the HOB and F5 partnership and HOBLink JWT visit the combined solution website. Here you can also find the product data sheet and configuration guide.
Alternatively, you can also come visit us at the next F5 Agility event in New York City on August 4 – 6, 2014. We hope to see you in Copenhagen!
F5, BIG-IP, and Access Policy Manager are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. The use of the words “partner,” “partnership,” or “joint” does not imply a legal partnership relationship between F5 Networks and any other company.
Remote access through a Virtual Private Network is essential when an organization’s operations have been disrupted. WAN clustering allows business continuity in the event of a natural disaster or cyber-attack.
As the majority of mission-critical business processes are IT-based, companies and institutions are becoming increasingly dependent on the availability of their digitized information in order to maintain functionality. The ability for a network to recover from a disaster is a function of its hardware and software architecture.
In today’s business environment, server clustering is essential to providing the high availability and scalability of services that are required to support 24/7 operations. Clustering increases the reliability of Internet-based systems because it eradicates several of the single points of failure that are possible in a single server system.
WAN clustering, also called geoclustering or remote clustering, is a network architecture through which multiple servers and other computing resources housed in different geographical locations form, what appears to be, a single, highly-available network. WAN clustering can be used for almost any computing resource, including mainframes, file servers and software application stacks.
Benefits of WAN Clustering
WAN clustering allows business environments to run operations uninterrupted and maximize employee productivity by ensuring information assets are available anytime, anywhere – a substantial competitive advantage.
Compared to server clusters which are not geographically distributed, WAN clustering’s main advantage is that applications are always available. Even in cases of extensive regional disaster whereby entire processing centers are destroyed, servers in the cluster continue running, with little to no interruption.
The ultimate goal of WAN clustering is to support enterprise business continuity, by providing location-independent load balancing and failover. Business continuity, defined as the ability to do business under any circumstances, is a vital to a company’s success. It aims to prevent problems before they happen, and in the case that they do, it ensures that there are the necessary tools and protocols in place to reduce the damage.
Formerly, stored data was connected to servers in very basic configurations: either point-to-point or cross-coupled, whereby the failure or maintenance of a single server often made data access impossible for a large number of users, until the server was back online. More recent advances, such as the storage area networks and cloud computing, make any-to-any connectivity possible among servers, data storage and other systems. Usually, these networks utilize several paths between the server and the network, each consisting of complete sets of all the components involved. A failed path can result from the failure of any individual component of a path. IT teams employ multiple connection paths, each with redundant components to avoid single points of failure, helping to ensure that the connection is still viable even if one or more paths fail.
Disrupted Communications and the Virtual Private Network (VPN)
When disaster strikes, disrupted communications inevitably ensue, rendering the normal operational tasks unavailable. However, workers can generally perform several tasks using remote access solutions such as a virtual private network (VPN).
Recovery options are extremely limited if applications and servers are not accessible via remote access or VPN service, since one may need to temporarily locate recovered users away from the server environment. A high-quality VPN facilitates safe, effective and cost-efficient WAN clustering – an architecture critical for organizations with offices around the world.
The Recovery Process
The functions of a particular server or entire network location are taken over by any server(s) at a different location should one server or network location becomes unavailable for any reason, such as scheduled down time, hardware or software failure, or a cyber-attack. This process occurs automatically, so that the procedure is as seamless as possible to the end user. A 2013 study on data center outages conducted by Ponemon Institute reported that 91% of the companies investigated had experienced an unplanned data center outage in the past 24 months; in cases of server downtime, WAN clustering makes business continuity possible.
The recovery process can apply to any aspect of a system, such as protection against a failed processor, network connection, storage device, Web server, as well as protection against locally limited natural disaster effects, such as flooding or blackouts.
Fundamentally, business continuity ensures a business can endure any emergency or disaster by safeguarding a company’s greatest assets: its employees and its data. The concepts of high availability and disaster recovery are made possible by WAN clustering, which relies on high-quality VPNs.
If you would like to learn more about WAN clustering, and explore how VPNs can help to create optimal WAN clustering solution for one’s needs, download this free eBook:
Effective WAN Clustering Relies on High-Quality VPNs
Author: Hazel Farrugia (Link to LinkedIn)
More and more, “work” is being defined as something people do, rather than the place people go. Today’s organizations are shifting away from the usual nine-to-five workday, and progressing towards the trend of remote working (also called telecommuting). Remote working enables organizations to gain a competitive advantage from higher productivity, better work-life balance and decreased costs.
However, IT teams frequently face several problems related to mobile workplace deployments. The most common pitfalls are:
1. Ignoring Common Threats
Security risks posed by malware have been on the top agenda of many security teams; however, a more frequent threat nowadays is mobile phishing. Phishing occurs when identity thieves collect user information such as name and password, Social Security number, date of birth, ATM PIN or credit card information, for use in committing fraud or other illegalities. Since it is more difficult to identify fake URLs on a mobile device, it is more likely that remote workers will succumb to a phishing scam, than their in-office counterparts.
2. Taking a One-Size Fits All Approach
Managing mobile device security is more limited, and normally exerts a level of inconvenience for users. For instance, mobile virtualization can allow users to work remotely without any data on their devices; however this may be overkill for the employee who simply wants access to corporate email.
3. Failing to Educate Users
As more organizations adopt the mobile workplace strategy, managing the employees who use mobile technology has become more arduous. IT teams should educate employees to participate in keeping corporate data secure.
4. Assuming Users will Follow Security Policies
The organization should draft, write and implement comprehensive and reasonable security policies to efficiently manage and protect information. IT teams should focus on protecting the company's highly-sensitive information assets, rather than the devices used by remote workers themselves. IT teams must also educate users on why it is important for them to follow the policies put in place.
For any business which has implemented a remote workforce strategy, or those wishing to deploy such a strategy, it is important that IT teams overcome these problems in order to protect the company’s resources.
If you would like to learn more about mobile workplaces, and find out which security issues need to be addressed, you can download our free eBook “How VPNs Help Providing Secure Mobile Workplaces”.
At the end of last year, we conducted a survey of more than 200 CIOs and CTOs in the U.S. The survey quantified the trends and challenges IT decision makers experience when implementing remote access solutions and revealed that remote access solutions are still gaining momentum, despite the associated security risks. Below you will find a beautiful infographic that summarizes the main findings of our survey.
The complete statistics and results of the HOB survey are now also available as a free ebook. “The State of Remote Access Security in the U.S.,” and many other ebooks can be downloaded from the HOB website.
As a gold sponsor of RSA 2014, the HOB team was fortunate to be at the epicenter of all things IT security. Not only were we able to showcase our own contributions to the industry, RSA was an opportunity for us to join the conversation of IT security experts discussing trends and debating the future of the industry.
As part of our RSA recap, we’d like to share 5 trends we observed during the conference:
Although an atmosphere created by the exposure of NSA activity, and its subsequent fall-out, is to be expected at any IT security conference, this was especially true at RSA. Prior to the conference, Reuters reported that the RSA organizer was engaged by the NSA and was responsible for creating loopholes for the agency. As a result, several digital security experts declined to attend and speak at RSA. In opposition to this movement, Stephen Colbert, who gave the closing remarks, called Snowden, “practically a war criminal,” and encouraged the American people to take responsibility for their actions:
"We all deserve credit for this new surveillance state that we live in," he said, "Because we the people voted for the Patriot Act. Democrats and Republicans alike. We voted for the people who voted for it, and then voted for the people who reauthorized it, then voted for the people who re-re-authorized it."
Corporate firewalls with authentication services from the past created the notion of corporate security as an island fortress. The more remote the island, the more secure the company. Today, the prevalence of BYOD has created several bridges to that island, and the workforce is eager to make use of these bridges. At RSA, we saw that IT admins are less inclined to manage multiple security vendors and systems.
Along this same thread, enforcing security policies in the cloud was also heavily discussed at RSA. Overall, companies were looking for a mix of private, hybrid and public cloud services, whereby some applications remain stored in corporate data centers and others housed in a public cloud.
The many security breaches that occurred in 2013 sparked the discussion about which team – admins or hackers – is winning the security match. The several billions being spent on IT security didn’t prevent severe attacks on Target, Neiman Marcus and Snapchat, to name a few, and thousands of people suffered as their personal data was exposed.
In order to combat malicious hackers, we saw a trend toward the application of big data to IT security. The use of massive amounts of data could enable the early detection and removal of security breaches.
Which IT security trends did you discover at RSA 2014? Let us know in the comments!
From primary schools to universities across the country, educational institutions are increasingly leveraging technology in order to provide a more advanced learning and working environment. For example, secure remote access has significantly helped educational institutions optimize resources, keep administrative costs down, increase productivity and enhance the learning process. It has been gaining wide acceptance and is now considered an essential part of a comprehensive IT security infrastructure.
Secure remote access continues to benefit educational institutions in a number of ways, including:
Reduced Investment in Technology Infrastructure
Software-based remote access solutions enable the educational institutes to effectively decreasing their costs. Thus, the solutions fit perfectly into their existing IT infrastructures – without the need to invest in additional hardware. Secure remote connectivity optimizes existing server resources and reduces total cost of ownership. It can make the use of incompatible systems (e.g., Windows vs. Mac) a seamless interaction.
With secure remote access to campus PCs and computer labs, students can access course materials, files and software applications anytime from any location on or off campus via an Internet connection. This extends the classroom beyond campus buildings and hours and accommodates students interested in e-learning and distance learning. In addition, secure remote access services provide a level of convenience as students can use their preferred PC, laptop, tablet or mobile device.
Reduced Security Concerns
Many education institutions experience thousands of data breach attempts every day. According to the associate dean of research policy at University of Wisconsin, Bill Mellon, the amount of attempts to penetrate university systems has reached up to 100,000 per day. With that said, it is vital that universities implement remote access solutions as part of a security strategy that includes firewalls, anti-virus software and intrusion prevention services.
Ability to Quickly Scale Services to Match Demands
Many secure remote access solution providers allow universities and schools to purchase resources as needed. For example, if the institution experiences significant growth, it can easily increase the capacity of their remote access solutions. In an opposite circumstance, they can scale down services if their needs decrease.
Over the past few years, secure remote access has gained significant momentum in many industries, including education. Secure remote access has easily become an essential part of a campus-computing infrastructure that has the power to solve countless problems for universities and schools.
Readers, have you implemented a secure remote access solution for your education institution? Please share your experiences in the comments below.