NOVEMBER 2012 VOLUME 18 ISSUE 11
MIGRATING TO IPV6
BLUECAT NETWORKS EXPLAINS HOW TO MOVE FROM IPV4 TO IPV6 P51
TOP NETWORK TECHNOLOGIES OF 2012
“IT professionals will continuously need to battle and handle the issue of DDoS. What is worrying is that there are no network layer controls, which really is the key to avoiding DDoS attacks.” NICOLAI SOLLING p26
BYOD, CLOUD AND BIG DATA WERE THE BIG TALKING POINTS AT GITEX 2012 P38
DDOS ATTACKS: THE IMPACT
DDoS experts explain how to try to prevent DDoS attacks and what the impact is of an attack on an enterprise P26
SOCIAL MEDIA MONITORING
GARTNER SHOWS WHY COMPANIES MUST THINK OUTSIDE THE BOX P23
SOLVING STORAGE HEADACHES:
RED HAT SAYS UNSTRUCTURED DATA IS BOOMING IN THE REGION
NS r IO i ou UT ba at OL E r Du us R S NC be el, sit E RE m ot Vi NT NF ove h H CE O 0 N eac C TA -2 B DA 19 irah e m Ju
Almost £90 million in server room research. Now yours is FREE!
The Advantages of Row and Rackoriented Cooling ArchitecturesDeploying r H a Low o f e for Data Centres r -Dens igh-Densit u y ity Da itect ensity h c r ta Cen Zones in A -D White Paper 130 tre oved cy, High r White p Paper Po 134 An Im-Efficien by Kevin Dunlap and Neil Rasmussen s h Ma wer e g by Neil Ra Hi nt Centr smus na an sen an e d Vict or Avel ge d C iciata ar fD 26 me oo Ef hite Paper 1 Wh y nt ling ite W g r Pa for C Contents e p ssen u b er y n Executive summary > Da apa Ne il Rasm e 1 E N 50 il R by as > Executive ta tents mu Con it ng sse summ Ce city n ary n s nt e tre Conte ers nts m n mary ple Ce sum ts e v > Ex Im ata en ecuti x t E ec n > 14 ut Co D ive r1 s pe Revision 1
Revis ion 1
Re vis ion
Click on a section to jump to it
e hit 1 W evision R
n se us m as il R Ne
it Latest generationjum high p to density and2variable density IT ion to equipment sectcreate conditions that traditional data on a Click room cooling was never intended 3 center to address, n go? uc resulting intio cooling systems werthat are inefficient, unpreIntrod e po th l 5 dictable, and low Row-oriented and es alin power density. re 2 re do cooling architectures cent rack-oriented have been develWhe data it ed orld- s3 iz to oped to address these problems. This paper contrasts w tim p 7 ture t-hour op e ctur jum truc room,An row, and rack architectures and shows why rowat ite wer- 5 intofras egaw arch olinctigon ,000 m work po oriented cooling will emerge asesthe preferred solution on to oach d co s,0 ul pr s ris e 00 ef an 17 us mpageneration mou public for mostCo next wer 60 nal ap data centers. nno na nt t e tt or er po ore than entio does an en r 7 ko tio th cent conv wa gnifinca ees lic that ucesents a a othe rib n Data wastes m tricCity er d fis si de on to oaches repr 18 ec r ptioscipmta cent t , ando paris tro pr wide ar of el ent. This In stry lueis pape Com osed ap 9 en um blque da limits per ye equipm en on indusuee.vaTh lyoav n ipm ns aiITlae dayioto ance 20 prop is u t y of d to pnc in rform ing IT cial burd ental Thmercigaly c en te q pe 2 n e al 1 ie I m m r em tic y tio al effic finan y environmnew, co im su CP 21 Prac nepl uctr r g ns ic n a be E e D lic n 3 o of at ca 1 po c in edec en tio ples lusion th ove the rel gy n all uc princi cture Conc pr er tio er ed g itea ly im ch E n duc ar ov n r ces sin datatical s. l ur e a a io r t e oram nt re ic Reso cr ) dr f ta ct m p ceugh e a in u r o O da n . n th r P ns io e a (TC uce rs th infra ture co lus m c s nc co hip red nte al ite ce Co be ers lly ce ysic ch y ur ve wn ica ta h ar icit can so ha o at da r p IT ctr t Re ts of m al te he le tha os cost dra ypic cen of t he e ds n. c t ho io e l t o t ta n ag tota le n of e da esig tify et pt s ib m m u e s io h d an f u ity th os pt f t e u o ns ric f p m o th o q les o ct n o It is nsu ign gh w t p er c Ele actio rs. l co des hrou s ho xam ow fr nte rica iate d t in es e al p ce ct pr e an xpla vid tric ele pro tur er e pro elec ap ruc ap nd ce st is p gs a edu Th vin ly r s a eat gr
Room,Ne row, and rack-based w br 2 ea cooling allarchitectures ow fo kthroughs in po contain r a simple and ra wer and co ed Benefit of cooling lowcomparison pid de oling 7 -den high-de te architectures high- sity data nsity zone ployment of chnology de s ce operat nsity zone nter. The within an ex selfindep s ion allows Special issuesof hig 13 tive im ende isting or for pr hedictab nce of th new powe pact on the density eq ese le uip r Conclusion these and cooling performan 18ment with and reliable ce of ex highou density infrastruc electr isting t a nega tu 19. ica Resources A side low-den ance on l efficien zones oper re sit cy be able op planning than conv ate at muc nefit is th y at h hig en eration design, imple tional desig her of hig ns. Gu h-dens mentatio idity zo nes is n, and pred provide ictd.
n to jum
p to it The pr densityoblem: unma naged high The so Hig 3 h ion zonecas lut : highd e density p un ab nsit Zoune ma ility o y IT n 4 n cont f m equ ge me str expe aain d ntodme ipm u c rAd tu alted proli ernthdodesnt ed ditcion fer unfit re inhigphs 6 a anbene d s c rode a zo ta c tres b nsity s ne e req d coo ancy ludin lem tio s n o nter es th .T li uirhous op Ins. In e he g ov with f this 12 ed negvs deplo ndab -a erh po sta pow to enca.pve Th tim e iz ym il ss e a or w q e an is pa e us enstu bilit ity toistaed tin er a uipm llatio r de d c Repale o re y a g, 13nd en n a ns m e tim pr t th ea ov ity ohig ft t c n oli h-r de e ma dic e r sur erlo ooli can d e pgeeme ngdens scity hna ng le a nt r e a t of c ca ib zo h pa es neysic able k e and ds, a inf ad t Conc r n p lusioncity the al in pe nc16 lo d a- o r ma prin fra rfor sur edic los s e m s t na c Resour ge iple truc anc leve pow of ces l me s f t17 e e u is r nt or a re re and Appe . c ndix A s 18hiev our ing ce. po we 19 r
Co nt ck on en as ec ts ti
Int Ba Ca Sy Ma
gin ca em Mo pa gc an 2 cit ap fo nito d ies r IT rin ac ity de g p 4 vic ow es e r lus 6 an Re ion dc so oo ur 9 lin ce g s Co
13 15 16
'Implementing Energy Efficient Data Centres'
'An Improved Architecture for High-Efficiency, High-Density Data Centres'
'The Advantages of Row and Rack-Oriented Cooling Architectures for Data Centres'
'Deploying High-Density Zones in a Low-Density Data Centre'
White Paper #114 00 £
White Paper #126 00 £
White Paper #130 00 £
White Paper #134 00 £
'Power and Cooling Capacity Management for Data Centres' White Paper #150 00
FREE! 152 FREE! £
Download FREE APC White Papers to avoid the most common mistakes in planning IT power and cooling Have a plan for your data centre We talked to thousands of customers from Baltimore to Beijing and saw the good, the bad, and the ugly measures customers took in their data centre planning. In many cases, turnover and budget cuts resulted in no plan at all.
Get the answers you need and avoid headaches tomorrow Do you and your staff know the top ten planning mistakes to avoid? The easiest way to improve cooling without spending a dime? Find these answers and more – in our latest selection of white papers. Take advantage of our valuable research today and save yourself money and headaches tomorrow.
Bring your business card + this ad to our event and enter the lucky draw to WIN an iPad3! Visit www.apc.com/promo Key Code 26800p Call 0845 0805034 s &AX 0118 903 7840 ©2012 Schneider Electric. All Rights Reserved. Schneider Electric and APC are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are the property of their respective owners. www.apc.com s 998-1764_ME-GB_A
Editorâ€™s Letter: BYOD and big data were hot topics across the board at GITEX Technology Week 2012
3 Network News: All of the hardest hitting news from the network industry
23 The importance of social media/ CRM monitoring: Social networks, blogs 11 Top 4 new network technologies in 2012: Regional and international experts discuss new network technologies, such as governance, risk and compliance and mobile application management, and what they mean for enterprises.
and microblogs provide mechanisms for mass communication and coordination with high levels of visibility to a global audience.
25 Solving IT storage woes in the Middle East: Scale-out storage: George DeBono, general manager, Middle East & Africa at Red Hat says unstructured data is booming in the region
47 Cloud impact: The implications on network cabling: Shibu Vahid, head of Technical Operations, R&M Middle East & Africa shares his insight into cloud and cabling.
49 Two-factor authentication is vital to secure access: Two-factor authentication is vital to secure access
26: DDoS attacks: The impact DDoS experts explain how to try to prevent DDoS attacks and what the impact is of an attack on an enterprise
38: Gitex review 2012 BYOD, cloud and big data all were talking points during GITEX 2012. Top UAE and global companies talk those trends.
Migrating to IPv6: Richard Hyatt, co-founder and CTO, BlueCat Networks explains the move from IPv4 to IPv6
Network security news: All of the latest security news this month
Last word: Guitar hero: Nicolai Solling, director of technical services at help AG talks us through his day
November 2012 Vol.18 No.11
PO Box 500024, Dubai, UAE Tel: +971 4 444 3000 Fax: +971 4 444 3030 :HEZZZLWSFRP Offices in Dubai and London ,737(&+12/2*<38%/,6+,1* &(2 Walid Akawi 0DQDJLQJ'LUHFWRU Neil Davies 0DQDJLQJ'LUHFWRU Karam Awad 'HSXW\0DQDJLQJ'LUHFWRU Matthew Southwell *HQHUDO0DQDJHUPeter Conmy (GLWRULDO'LUHFWRUDavid Ingham
ot topics in the networking space at this yearâ€™s GITEX Technology Week included the Bring Your Own Device trend. While this topic has been hammered out many times over the last year, is seems that with the debut of Mobile Device Management and the newer Mobile Application Management software, companies are becoming more and more willing to accept the risk of allowing strange devices onto the network. However, while these software solutions do go some way towards mitigating the risk of allowing personal devices onto the corporate network, there is still good old-fashioned human error, that is pretty much guaranteed to bypass any software solution. Dell SonicWALL suggests that the best way to go the extra inch towards making BYOD risk free is to supply those smartphones and tablet devices that every employee is dying to use. Meaning that the company can install the correct anti-virus software and controls onto the device before giving it to the employee, who can then access their own personal content with relative freedom. Another upside of this is that the company
is likely to get a discount on the price of several hundred smartphones or tablets and will certainly get a better deal than the individual consumer. But what happens then? Which employees do you give those devices to and how many enterprises can afford or even want to factor in the purchase of a few hundred, or even a few thousand tablets and smartphones into their purchasing budget for the year? One can argue that the cost of a tablet or smartphone is far lower than the cost of losing enterprise data through a threat brought into the company via an unsecured device, or through the loss of an unsecured device, but again, how many companies are willing to go that far? If a company can afford to buy tablets and smartphones for their workforce, then it does seem to be the best idea, as then the IT department knows al the devices and does not have to worry about unsupported devices accessing the network. But then there is the problem of employees, particularly those in top managment positions, who may want to use their own personal device at work, and who is going to say no to the company CEO?
(',725,$/ (GLWRU Georgina Enzer Tel: +971 4 444 3316 email: firstname.lastname@example.org 6HQLRU*URXS(GLWRU Mark Sutton
Another hot topic at GITEX 2012 was big data as related to the growing adoption of smartphones, tablets and other personal devices. Interestingly, according to Oracle, the adoption rates of these devices in the Middle East region greatly exceeds the adoption rates of personal electronic devices in Western markets, with the UAE and Saudi Arabia at the top of the adoption rate chart. This means that enterprises in the Middle East region are going to have to learn how to take advantage of the big data boom, instead of ignoring it, and introduce in-depth analytics and business processes so that they can extract important, actionable business and customer trend information and data from this rapidly rising flood of data. So, what does the rise of BYOD and the related data flood mean for companies? It means that they are going to have to get on board with BYOD fast and realise the value that these devices and the data they produce can be to large businesses through the correct use of business analytics. GEORGINA ENZER Editor email@example.com
Do you receive Network Middle East every month? To subscribe, please visit www.itp.com/subscriptions
$'9(57,6,1* 6DOHV'LUHFWRU George Hojeige Tel: +971 4 444 3193 email: firstname.lastname@example.org $GYHUWLVLQJ0DQDJHUNayeem Dakhway Tel: +971 4 444 3482 email: email@example.com 678',2 +HDGRI'HVLJQDan Prescott 3+272*5$3+< +HDGRI3KRWRJUDSK\ Jovana Obradovic 6HQLRU3KRWRJUDSKHUVEfraim Evidor, Isidora Bojovic, 6WDII3KRWRJUDSKHUV Lester Ali, George Dipin, Murrindie Frew, Shruti Jagdesh, Mosh Lafuente, Ruel Pableo, Rajesh Raghav 352'8&7,21 ',675,%87,21 *URXS3URGXFWLRQ 'LVWULEXWLRQ'LUHFWRU Kyle Smith 'HSXW\3URGXFWLRQ0DQDJHUBasel Al Kassem 0DQDJLQJ3LFWXUH(GLWRU Patrick Littlejohn 'LVWULEXWLRQ([HFXWLYH Nada Al Alami &,5&8/$7,21 +HDGRI&LUFXODWLRQDQG'DWDEDVHGaurav Gulati 0$5.(7,1* +HDGRI0DUNHWLQJDaniel Fewtrell (YHQWV0DQDJHU,73%XVLQHVV Michelle Meyrick 'HSXW\0DUNHWLQJ0DQDJHU Shadia Basravi ,73',*,7$/ 'LJLWDO3XEOLVKLQJ'LUHFWRU Ahmad Bashour Tel: +971 4 444 3549 email: firstname.lastname@example.org *URXS6DOHV0DQDJHU,73QHW Vedrana Jovanovic Tel: +971 4 444 3569 email: email@example.com ,QWHUQHW'HYHORSPHQW0DQDJHU Mohammed Affan :HE$GYHUWLVLQJ0DQDJHU Meghna Jalnawalla ,73*5283 &KDLUPDQAndrew Neil 0DQDJLQJ'LUHFWRU Robert Serafin )LQDQFH'LUHFWRU Toby Jay %RDUGRI'LUHFWRUVMike Bayman, Neil Davies, Rob Corder, Robert Serafin, Toby Jay, Walid Akawi &XVWRPHU6HUYLFH7HO Printed by Khaleej Times Controlled Distribution by Blue Truck Subscribe online at www.itp.com/subscriptions The publishers regret that they cannot accept liability for error or omissions contained in this publication, however caused. The opinions and views contained in this publication are not necessarily those of the publishers. Readers are advised to seek specialist advice before acting on information contained in this publication which is provided for general use and may not be appropriate for the reader's particular circumstances. The ownership of trademarks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system or transmitted in any form without the permission of the publishers in writing. An exemption is hereby granted for extracts used for the purpose of fair review.
Network Middle East is audited by BPA Worldwide. Average Qualified Circulation 5,130 (3 month audit May to Jul 2012).
Published by and ÂŠ 2012 ITP Technology Publishing, a division of the ITP Publishing Group Ltd. Registered in the B.V.I. under Company Number 1402846.
November 2012 Vol.18 No.11
Kim Fagernas from Stonesoft says that enterprises can manage all their security through the Security Engine.
Stonesoft unveils Security Engine Products Stonesoft showcased its Stonesoft Security Engine at GITEX 2012. The security device is designed to change how network security is delivered by combining all needed security capabilities and performance improvements into one piece of hardware. “As an end user, you might have a physical world and a virtual world and you might go to cloud computing, you should have one console, one place for all this and one of our very big strong points is the Stonesoft Security
Engine, because you can manage everything through one console which results in cost savings for the company,” said Kim Fagernas, vice president EMEA, APAC and channels, Stonesoft. Stonesoft is also currently melting the previous firewall and the previous IPS into one software so the company will have one subset of software where the end user can select the characteristic of their network elements, such as IPS or next generation firewall or layer 2 firewall or UTM machine. “From an end user point of
view, all organisations are in the situation where they have to make some changes and when they make the changes they can on the fly change the characteristic of this particular appliance they have,” said Fagernas. “Many of our competitors in network security have static products, meaning that they are compromising the software, the security with throughput because they have partially the throughput hardware coding it and in our case we are talking about a dynamic world and everything is software based.”
Performance and Protection with
The Most Comprehensive UTM in the Market Consolidation without Compromise
Built-in wireless controller Built-in 2 factor Token authentication Built-in Dyn DNS Built-In SMS Service Wan Optimization and web caching IPSec and SSL VPN BYOD Enabled Life Free cloud reporting 3G / 4G Ready DLP & Traffic Shaping
Red Hat updates Daman’s operating platform Business Red Hat has announced that the UAE’s specialised insurance company, Daman has migrated to the Red Hat Enterprise Linux operating platform. Daman handles more than 1.4 million medical claims each month, with an estimated 20 million IT related transactions daily. To increase efficiency, improve control of information, and reduce the overall cost of information management, Daman opted for an enterprise content management application, which was deployed on a proprietary operating system. However, as the system did not integrate well with the rest of its open source
IT infrastructure, the company decided to migrate to Red Hat Enterprise Linux. According to Red Hat, the migration was fast and efficient, with little impact on regular business operations. Daman experienced a number of benefits from the migration to Red Hat Enterprise Linux. These include the standardisation of systems in accordance with the organisation’s long-term IT vision, ease of maintenance, and stability and robustness even when dealing with large volumes of requests. Since its establishment in the region, Daman has been a strong advocate of open source technology and has invested
heavily in developing the necessary skill sets to carry out complex implementations and maintenance of such systems within the organisation itself. “We prefer to opt for open source technology whenever possible and applicable. So, when undertaking new IT initiatives we evaluate the solutions which best align with this long-term IT strategy,” said Ramzi Rahal, director of IT at Daman. “The platform running the enterprise content management system clearly did not fit well with the rest of our enterprise IT infrastructure, so we decided to migrate this component to Red Hat Enterprise Linux.”
Leader of Gartner’s Magic Quadrant 2012
November 2012 Vol.18 No.11
Dell Wyse is discussing thin and zero client implementation with several companies in a range of verticals.
Stop DDoS attacks with FortiDDoS
Dell Wyse puts the desktop on a diet Products Dell Wyse launched its Dell Wyse P25 and P45 for VMWare view in the Middle East region at GITEX Technology Week 2012, as well as its Xenith 2, a new â€˜zeroâ€™ client for Citrix. The Dell Wyse P25 and P45 are designed for demanding apps and the P45 can support up to four hi-resolution monitors and is designed for the oil and gas, command and control and mass transport industries. According to David Angwin,
marketing director, EMEA, for Dell Wyse, the cloud computing and virtualisation sector is still very young in the region. â€œOur clients in the region have been using Wyse for a decade, and in the last two years there has been a real uptake in cloud and virtualisation in the UK; the UAE is a bit behind, but we are definitely seeing an acceleration in uptake,â€? said Angwin. While at GITEX, Angwin said that he has been talking to a number of companies across
a range of verticals that are interested in implementing zero-client or thin client technologies as they approach a desktop refresh. Wyse was acquired by Dell in May 2012 and is part of Dellâ€™s end user computing division. Its solutions support the deployment of centralised infrastructures, whereby processing and storage is taken away from the end-usersâ€™ desktop and shifted wholly or entirely to the server.
Riverbed develops software integration Business Riverbed Technology has integrated the Riverbed Stingray Traffic Manager, its software and virtual application delivery controller (ADC), with VMware vFabric Application Director, a hybrid cloud application provisioning solution. This solution combines Stingray Traffic Manager software application acceleration capability with VMware vFabric Application Director automation, which is designed to allow customers to create application blueprints that can be used to provision and scale multi-tier applications, faster and smarter in a hybrid cloud environment.
These application blueprints can use application delivery features of Stingray Traffic Manager software for a higher level of application portability across cloud services and repeatable deployments of selected applications with standard deployment settings. VMware vFabric Application Director, a cloud application provisioning solution for hybrid clouds,is designed to simplify creating application deployment topologies that are portable across private, public, and hybrid cloud environments through the use of application deployment blueprints. With the integration of Stingray
Traffic Manager software with vFabric Application Director, application architects within IT organisations can now choose to accelerate and load balance their enterprise applications in the cloud. The solution is available on VMware Cloud Application Management Marketplace beta. The marketplace allows VMware partners, customers, and end user communities to develop and publish application blueprints that are truly portable across clouds. This gives application and infrastructure teams the flexibility, freedom of choice and a collaborative environment for implementing a forward looking IT strategy for cloud application
platforms are dedicated appliances that are designed to detect and help protect against todayâ€™s most damaging and sophisticated DDoS attacks t4IJFMEBHBJOTU%%P4BUUBDLT t0 WFSDPNFTGJSFXBMMBOE IPS limitations t'VMMUSBOTQBSFOUNPEF t4FMG-FBSOJOH t4DBMBCMF1SPUFDUJPO t$MFBOQJQFBOEIJHIFS OFUXPSLVUJMJ[BUJPOT *VU[HJ[\ZMVYTVYLPUMVYTH[PVU VUMVY[PUL['ZLJ\YL^H`HL
SETTING THE STANDARD IN FACILITIES MANAGEMENT
TOTAL FACILITIES MANAGEMENT SOLUTIONS Built on the principles of ‘Care and Continuity’, Idama provides total facilities and infrastructure management solutions to iconic developments in Dubai, totaling more than 75 million square feet of built-up area. We focus on ensuring continuity of operations and optimizing costs for our clients, thereby supporting them in enhancing theiro brand value and maximizing their return on investment. Facility Energy Management Sponsor FM EXPO 2012
November 2012 Vol.18 No.11
Romina Stroeymeyte from Gemalto says the eGo device can be used to authenticate the user over multiple services.
Gemalto showcases eGo Technology Gemalto showcased its eGo authentication system at GITEX 2012. The eGo authentication device is a personal authentication device that so small that it can be integrated into any personal object, a watch, belt, pair of shoes or even jewellery. The eGo device must be worn by the user at all times for it to work. â€œeGo is a wonderful object that allows people to authenticate themselves and access multiple services,â€? said Romina Stroeymeyte, business innovation director at Gemalto.
The eGo authentication device contains the userâ€™s personal authentication information, such as personal and payment details. When a user touches a doorknob, or car door for example, the eGo device connects to an eGo compliant reader within the car door or doorknob and transfers the userâ€™s credentials, which are then checked by the reader via high speed wireless communication and body coupling technology. Once the user is authenticated they will be able to access the car or door. eGo can also be used to make payments, use loyalty cards
for shopping, to play video games and also to board airplane. A user can own multiple eGo objects that will be synchronised with the same apps and information automatically. The eGo device is protected by two factor authentication and a user signs into the device in the morning using a secret that only they know. The user remains logged on until the eGo device is detached from their body. If the device is stolen, it can be remotely blocked and the chip used in the device is certified with a high level of security and all wireless exchanges are encrypted.
Protection to meet your mobile device environment
Blue Coat introduces Secure Web Gateway
Blue Coat Systems has introduced its Secure Web Gateway virtual appliance for small branch offices.Â The new virtual appliance is designed to extend the same depth of protection and control delivered by the Blue Coat ProxySG appliances to small branch office locations with limited space and IT resources.Â The new virtual appliance is designed to provide customers with the flexibility to choose the deployment model that best meets their security requirements on a location-by-location basis.Â The new Blue Coat Secure Web
Gateway virtual appliance can also be deployed on a virtualised server.Â This allows businesses to support web security and other critical remote office infrastructure on a common platform, reducing costs and IT resource requirements. Like Blue Coatâ€™s ProxySG appliances and Cloud Service, the Secure Web Gateway virtual appliance is backed by the WebPulse Collaborative Defence.Â The Blue Coat Secure Web Gateway virtual appliance is also designed to deliver the same policy controls used by enterprises on the ProxySG appliances.Â
â€œThe Blue Coat Secure Web Gateway virtual appliance is a simple and powerful way to seamlessly extend the same on-premise threat protection and policies that ProxySG appliances provide at the corporate gateway to branch offices with limited IT staff,â€? said Dave Ewart, director of product marketing, Europe, Middle East and Africa, Blue Coat Systems.Â â€œThe new virtual appliances complement Blue Coatâ€™s existing on-premise appliances and cloud-based service, giving businesses the flexibility to deploy the solution that best fits their security requirements.â€?
t*OUSVTJPO1SFWFOUJPO t"QQMJDBUJPO$POUSPM t%BUB-PTT1SFWFOUJPO t8FC$POUFOU'JMUFSJOH t71/ 44-BOE*1TFD t5XPGBDUPS"VUIFOUJDBUJPO
November 2012 Vol.18 No.11
Yasser Zeineldin of eHosting DataFort says the UAE is not a very regulated market for cloud, or cloud hosting.
Secure Users Anywhere Protect Applications Everywhere
eHDF corners private cloud market Business eHosting DataFort has launched its managed cloud services and showcased its disaster recovery solutions at this year’s GITEX. The company already has a number of clients utilising its private cloud platform, Emirates e-Government is hosted on an eHosting DataFort private cloud, Emcor Facilities Management is a private enterprise that also has a private cloud platform delivered by eHosting DataFort. The company also has a nummber of clients running a virtualised platform, such as the Ministry of Public Works.Yasser Zeineldin, CEO of eHosting DataFort said that the UAE is currently not
a very regulated market for cloud, or cloud hosting. “There are generally a number of guidelines that enable clients in the UAE to go for a local service provider, for example the location of the data. From a regulatory standpoint, the regulations are on the business side, for example banks cannot host their data outside by regulation. There are also country-related laws that state that governments also have to store data locally,” he said. This means that governments do not have much of an option of going on a public cloud, which is why eHosting is focusing on offering managed private clouds locally in the UAE.
Cloud is here to stay, according to Zeineldin, but he says the main blockages to cloud adoption in the region are three main things; fears about security, worries about where the data resides, and latency issues. “We believe that that the cloud industry will evolve into many clouds, there won’t be one global cloud that is available everywhere, but it would be a variation of a number of local and regional clouds and also would be a vertical focused cloud, i.e one for banks, one for governments,” he said. eHosting DataFort also showcased its business continuity solutions at GITEX 2012.
HP debuts new Gen8 servers Technology HP has unveiled two new HP ProLiant Generation 8 (Gen8) four-socket servers designed facilitate customers’ move into the cloud while delivering increased compute power in less space, and a quick return on investment. According to HP, these are the industry’s first four-socket servers to incorporate HP ProActive Insight Architecture. The HP ProLiant BL660c and DL560 Generation 8 servers are designed to significantly reduce
the time spent on maintenance tasks through high levels of automation and continuous monitoring of system health, saving IT technical staff much administration time. As building blocks for HP Converged Infrastructure, these multiprocessor servers are designed to satisfy the need for high-end compute power that enables clients to extend end-toend virtualisation and provide a foundation for creating private and hybrid clouds.
With a three-to-one severconsolidation rate and reduced server footprint in the data centre, the HP ProLiant BL660c Generation 8 server offers foursocket density in half the size of the previous generation, and reduces total cost of ownership. Additionally, the HP ProLiant DL560 Generation 8 server provides a space-minimising foursocket server in a 2U form factor without compromising performance, scalability or enterprise expansion requirements.
F5 Security Solutions for the Evolving Threat Landscape :LJ\YL@V\Y(WWZ >LI(WWSPJH[PVU-PYL^HSS 3H`LY++6:7YV[LJ[PVU 9L]LYZL7YV_` :LJ\YPUN,_JOHUNL :OHYLWVPU[ 7*0+:: :[VW([[HJRZVU+H[H*LU[YL +H[H*LU[LY-PYL^HSS 5L[^VYR++6:7YV[LJ[PVU :[YLHTSPUL:LJ\YL(JJLZZ ::3=75 )@6+ *LU[YHSPaL(JJLZZ*VU[YVS 7YV[LJ[)YHUK0KLU[P[` +5::,*
NE T WORK MIDDLE E A ST RE VIE WS THE REGIONâ€™S
NEW NETWORK TECHNOLOGIES IN 2012
Regional and international experts discuss new network technologies, such as governance, risk and compliance and mobile application management, and what they mean for enterprises.
November 2012 Vol.18 No.11 11
The ins and outs of cloud security Regional and international cloud security experts discuss what cloud security is and how a company can protect their data
loud security is the technology that protects data, application and infrastructure associated with the cloud. Despite much information to the contrary, cloud security is much the same as traditional IT security and many of the security issues associated with cloud are exactly the same as with traditional forms of IT. According to Gartner, the service-based nature of cloud means that consumers of a cloud service are dependent upon whatever security controls are available through the service interface. There is an abstraction layer that is not present in traditional insourced IT delivery. “The types of enterprise security issues that arise in these circumstances include dependencies on subcontracted third parties, network services, and the availability of authentication and authorisation credentials across multiple services,” says Rob McMillan, research director at global technology research organisation, Gartner. Cloud also features issues related to data confidentiality and data sovereignty, that don’t often arise in traditional IT network systems. “Securing cloud depends on working out where and how to apply measures to specifically meet the end users needs. Our traditional stateful packet inspection firewalls focus on blocking network layer threats by evaluating the ports and protocols used by network layer traffic. The latest Next-Generation firewalls utilise deep packet inspection to scan the entire packet payload to provide advanced intrusion prevention, anti-malware, content filtering and gateway anti-virus,” explains Florian Malecki, senior
12 November 2012 Vol.18 No.11
Rob McMillan, research director at Gartner says that cloud security is much the same as traditional IT security.
“The good news is that a standard for cloud security is likely to be published in 2013. ISO / IEC 27017 is in draft form, and is based on work by the Cloud Security Alliance.” ROB MCMILLAN, RESEARCH DIRECTOR AT GARTNER. product marketing manager, EMEA, at intelligent network security and data protection solutions expert Dell SonicWALL.
THREATS TO ADOPTION The biggest threats to cloud adoption are the lack of control over and visibility of data hosted in the cloud. According to Gart-
ner, cloud suppliers usually offer no guarantees about where information in a cloud service will be physically stored and/or processed. This can be problematic for information that is regulated, such as Personally Identifiable Information (PII), or is particularly sensitive to the consumer organisation. With cloud services
such as SaaS the consumer has little or no visibility and control over the software quality process or release management. “The consumer effectively trusts the software provider to supply software that is safe and reliable. This can be problematic in high security pressure environments, or in complex environments with complex applications that typically require a significant volume of regression testing as part of the change management process,” says McMillan. Cloud services are nearly always based on virtualised services, which means that once a workload has been torn down it can be difficult to recover information about it. If that workload has been involved in an incident then conducting any kind of forensic analysis on the processes or on the hardware on which the processing or data storage occurred is likely to be near-impossible. Its evidential value will be questionable as well, since it will be hard to prove that the forensic information has not been tainted by other virtual processes that may have utilised common resources since the incident. Cloud infrastructures create significant traffic over the internet that poses a real challenge. For example, businesscritical and productivity-draining applications must contend for the same bandwidth.
DATA PROTECTION To protect their data from attacks, companies must prepare for the impact of known and unknown trends and consider proven solutions for NextGeneration firewalls, application control and visualisation, bandwidth management, secure remote access, clean Virtual Pri-
vate Networks and data leakage prevention, according to Malecki. At present there is a high dependency by consumers on the service offerings that vendors provide with little power available to consumers to influence vendor functionality, visibility or control with respect to security. Many organisations resort to using bespoke surveys and other techniques to make an assessment of prospective vendors to assess their security posture. “The good news is that a standard for cloud security is likely to be published in 2013. ISO / IEC 27017 is in draft form, and
is based on work by the Cloud Security Alliance. It is highly likely that once this standard is published, certification services will follow,” says McMillan.
VIRTUALISATION At a technical level one of the biggest cloud threats, is that the heavy use of virtualisation means that the hypervisor becomes a key potential point of failure. “Any malware or defective process that can affect the reliability of the hypervisor can have a big impact. Furthermore, the use of common infrastructure can mean that recovery services may not
“The latest next-generation firewalls utilise deep packet inspection to scan the entire packet payload to provide advanced intrusion prevention, anti-malware, content filtering and gateway anti-virus.” FLORIAN MALECKI, SENIOR PRODUCT MARKETING MANAGER, EMEA, DELL SONICWALL Florian Malecki of Dell SonicWALL says nextgeneration firewalls are key to securing cloud.
Firewalls are a key defence mechanism in cloud security, according to Dell SonicWALL.
be as reliable as customer might think; its very important to have the cloud provider prove the reliability of recovery services on a regular basis,” McMillan explains. Dell SonicWALL says that firewalls are a key defence mechanism in cloud security. By scanning every byte of every packet on all network traffic, firewalls can provide complete malware protection, and application intelligence, control and visualisation, regardless of port or protocol, by determining exactly what applications are used and who is using them. In doing so, these firewalls can detect and eliminate malware, intrusions, data leakage and policy violations before they cause harm to your network or its users and your business, says Malecki. The main concern companies have about the cloud stems from some public failures in delivering what the cloud has promised, i.e. to make a particular issue or task someone else’s problem, according to Angelo Comazzetto, senior product manager UTM for security specialist Sophos. “Whether you rely on the cloud to store your files, provide a website for your clients, or manage and deploy anti-virus for example, you expect it will be always there and always functioning. This isn’t so much a full security issue, but also one of perception. The cloud is really nothing more than a new way to market data centre services. In the past, you would rent a server
or pay for access to resources hosted off site instead of doing it yourself. Cloud computing provides the same sort of benefits, albeit with much more modern tools and services that are more easily served by an ‘end user’,” she says. “The cloud cannot be made secure any more than the rest of the internet. Indeed there is no such thing as secure, only degrees of vulnerability. That said, depending on the cloud provider you choose, a business has access to a massively robust, scalable, and advanced platform they cannot easily establish and maintain themselves. The trick is ensuring that what you buy is from a reputable vendor and that you configure the user-serviceable parts correctly.” Sophos has a wide range of customers operating cloud versions of their technology, especially with Amazon’s Web Services cloud platform.
Cloud security vs on-site security Cloud security is diﬀerent to protecting the enterprise network in three key ways according to Dell SonicWALL. Cost of point of view: Cloud: cost is recurring monthly/yearly cost vs On-site: upfront costs with some minimum recurring costs per year (support, etc.) Management: Cloud: organisations rely on a third party with pro/cons On-site: organisation manages it all Attacks: Cloud: you rely on the cloud provider to oﬀer best security On-site: you control everything from A to Z
November 2012 Vol.18 No.11 13
Check on your loved ones from anywhere, anytime D-Link Cloud Cameras allow you to watch over your loved ones and monitor valued possessions anywhere, anytime from a mobile device such as a smartphone or tablet.
DCS-930L Wireless 11n MJPEG Network Camera
DCS-932L Wireless N IR Home Network Camera
DCS-2132L HD Wireless N Cube Network Camera
+971 4 880 9022
DCS-5222L HD Wireless N Pan & Tilt Network Camera
Governance, risk, compliance Experts discuss what governance, risk and compliance is and how it aﬀects companies
Alaa Abdulnabi from EMC’s security division RSA, says that GRC is fairly new to the enterprise landscape.
overnance, risk and compliance is something fairly new to the IT landscape and GRC automation software is just emerging in the region.GRC is an integrated set of processes and technologies that allow companies to improve business decision making, increase risk awareness and increase accountability. To break it down further, governance is the culture, policies, processes, laws, and institutions that define the structure by which companies are directed and managed, risk is the effect of uncertainty on business objectives; risk management is the coordinated activities to direct and control an organisation to realise opportunities while managing negative events, and compli-
ance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as corporate policies and corporate procedures. “Governance, risk management, and compliance or GRC is a term that reflects the approach for organisations that adopt an
integrated view to these aspects of their business. This is done by aligning and integrating the governance, risk and compliance activities and initiatives across the organisation,” says Alaa Abdulnabi, regional pre-sales manager, Turkey, emerging Africa and Middle East, for EMC RSA, experts in GRC solutions. GRC is fast becoming essential for enterprises, especially for those that are doing business globally and are struggling to keep up with the regulatory requirements in each country and manage the greater risks associated with more complex business and IT environments. While many IT GRC programmes are showing significant value however, there is often a substantial gap between the efforts undertaken within the enterprise IT department and the expectations that are understood by business professionals. “Regulatory compliance continues to be a major driver in the adoption of a wide variety of products that automate riskrelevant tasks, but it is increasingly being replaced by a more business-oriented risk management approach. The use of automation to manage risk- and regulatory-relevant processes is a common practice in many en-
“Ongoing risk and compliance concerns regarding privacy, fraud prevention, business continuity, intellectual property protection, and other top enterprise risk and compliance concerns will continue to put more pressure on IT. They will also, however, offer IT the chance to elevate their service and value to the business.” ALAA ABDULNABI, REGIONAL PRE-SALES MANAGER, TURKEY, EMERGING AFRICA AND MIDDLE EAST, RSA.
By implementing eGRC solutions, companies experience Improved Eﬃciency: Organisations are tackling a speciﬁc compliance initiative, such as PCI or Privacy Mandates, as one-oﬀ projects. Rather than asking the question once of your business and IT teams and reusing that information across several compliance initiatives. By asking once and answering to many regulations you can reduce the time it takes to show compliance and reduce the number of assessments sent to the business and IT teams. Automation: Compliance data is often stored in several spreadsheets and only represent this data at one speciﬁc point in time. The data is instantly out of date. Using automated tools you can pull this isolated data into one system of record transforming one-oﬀ processes into a sustainable, consistent process that is used by all within the organisation. Accountability: Many organisations lose track of exceptions to policies that they have grant to speciﬁc areas of the organisation. Untracked, these exceptions often result in risks to the business. Managing the exception process including status and expirations improve the overall transparency and accountability of the process within the organisation. Partnerships: Multiple business units track compliance data across the organisation. Collaboration across these silos enables you to consolidate this critical data to provide better insight of threats and risk across the entire organisation. Visibility: One of the most diﬃcult challenges manager face is the ability to prioritise the growing number of threats they must address based on their impact to the business. With an eGRC solution, organisations can assess the impact a particular threat has on your operational infrastructure and business hierarchy and easily track the resolution.
terprises. Complex organisations, especially those that are heavily regulated, use a wide variety of process management and decision support tools to manage risk, govern their activities, and ensure regulatory compliance,” says Biswajeet Mahapatra, research director at international technology research organisaNovember 2012 Vol.18 No.11 15
tion Gartner. Companies such as RSA have developed EGRC solutions that automate the GRC process, making it easier for companies to comply across a host of regulations, as well as ensuring that the company’s data is up-todate and allowing greater visibility into threat impacts. The primary purpose of any Enterprise GRC (EGRC) platform is to automate much of the work associated with the documentation and reporting of the risk management and compliance activities that are most closely associated with corporate governance and strategic business objectives. The primary end users include internal auditors and the audit committee, risk and compliance managers, legal professionals, and all accountable executives. GRC software provides enterprises with a method to improve compliance with retention policy, reduce legal risk, and streamline the operational process of managing unstructured information, according to Darren Lee, vice president, Governance and Archiving at cloud-based GRC solutions provider Proofpoint. Some of the products available in this space include IBM OpenPages, Thomson Reuters Enterprise GRC, Oracle GRC, EMC – RSA Archer, SAP Risk Management and Process Control, SAS Enterprise GRC, Nasdaq – Bwise and many more. According to Atul Kamat, head of Technology Service Delivery, at data centre and cloud provider eHosting DataFort, the EGRC platform market has expanded from a tactical focus on regulatory compliance to a
The major advantages of GRC programs in any organisation are: Improving board’s risk oversight Responding to regulatory changes Strengthening corporate governance Restructuring corporate risk tolerance Strengthening anti-fraud compliance programs. Extending corporate social responsibility and philanthropic activities. Renewing Green IT policies
16 November 2012 Vol.18 No.11
might be. To do this, enterprises need a group of people and some process to go look at those things, understand them, and make recommendations. In a nutshell, that’s governance. Once the recommendations are made, enterprises need people and process to go do what was recommended, measure the results, and be able to prove what you’ve done. That is enterprise compliance. “You’ll find GRC-type thinking emerging everywhere: legal, finance, HR, IT, engineering, research, healthcare, energy exploration. Each sub-segment faces a very different risk profile, so GRC is thought of differently depending on who you’re talking to. HR risks aren’t the same as legal risks aren’t the same as engineering risks, and so on,” according to Abdulnabi.
Biswajeet Mahapatra, research director, Gartner says that the use of automation to manage risk- and regulatory-relevant processes is a common practice in many enterprises.
“Complex organisations, especially those that are heavily regulated, use a wide variety of process management and decision support tools to manage risk, govern their activities, and ensure regulatory compliance.”
BISWAJEET MAHAPATRA, RESEARCH DIRECTOR, GARTNER.
strategic focus on enterprise risk management. Many vendors are looking toward the next market phase, which includes adding or integrating with business performance management and score carding capabilities.
GRC IN THE MIDDLE EAST: There are currently a large amount of GRC initiatives in the region, although it is still early days. According to Gartner, companies have only just realised the importance of GRC and have begun adopting best practices, standards and tools to make their IT environment more secure. “Many organisations are coming to realise the importance of having a GRC programme in place, and are now looking at enhancing their current processes. Compliance with regulations is
the major driver for governance, risk and compliance in the Middle East, which drives focus to other areas of the givernance, risk, compliance space such as risk management, Business continuity management and audit management,” states Abdulnabi. GRC is of major importance in government, banks and financial institutions but slowly will become one of the top three priorities in most of the large and medium enterprises, says research firm Gartner. According to Chuck Hollis, VP Global Marketing CTO EMC Corporation, if you’re a company or an organisation of any type, you want to avoid bad things happening. You want to understand what the risks might be, their potential impact, what can be done to mitigate those risks, and what the relative costs
IT GRC programmes are still relatively new, but they have already shown great success and even more promise in many organisations. Working to align efforts with business expectations will help assure IT that projects aren’t perceived to be wasted efforts, helping solidify the collaboration and support that is required from the business in order to achieve ongoing success. “IT professionals should take heart that their efforts are seen as important and valuable to business professionals. Where previously there has been a distinct divide between the two groups and little understanding between them, the changing nature of the corporate environment is creating opportunities for understanding and collaboration. Ongoing risk and compliance concerns regarding privacy, fraud prevention, business continuity, intellectual property protection, and other top enterprise risk and compliance concerns will continue to put more pressure on IT. They will also, however, offer IT the chance to elevate their service and value to the business,” explains Abdulnabi.
Mobile application management Mobile application management is an essential tool if an enterprise is to allow BYOD According to Song Chuang from Gartner MAM is extremely useful in BYOD.
obile application management is generically the ability for administrators to manage mobile applications on mobile devices including install/ uninstall, configure and support and has recently been used with solutions such as Apperian, AppCentral which was just acquired by Good Technologies, and RAPsphere which was acquired by AppSense. In general, employees at companies that use such solutions, will find that their personal
mobile devices are not locked down at a device level, but instead, enterprise email and other enterprise apps are secured by the mobile application managment solution. “An enterprise app may be wrapped at a binary level, or the app may be integrated to a mobile application managment SDK and recompiled. In both cases, the enterprise app is now containerised. When the resulting app is launched, a complex password might be needed, app data is stored encrypted, and
“An enterprise app may be wrapped at a binary level, or the app may be integrated to a mobile application managment SDK and recompiled. In both cases, the enterprise app is now containerised.” SONG CHUANG, RESEARCH DIRECTOR AT INTERNATIONAL TECHNOLOGY RESEARCH FIRM, GARTNER.
With MAM controls such as authentication, encryption and expiration – apps and data can be manually expired or set to automatically remove themselves from devices.
there is data leakage prevention – text cannot be copied to an app outside the enterprise container, or enterprise email attachments cannot be saved to Dropbox which is outside the container,” states Song Chuang, research director at international technology research firm, Gartner.
BRING YOUR OWN DEVICE Mobile application managment features are very applicable and useful for bring your own device environments since they do not require a personal device to be completely locked down – instead, the enterprise stuff is locked down and isolated from the rest of the phone. Employees are likely to prefer such a managment solution. Implementing bring your own device without the proper tools is unsafe and puts the entire organisation at risk, but with the right solutions the secure use of user-owned mobile devices in
companies without hindering users experience with those devices can become a reality.
CONTROLS With mobile application managment controls such as authentication, encryption and expiration – applications and data can be manually expired or set to automatically remove themselves from personal devices based on perimeters established by the network administrators. In addition, mobile application managment solutions provide app portals tailored to each user to deliver the appropriate corporate apps to individual userowned devices. In this way, the user experience of downloading necessary corporate resources is as simple as visiting a public app store, but enterprises can ensure that users are only being given access to the resources they have permission to download. November 2012 Vol.18 No.11 17
Near Field Communications NFC is the technology of the future, but what is it and how can it help enterprises?
FC stands for Near Field Communication, a radio-communication protocol designed for consumer devices to communicate directly with one another at very short range. Extending the ability of the contactless card technology, NFC is backward compatible with the existing contactless standards and infrastructure, which supports payment brand applications such as MasterCard PayPass, Visa PayWave, DiscoverZip or American Express ExpressPay. “NFC handsets in card emulation mode can be used to perform secure contactless payment transactions. With the emergence of mobile NFC services, payment terminals are enhanced with additional applications such as ticketing, mobile coupon redemption, information access from smart posters or access control systems with a simple touch,” says Christelle Toureille – CISMEA marketing director, Telecommunication division at digital security experts, Gemalto. NFC technology enables the sharing of secure identity data between NFC-enabled smartphones, the phones’ secure elements, and other secure media devices inside a trusted boundary within the access-control managed network. This enables NFC smartphones to present digital keys and credentials inside them to access control readers in order to open doors or log on to computers. NFC is fully compliant with the ISO standards governing contactless smartcards, making it ideal for enterprise access control. “NFC advantages include the fact that it is a short-range protocol, which is inherently secure since devices must be placed
Alan Davies from HID Global says that NFC sets up connections faster than standard Bluetooth and its low-power variant, Bluetooth 3.0.
“Instead of performing manual conﬁgurations to identify devices, the connection between two NFC devices is automatically established quickly in less than a tenth of a second.”
ALAN DAVIES , VICE PRESIDENT IDENTITY ASSURANCE SALES EMEA, HID GLOBAL.
very close to each other – this contrasts with long-range protocols like Bluetooth or Wi-Fi which must select and connect with the correct device out of many that might be within range. Additionally, NFC sets up connections faster than standard Bluetooth and its low-power variant, Bluetooth 3.0. Instead of performing
manual configurations to identify devices, the connection between two near field communication devices is automatically established quickly in less than a tenth of a second,” states Alan Davies, vice president Identity Assurance Sales EMEA at secure identity solutions company, HID Global. A mobile phone equipped
with NFC technology can be used to carry a portable identity credential and then wirelessly present it to a reader. The phone is simply waved in front of the reader and the user can open the door. Additionally, NFC devices can operate in a passive, powersaving mode, while still being able to communicate with active NFC devices. As a result, passive NFC tags can be inserted into posters and other items and can communicate with active NFC devices such as an active NFC smartphone or reader. The active, initiator device generates an RF field that can power a passive target without an electricity source. Only one of the devices needs to be powered in order for the communication to occur. In practice, the NFC device user touches the NFCenabled device onto the tag and a small amount of power is taken by the NFC tag from the reader to power the tag electronics. The tag is then enabled to transfer a small amount of information to the reader.
ENTERPRISE USES FOR NFC NFC does far more than just provide a contactless payment function, in the working environment; NFC technology can be used for corporate identity and physical access control. Employees could use their NFC-enabled phone as a corporate ID badge allowing them to securely access buildings, access the corporate car park, and a range of other applications. “The advantage of the technology is that credentials can easily and securely be issued and updated over the air. Employees could also use their NFC phone to pay for coffees or snacks at the vending machine, for their November 2012 Vol.18 No.11 19
meal at the corporate canteen, without having to carry cash with them. Peer to peer applications also have a great future and thanks to the near field communications technology, users will be able to exchange their business cards from phone to phone using NFC,” says Toureille. NFC makes life easier to get information, easier to pay for goods and services, use in public transport, and share data between devices. This works by just bringing NFC-compatible devices close to one another. NFC is currently also used for health care, information exchange, loyalty and coupons. “The benefits of NFC technology are so attractive that many industries are use NFC technology to enhance their services and customer experience. NFCenabled services are fast and easy to use without compromising existing service security,” explains Niranj Sangal, group CEO at Card Personalization, Payment issuance and payment acquiring systems experts, OMA Emirates. Spyridon Gousetis director of marketing MEA, Sony says that NFC can also be used for fleet and package tracking and that enterprise uses of the technology are endless. “A simple example where NFC has been applied commercially is at Singapore Airport, where all luggage items are tracked with the help of small NFC tags that are placed on all luggage. Effectively the airport has been able to reduce delays and transit times that are related to luggage
Christelle Toureille from Gemalto says the main challenge for the Middle East is to get the Point of Sales infrastructure ready to sustain the mobile payment use-case.
“The advantage of the technology is that credentials can easily and securely be issued and updated over the air. Employees could also use their NFC phone to pay for coﬀees or snacks at the vending machine, for their meal at the corporate canteen, without having to carry cash with them.” CHRISTELLE TOUREILLE – CISMEA MARKETING DIRECTOR, TELECOMMUNICATION DIVISION AT GEMALTO
tracking thanks to NFC,” he says. Sony says that NFC can also be used for fleet and package tracking.
20 November 2012 Vol.18 No.11
NFC FOR PAYMENTS Using NFC for mobile payments via is as secure as payment done today with an EMV plastic chip card, according to Sangal. NFC mobile payment uses the physical and logical security mechanisms which are used for contactless cards and also brings an additional security layer to comply with the need for post-issuance activation of an NFC payment application. This requires certification from the
bank or credit card provider. These payment applications are downloaded and installed in a secure element such as SIM cards or Micro SD cards which have common criteria certified by payment network schemes. The post-issuance process includes initialisation of the security mechanisms of a payment application via TSM (Trusted Service Managers) in a standardised NFC secure element. Finally the trusted service managers (TSMs) in charge of managing the payment applications remotely are hosted in secure sites certified by financial service bodies. “Consumers need to enter a PIN for all payment transactions; even for small amounts. This provides the end-user with complete protection. Secure overthe-air technology for remote management enables immediate remote blocking of the payment application. This works in a same way as blocking a bank card,” says Sangal. Gemalto, which provides a Trusted Services Platform alongside its NFC Up Teq SIM cards, says security is crucial when you start to go global and start to be exposed to fraud. Because NFC technology is used for payment applications, security is a central element and the company provides mobile operators with the highest level of security solutions on their solutions, which have been certified Visa and Mastercard. Moreover, in the event the phone would be lost or stolen, secure over-the-air (OTA) technology for remote management enables immediate remote blocking of the payment application when the client requests it, just as if you were blocking your banking card.
ADOPTION OF NFC NFC is already seeing a surge in popularity in the region, with various NFC related pilot projects already underway. According to Gousetis it is just matter of time before we see widespread deployment of NFC mobile payments/transactions. “The reason it is taking time
providers, banks and operators and is in talks about setting up a whole commerce solution based on NFC.
According to Sony it is just matter of time before we see widespread deployment of NFC mobile payments/transactions.
DEPLOYMENT IN THE REGION
is that all NFC solutions need to get integrated well with backend systems and that takes time as solution providers have to make various systems work together and form a unified single ecosystem. The good news is that work on region wide deployment started sometime back and we are increasingly starting to see NFC enabled payment points in public space such as cinemas and supermarkets. Recently the RTA announced that by 2013 people will be able to use their smartphone to pay for fares in and around Dubai,” he said. Many countries have begun NFC deployment with the adoption of contactless banking cards, according to Gemalto and many banks in the Middle East are starting looking into contactless bank cards. “Some banks in the region are already deploying NFC. Local mobile operators are also looking closely into NFC, some pilots have already been announced and we expect that larger scale ones will soon start. It will take time for the infrastructure to be in place but we could realisti-
cally see wide scale NFC adoption in two to three years’ time frame,” states Toureille. Turkey is leading the way in NFC deployments the MEA region when it comes to innovation and was the first country to deploy NFC. In December 2010, mobile phone operator AVEA partnered with Garanti Bank to launch their BonusluAvea NFC service and in April 2011, mobile operator Turkcell followed with the launch of its Cep-T Cüzdan platform. Some pilots are ongoing in the gulf countries. OMA Emirates along with its partners have worked on several NFC pilots with companies such Du, Zain, National Bank of Kuwait and Dubai First. This process has helped the company demonstrate the technology and its benefits for end-users and the organisation. “We are positive that the increased awareness and our inhouse capabilities will enable us to ink some strong deals in the near future,” explains Sangal. According to Sony, the company has lots of pilot projects ongoing between solution
“The beneﬁts of NFC technology are so attractive that many industries are use NFC technology to enhance their services and customer experience. NFC-enabled services are fast and easy to use without compromising existing service security.” NIRANJ SANGAL - GROUP CEO OMA EMIRATES.
Like anywhere else in the world, the introduction of new technologies and NFC services to the market takes time as it requires the construction of complex local ecosystems and business models involving many players such as banks, transport companies, telecom operators, retailers, merchants, OEMs etc. Once the NFC platform and NFC phones are rolled out, for people to be able to enjoy the benefits of NFC, the deployment of NFC
point of sales terminals is crucial. “The main challenge for the Middle East, would be to get the Point of Sales infrastructure ready to sustain the mobile payment use-case so as soon as mobile operators and banks launch their services, subscribers could then be able to start enjoying the NFC experience anywhere, anytime without any further delays,” states Toureille. Some major factors that are holding up NFC deployment in the region are firstly big companies accepting the NFC transactions and secondly the issuance of contactless cards to make the first step towards bringing the technology to consumers.
“A simple example where NFC has been applied commercially is at Singapore Airport, where all luggage items are tracked with the help of small NFC tags that are placed on all luggage.” SPYRIDON GOUSETIS DIRECTOR OF MARKETING MEA, SONY
Spyridon Gousetis from Sony says Singapore Airport has implemented NFC for tracking luggage.
November 2012 Vol.18 No.11 21
Make IT easy. The new TS IT rack with snap-in technology. Quick and easy to install.
Neha Gupta from Gartner says that enterprises now have less control of their brand.
The importance of social media/
CRM monitoring Neha Gupta, senior research analyst at Gartner, shows why companies must think outside of the box WHAT IS SOCIAL MEDIA/CRM MONITORING AND HOW DOES IT WORK? Gartner defines Social CRM as a business strategy that entails the extension of marketing, sales and customer service processes to include the active participation of customers or visitors to an internet channel (web or mobile) with the goal of fostering participation in the business process. To be successful with social CRM, organisations need to be much less focused on how an organisation can manage the customer, and much more focused on how the customer can manage the relationship. Monitoring of social media communications can provide information on high-risk situations, the mood of a populace and the level of support for disruptive actions. For example, in disaster anticipation, prevention and recovery, social media
communications can be a great ally in helping to alert people to coming danger and to help them after disaster has struck. In a disaster, social media monitoring can help identify people requiring assistance and beneficial activities and resources being provided by individuals and organisations. WHAT IS THE VALUE OF SOCIAL MEDIA/CRM MONITORING FOR THE ENTERPRISE? There are three key factors that will both justify and drive the need for supporting social media efforts that will become important to businesses to the point that they will be critical and a ‘need to have’ and no longer a ‘nice to have’. Reduced cost of operations Properly implemented supporting social initiatives can help reduce costs by providing means for increased customer service and more efficient means of support through crowdsourcing and other
“Monitoring of social media communications can provide information on high-risk situations, the mood of a populace and the level of support for disruptive actions.”
social engagements. The result is measurable cost savings and increased customer satisfaction. Increased revenue - Lowered costs are often not enough justification for an initiative, rather there must also be improved revenue streams as well. Engagement with social consumers allow for enthusiasts and influencer conversations, namely key customers that can influence others, shape the opinions of the market and help expand the customer base and drive new business. Build brands - Developing positive consumer social inertia has a byproduct that will also increase overall brand value. This increase in popularity and value directly translates into the potential increases in perceived value and price of products sold. The result is vendors can sell products at higher prices than their competitors. DO YOU THINK THIS TECHNOLOGY WILL BECOME A‘MUST HAVE’? Corporate images are now no longer controlled exclusively by vendors. They are now influenced and shaped by social factors well
beyond the immediate control of traditional marketing, public relations and advertising. There is a more serious implication to this loss of reputation and brand control. Impressions, experiences and anecdotal tales that are both good and bad will have direct impact. Therefore, engaging with the social consumer is no longer optional but mandatory. WHY IS SOCIAL MEDIA SO IMPORTANT FOR BUSINESSES? Consumers are now empowered in ways they have never been before. In the past, consumer behavior was influenced by two things. Personal historical actions or external influences such as the recommendations of trusted sources like friends or marketing and advertising. Today, consumer behavior is augmented by the consumer social experience which includes real-time information, contextual data and other social factors that affect the consumer. The result of this ongoing, global consumer conversation and continual social interaction is that consumers and vendors now can make better informed decisions and fewer mistakes about the decisions they make. November 2012 Vol.18 No.11 23
ARE WEB APPS
SABOTAGING YOUR NETWORK?
Keep Dangerous Apps Off-Limits Internet and social media applications are full of vulnerabilities and attacks. Your business needs protection. Isnโt it time to ensure that your corporate environment is safe by managing application use on your network?
Take Back Control t*ODSFBTFQSPEVDUJWJUZ QSPรถUBCJMJUZ BOETFDVSJUZ t$POUSPMXIPIBTBDDFTT t%FรถOFQPMJDZVTFCZQVSQPTF EFQBSUNFOU PS JOEJWJEVBM
t&BTJMZEFQMPZ"QQMJDBUJPO$POUSPMPO8BUDI(VBSET award-winning XTM appliances t&OBCMFQPMJDZCBTFENPOJUPSJOH t5SBDLBOECMPDLPWFS1 VOJRVF Applicati on Contr 8FCCVTJOFTTBQQMJDBUJPOT ol is only a
Find Out More Today! Visit www.yourdomain.com
vailable on the WatchGu ard XTM Series. Upgrade your curr ent solution today! *
Contact us at x.xxx.xxx.xxxx Authorized Value Added Distributor
Banning social media is no longer an IT strategy. You must secure your business. *
Through the WatchGuard Trade Up Program any comparable hardware - WatchGuard or otherwise - can be traded in for a discount off the latest WatchGuard solutions. Call us today to see if you are eligible.
Partner Logo Here
Solving IT storage woes in ME: ‘Scale-Out Storage’
November 2012 Vol.18 No.11
George DeBono from Red Hat says that the growing interest and adoption of scale-out storage has been driven not only by its performance characteristics but also by the economics offered by the technology.
George DeBono, general manager, MEA at Red Hat, talks scale-out storage
ggressive acquisition and retention of data, the acceleration of business analytics and impending retention policies and regulations in the Middle East have driven the growth of unstructured data within the organisation. The need to rapidly scale storage while permitting maximum flexibility has given rise to a new storage methodology. Scale-out storage, as opposed to scale-up storage, focuses not only upon how quickly a storage platform can add capacity but also upon how to do so while ensuring that the performance scales linearly as well. WHAT IS SCALE-OUT STORAGE? The defining characteristic of scale-out storage is the fact that a single scale-out storage system is composed of many independent
server nodes forming a loosely coupled distributed storage system. Thus, scale-out refers to the idea that the capacity and performance of the system may be increased by ‘scaling it out,’ that is, by adding additional nodes. Because each of the nodes in a scale-out storage system brings with it a balanced set of CPU, memory, disk and network interfaces, scale-out systems are known for their ability to scale linearly, without degrading performance as incremental nodes are added. This is in contrast to traditional NAS storage wherein capacity is added by scaling-up or by adding additional resources such as a disk, within the device. COST IMPLICATIONS Scale-out storage offers a number of advantages relative to traditional NAS. To start with, scale-out storage environments
“Thanks to the ﬂexibility of scale-out storage, systems can be scaled by adding new nodes and growing capacity over time. The scale-out storage model also supports the repurposing of data centre hardware. ”
are built using off-the-shelf servers and disk, while traditional NAS is typically based on proprietary hardware components. This has significant cost implications, as the cost of commodity components is driven down by marketplace pressures, while vendors of proprietary systems fight to retain the premium they place on their offerings.Thanks to the flexibility of scale-out storage, systems can be scaled by adding new nodes and growing capacity over time. The scale-out storage model also supports the repurposing of data centre hardware. OPERATIONAL EXPENDITURE In addition to the cost advantages that scale-out storage offers over traditional NAS storage, there are several reasons why scale-out storage is more attractive from an operations perspective. With monolithic NAS, each appliance is individually managed which is why operational costs rise proportionally to the size and scale of the storage environment. A key operational characteristic of scale-out storage is the ability to unify disparate servers and their disks into a single global
name space. By virtualising the underlying storage infrastructure and automating its management, scale-out storage decouples management costs from the size and scale of physical storage. STRATEGIC FACTORS While capital and operational cost reductions can positively impact savings, any new technology should always be primarily evaluated for its ability to transform processes for greater business agility. Here too scale-out storage proves its worth. By forming a single, unified, highly elastic storage pool that is compatible with a wide variety of applications, businesses become positioned to innovate quickly and respond rapidly to marketplace shifts without the burden of establishing a new storage environment for each new initiative. Enterprises deploying scale-out storage are positioned to unify access to data from many sources and make that data broadly accessible to a wide variety of users and applications, fostering very high levels of insight and responsiveness within the enterprise.
26 November 2012 Vol.18 No11
DDoS attacks: The impact
DDoS experts explain how to try to prevent DDoS attacks and what the impact is of an attack on an enterprise
he cost of a Distributed Denial of Service (DDoS) attack can continue to impact on the targeted organisation long after the event has been dealt with. It is not just the disruption to the public interface, which is damaging enough to any organisation that conducts a substantial volume of its business online. Loss of revenues while services and systems are unavailable to customers are compounded by the cost of rectifying the crisis and long-term damage to the business’s reputation In some cases an organisation might even submit to extortion from the hackers, effectively paying a ransom to rid itself of the problem – until the next strike from another hacker source. In the face of the threat, network and IT managers might be excused a constant sense of despair. The logistical and reactive challenges of anticipating and handling a threat that is all the more sinister for the apparent coordination and efficiency of its perpetrators are considerable. But that is no reason for anyone to simply hunker down and brace themselves for the next attack. “A Distributed Denial of Service attack is a Denial of Service attack conducted by using multiple systems distributed over the internet as sources to host the attack on the same target,” says Kuber Saraswat, director, strategic security consulting at Dubai-based security services provider SecureLink.
November 2012 Vol.18 No.11 27
Swapnendu Mazumdar from eHosting DataFort says the best results come from correlating multiple engines for the attacks identification process.
“Most security-conscious customers already have some level of DDoS protection in place. The DDoS attacks in the Middle East have create awareness in corporate and government security strategies of the need to prepare for larger capacities to handle such events, and also to look for new attack trends and patterns. “While every attack is dangerous, the visibility and the ability for these attacks to scale in size makes them most dangerous. The DDoS attack is focused on degrading the service quality of the target system, so that it
28 November 2012 Vol.18 No11
“While every attack is dangerous, the visibility and the ability for these attacks to scale in size makes them most dangerous. The DDoS attack is focused on degrading the service quality of the target system, so that it is either unavailable or slow in response.” Kuber Saraswat, director, strategic security consulting, SecureLink. is either unavailable or slow in response. The attack impacts business through creating delay in transmission, network outage,
ing online accounts, to reduce worker output and to cause brand and reputation damage.” As if that was not enough, Saraswat states that a new trend is emerging: DDoS attacks are increasingly used as a diversion to engage the target company’s resources while another type of attack is launched from another access point.
IMPROVING DEFENCES and has been used by organised crime for extortion, website sabotage, to incur financial losses and to block users from access-
While many organisations look to comprehensive managed service systems to protect themselves as far as possible against an
PCCW Global Connected with your world PCCW Global designs, builds and manages IP, Fiber, Satellite, Ethernet and Voice communications worldwide, while enabling service providers to take their business overseas and run operations worldwide. Resilient global infrastructure and robust network covering 1,800 cities and 120 countries More than 120 regional MPLS partners globally, with over 70 partners in the EMEA region PCCW Global’s media solutions enable broadcasters to deliver high quality media broadcasts over an enhanced MPLS network. Awarded the ‘Best International Wholesale Carrier’ title at the Telecoms World Awards Middle East 2012 PCCW Global serves the international connectivity needs of enterprise and wholesale customers across the Middle East, and beyond.
Contact us: Tel: +971 4 446 7480 Email: firstname.lastname@example.org
Comprehensive managed service systems against DDoS attacks can be expensive for enterprises, says James Lyne of Sophos.
Nicolai Solling from help AG says that IT professionals will continuously need to battle and handle the issue of DDoS.
“To truly defend, enterprises need to build their application or service architecture from the ground up to be resilient. You can’t make a poorlyperforming and secured service, so the right developing practices and architecture are key too.” James Lyne, director of technology strategy, Sophos. attack, this can be expensive. James Lyne, director of technology strategy at security systems specialist Sophos says that investment in a combination of software and hardware will significantly improve defences. But total prevention is a challenge for any business without substantial financial resources to maximise bandwidth and IT resources. “That said, there are some basics that most can do,” he explains. “Firstly, you should use DDoS prevention capabilities at
30 November 2012 Vol.18 No11
the protocol level in your network security devices. This can filter the obvious such as a small number of systems generating basic flood packets. To really deal with the issue, however, you need to work with your service provider to ensure they can filter and handle traffic upstream from your systems. Use of a cloud provider can also help as they are likely to have significantly more bandwidth and resilient infrastructure in place.” Lyne says that DDoS preven-
(°]PJ[PT°VM°J`ILY°[OYLH[Z°[OH[°JHU°PTWHJ[°`V\Y°I\ZPULZZ°:LJ\YL°`V\Y°I\ZPULZZ°^P[O°/LSW(.° /LSW(.°PZ°HU°PUMVYTH[PVU°ZLJ\YP[`°ZLY]PJLZ°HUK°ZVS\[PVUZ°WYV]PKLY°2UV^U°MVY°P[Z°\UTH[JOLK°[LJOUPJHS°L_WLY[PZL°HUKZ\WWVY[° ZLY]PJLZ°/LSW(.°\UKLYZ[HUKZ°[OL°JVYYLSH[PVU°IL[^LLU°[LJOUPJHS°HUK°Z[YH[LNPJ°PUMVYTH[PVU°ZLJ\YP[`°HUK°IYPUNZ`V\°[OL° ILZ[°ZVS\[PVUZ°H]HPSHISL°VU°[OPZ°WSHUL[
tion software will help to identify a probing system or a large number of fake or malformed requests, but more traditional monitoring software – which tracks uptime and validates service availability – is also a useful source of early warnings. Armed with the information such software affords, you can work with your service provider or make configuration chances in-house to counter the attack. “Our Unified Threat Management and network security gateways have some DDoS capabilities to help deal with certain classes of attacks or internal disruption,” he said. “When combined with the right capabilities provided by the ISP or service provider, this can be an effective basis of defence against many forms of DDoS.” However, Lyne warns: “To truly defend, enterprises need to build their application or service architecture from the ground up to be resilient. You can’t make a poorlyperforming and secured service, so the right developing practices and architecture are key too.” Arbor Networks has been mitigating DDoS attacks on some of the world’s most demanding networks for more than a decade, claims sales director Mahmoud Samy. With its Pravail Availability Protection System (APS), it advocates a layered approach that embraces the identification of threats and treats system availability as a primary indicator of an attack. “Today, that means having purpose-built DDoS mitigation protection at the enterprise network perimeter, together with a managed security service that offers DDoS mitigation in the cloud,” says Samy. “The reason for this layered protection strategy is to address the two main types of attack. Application-layer attacks are stealthy, low and slow-type attacks that use little bandwidth. They are best mitigated with a purpose-built device deployed
32 November 2012 Vol.18 No11
Mahmoud Samy from Arbor Networks says enterprises must have purpose-built DDoS mitigation protection at the enterprise network perimeter.
“Application-layer attacks are stealthy, low and slow-type attacks that use little bandwidth. They are best mitigated with a purpose-built device deployed at the enterprise perimeter. For large ﬂood attacks, it is too late once it has reached the enterprise perimeter as link capacity can be overwhelmed; these attacks have to be mitigated in the cloud..” Mahmoud Samy, sales director, Arbor Networks.
at the enterprise perimeter. For large flood attacks, it is too late once it has reached the enterprise perimeter as link capacity can be overwhelmed; these attacks have to be mitigated in the cloud.” Samy makes the sobering point that you cannot prevent an attack from occurring. What you must do, however, is prevent it from being successful – and for the enterprise, that means
Paul Wallace from Riverbed says it requires less of the hackers’ resources to target the customer at application level, under the guise of asking it to do apparently useful work.
“Bandwidth is only going to get higher and it will be much more diﬃcult for hackers to gather the resources to pull together a concerted DDoS attack.” Paul Wallace, director of product marketing, Riverbed deploying advanced DDoS countermeasures that will identify and neutralise malware families in both the service provider and data centre environments.
THE COST Specific DDoS cost data is hard to come by, perhaps because of the sensitivity – and even embarrassment – surrounding the experi-
ence and impact for any business that has fallen victim. But even if you consider the effect simply from the cost of downtime perspective, the benefits of a best-practice prevention strategy are clear. “The cost of data centre downtime is a function of data centre size and business type,” says Samy. “According to a Ponemon survey, 16 different industry segments with 41 busi-
ness managers reporting on the costs that their operations had incurred due to unplanned data centre outages, the hourly cost of downtime per 1,000 square feet ranged from $8,500 to $201,000, with a mean of $46,000. The large fluctuation in downtime costs is mainly due to business type: companies reliant on data centres to conduct business such as financial services incur the greatest losses. “For most enterprises, replacing highly uncertain and risky cost outcomes with the very predictable, lower cost of DDoS threat mitigation and attack protection is sound practice from a security perspective as well as a financial perspective.” Some industry watchers think the massive increase in bandwidth availability and the parallel rise in ISP service levels and capability will be good news from a DDoS perspective, but will put the focus firmly on the application layer as frustrated hackers turn on targets where they can find more chinks in the corporate network armour. Paul Wallace, director of product marketing at application delivery software specialist Riverbed Stingray, says it requires less of the hackers’ resources to target the customer at application level, under the guise of asking it to do apparently useful work. This explains why SQL injection attacks are increasing on corporate databases – with the purpose of extracting customer data. DDoS attacks should be dealt with as part of an overall security strategy, he says, with the risk spread as thinly as possible. That means asking service providers what experience they have in dealing with attacks, how they route their services and how to do they develop applications to provide their agility in the event of an attack. “Bandwidth is only going to get higher and it will be much more difficult for hackers to gather the resources to pull together a conNovember 2012 Vol.18 No.11 33
certed DDoS attack,” says Wallace. “Hence, application-level attacks will become more common.”
PREVENTION STRATEGY A combination of security measures that include proper incident response plans and an adequate business continuity/ disaster recovery strategy as well as DDoS mitigation services and
on-site software and hardware tools, would be the ideal solution, according to Swapnendu Mazumdar, network infrastructure manager at hosting services provider eHosting DataFort. “The best results come from correlating multiple engines for the attacks identification process,” he says, “correlating logs from multiple sources such as
firewalls, intrusion prevention/ detection systems, host-based intrusion/detection systems, DDoS detection/prevention systems, and from auditing desktop and server logs.” Corey Nachreiner, director of security strategy at another security systems specialist, Watchguard Technologies, says that DDoS prevention tools
DDoS attacks are increasingly used as a diversion to engage the target company’s resources while another type of attack is launched from another access point, according to Kuber Saraswat from SecureLink.
can detect an attack in many different ways: traffic threshold monitoring; normal DoS flood detection which might spot a distributed attack; spotting known DDoS tool signatures; analysing behaviour and statistics to spot unusual packet attributes; host or user challenge response test to make sure a visitor is human; and by using data from reputation lists or lists of infected attack victim that can block traffic from IPs with a bad reputation. “But personally, I don’t think DDoS prevention hardware or software can really ‘prevent’ all DDoS attacks,” says Nachreiner. “Rather, they can help mitigate some of them. In short, once the DDoS prevention control has differentiated the DDoS packets from normal traffic, it can start dropping these packets quickly, or blacklisting the IPs that are sending them through. Doing this significantly lessens the resources used on the DDoS traffic. However, even immediately dropping a packet does take a bit of resource. In huge volume attacks, certain gateway appliances or even DDoS prevention controls can become so busy dropping packets that they do not have time to handle legitimate traffic. Over the past few years, researchers have seen examples of DDoS attacks that generate 50-100GB per second of sustained traffic, which even the best DDoS prevention controls would be hard-pressed to handle. This is why a multilayered solution is the only way to truly mitigate DDoS attacks.” There is no sign of any let-up in threat levels in the foreseeable future. Nicolai Solling, director of technology services at security services vendor help AG, says the Middle East remains an area of great interest to attackers due to the strong economy and the political situation in the region. That is why most attacks in the Gulf have been aimed at governNovember 2012 Vol.18 No.11 35
Corey Nachreiner from Watchguard Technologies says that DDoS prevention tools can detect an attack in many different ways.
“Over the past few years, researchers have seen examples of DDoS attacks that generate 50-100GB per second of sustained traﬃc, which even the best DDoS prevention controls would be hard-pressed to handle. This is why a multi-layered solution is the only way to truly mitigate DDoS attacks.” Corey Nachreiner, director of security strategy, Watchguard Technologies
36 November 2012 Vol.18 No11
ment websites and the financial services sector. “IT professionals will continuously need to battle and handle the issue of DDoS,” he says. “What is worrying is that there are no network layer controls, which really is the key to avoiding DDoS attacks. We need to focus on making sure the attack is dropped as close to the source as possible. It is therefore important to understand where the sources of DDoS attacks are, which is typically the
regions where the most botnetinfected machines also are. “Over the past couple of years, this has typically been in Asia and the former eastern-bloc countries. A major reason for this is that lack of copyright laws means there is a very large number of pirated software and operating systems. Because of this, users in such regions are now more susceptible to malware and botnet agents which are the source of Distributed Denial of Service attacks.”
Cloud and big data were the big talking points during GITEX Technology Week 2012. Leading UAE and global companies discuss those trends 38 November 2012 Vol.18 No.11
BYOD is not a new problem Florian Malecki, head of product marketing at Dell SonicWALL, says that enterprises need to be prepared to allow employees to use their toys
like to be a bit controversial over the growing BYOD trend. If you listen to the analysts; IDC, Gartner, Forrester; they are all predicting that the number of smartphones being sold by 2014-2015 will outgrow the number of laptops being sold. We all say that the employees want to use their own device, but if you look at what they want to use, it is either a tablet or a smartphone, so companies and IT managers have to accommodate all users needs. We did a survey and we looked at what devices our customers are supporting or are open to support, and there is no clear winner. If you look at it from a device point of view, there are people who want to use tablets (about 60%), people who want to use smartphones and people who want to use laptops. The BYOD trend is also not a new challenge, because ten years ago if your company gave you a laptop and you wanted to use your Mac and your company would allow you to use it, that was BYOD. However, what makes it more fashionable now is smartphones and tablets. What we see from large Western European organisations is that people want to use a toy and to be honest they do not really care if it is a corporate managed tablet or smartphone, or whether it is their own. What large organisations are doing, and what makes sense for a cost and security point of view, is they are providing tablets and smartphones for their employees. First of all they can obviously get a better price as they
Florian Malecki of Dell SonicWALL says that BYOD is not a new trend.
applications users want to use, it is mainly emails and maybe one or two web-based applications, but that is it. Trying to prepare a presentation on a tablet or smartphone it is almost impossible, you would use a laptop anyway or a desktop for that. The problem is that BYOD does not only apply to enterprise, but then you have the SMB market which may not be as IT literate as an enterprise organisation because they may only have one or two IT guys.
HOW TO START
“What we see from large Western European organisations is that people want to use a toy and to be honest they don’t really care if it is a corporate managed tablet or smartphone or whether it is their own.” FLORIAN MALECKI, HEAD OF PRODUCT MARKETING AT DELL SONICWALL are buying in bulk; secondly it makes sense from an IT security point of view, because that tablet or smartphone is becoming a managed device, IT can actually install security solutions onto the device and manage it to make sure that it has the latest patch and antivirus solutions.
These solutions can also include mobile device management, which allows companies to segregate corporate and personal data and gives the organisation the ability to remotely wipe the device if it gets stolen or lost, which happens all the time. With BYOD, if you look at what
A good way to start BYOD and try to minimise risks is by using an SSL VPN gateway. The beauty of an SSL VPN gateway is that you are able to identify the user and the user profile as well as identifying the device and setting up a profile for the device. You could have a profile that is a managed device or a personal device, but registered within the corporate ID system. Any organisation whether an SMB or enterprise, if they don’t really know where to start the BYOD journey, if they start looking at implementing an SSL VPN solution like the Dell SonicWALL solution then they probably meet 90% of employees requirements when it comes to BYOD. We have been talking to some very large organisations and they are still on the back foot and they do not want BYOD. My advice to organisations is that if they want to embrace a BYOD project the first thing is they need to define what device IT will support, because they can say they will only support Android or Windows and then they need to survey November 2012 Vol.18 No.11 39
Dell SonicWALL says that people want to use a toy at work and they do not really care whether it is company provided or personal.
the employees and find out what device they are using. There is an example of a hospital in the US that set up a policy for BlackBerries, but then the surgeons, staff and nurses were using iPads, so it missed the point, Everything was secure for BlackBerries, but no one was using them, so really look at what users are using and then define the support,. Then you have different user profiles within the organisation with different requirements, so what IT needs to do in either an SMB or large enterprise, they need to look at the profiles of the users and look at the IT requirements and their IT skills. Take someone from IT, their mobility requirements are probably pretty low as they are office-based and don’t really travel, but then look at the sales and marketing guys and VIPs, the mobility requirements, and I would say their desire to play with their own toys, are very, very high and there is
40 November 2012 Vol.18 No.11
“Any organisation, whether an SMB or enterprise, if they don’t really know where to start the BYOD journey, if they start looking at implementing an SSL VPN solution like the Dell SonicWALL solution then they probably meet 90% of employees requirements when it comes to BYOD.” FLORIAN MALECKI, HEAD OF PRODUCT MARKETING AT DELL SONICWALL nothing bad about that, but their IT knowledge is pretty low. That means that if I am an organisation and I am looking at my technical support, I know that if I want to support this population, my number of incoming calls for technical issues will be pretty high. Enterprises also need to look at t he cost of data for smartphones, roaming we know it could be very expensive so if that is not controlled, BYOD could become a big nightmare from a financial point of view as well. You could have employees coming with extremely high monthly bills and if the company has to reimburse you the total bill could
become very, very significant. The third aspect, which is to me one of the key aspects when it comes to BYOD, is the legal implications. From a technology point of view, we can resolve the issues of data being downloaded onto a personal device, we can encrypt it or delete it, but where enterprises are really worried is the legal implications. Someone is using a personal device, it is personal, and so if IT somehow accesses the device, first of all, do they have the right, is there an agreement between the employee and corporation allowing IT to access that device? If this is in place and some-
how the user cannot access the network, IT remotely connects to the device and does something like accidently deletes personal data or access personal pictures that they should not access; there is a breach of confidentiality. The employee could take the company to court for accessing their device. There is no BYOD law in the Middle East, so what IT decision makers are doing is they are waiting for a court case to happen and see what the decision will be so they can then make an action plan. People know BYOD is here and happening and they know they will be forced to support it.
How to control BYOD The threat of personal devices on a corporate network is a big problem, according to Darren Gross, EMEA senior sales director, Centrify, and companies must be able to control information on those devices
ecurity compliance experts Centrify have released mobile device management software, which integrates one single identity for each individual employee within an organisation, so wherever they go the company can control where they are going and what they are doing, through policies and security settings. “There is a lot of competition in that space, but we are quite unique because we come from an angle of joining the system to Active Directory, so if I leave my iPad on the train, help desk can go and remotely wipe that device so there is no threat to the enterprise,” says Darren Gross, EMEA senior sales director, Centrify. Enterprises also need to look at mobile device configuration to prevent viruses from accessing the corporate network. “You need to know that if someone leaves their mobile device somewhere you need to be easily able to wipe it completely and if they leave the company in a BYOD situation you have to be able to get your corporate data off there. The ability to do those things is very important,” explains Gross. If an employee wants to use their device within the corporate infrastructure, they are going to have to have strict enterprise controls on that device according to Centrify. “Companies have to compromise between what they allow individuals to do on their device or what they do not. What we can do if someone leaves the organisation is wipe the corporate
Darren Gross from Centrify says that companies need to be able to easily wipe corporate data off private devices.
“Companies have to compromise between what they allow individuals to do on their device or what they don’t.” DARREN GROSS, EMEA SENIOR SALES DIRECTOR, CENTRIFY. profile so that it just remains their personal device, again that is a big benefit over a lot of other solutions as you just take away the corporate side of what is in the devices and still leave
them with their Facebook and other stuff,” Gross states. People that use mobile devices tend to have no passcodes on them. Centrify is able to enforce passwords and encryption on a
personal device accessing the corporate network.
CLOUD The company is also developing authentication for off premis cloud software and service type applications so for example SalesForce and WebEx. “Users will be able to sign on with one identity within Active Directory so you control what a user is doing and see where they are going, there is full accountability to what individuals are doing within the organisations,” said Gross. The system will also encompass on-premis applications, again joining them to Active Directory so there is one identity to log onto all enterprise applications. According to Gross, one of the side effects of this is a reduction of the number of calls into help desk for password resets because it is one identity per individual wherever they go within an enterprise network. “Everyone talks about cyberattacks, but the big threat really is from our own employees and that is an issue we are helping to address by removing these privileges from individuals within the organisation,” said Gross. Centrify helps organisations around security compliance and addresses the challenges inherent with traditional UNIX and Linux systems where most enterprises put their big applications and data. Centrify integrates UNIX and Linux with Active Directory and through that a company can control how individuals log onto the network and can control privileges. November 2012 Vol.18 No.11 41
THE MOST CELEBRATED EVENT FOR THE MIDDLE EAST TELECOMS INDUSTRY Tuesday 4th December, 2012 The Westin, Dubai The 7th Annual CommsMEA Awards set out to celebrate and pay tribute to the telecoms industry professionals and operators that have shown outstanding performance and results in key market segments.
For advertising enquiries please contact: Natasha Pendleton +971 4 444 3193 email@example.com
Sponsorship Opportunities Available
For nomination enquiries please contact: Roger Field +971 4 444 3419 firstname.lastname@example.org
For table booking enquiries please contact: Michelle Meyrick +971 4 444 3328 email@example.com
For more information please visit:
Disaster recovery in the region Yasser Zeineldin, CEO, eHosting DataFort, says the company is offering regional enterprises the opportunity to develop DR sites
e offer clients both in UAE and the Middle East region the ability to have a hot disaster recovery site where data is replicated between their production system and the disaster recovery system that is hosted with us. This means that in real time if there is a failure in the primary system they can switch over to the secondary system. One of our clients happens to be the Dubai World Trade Centre for their financial and registration systems. When you have big events like GITEX, if something goes wrong you will need to have a proper disaster recovery set-up. Similarly, Atlantis on The Palm have a disaster recivery site with us, they are quite wary of the fact that they are surrounded by water and it is a good idea to have a disaster recovery site in case there are some big waves. A number of banks including Societe Generale also have systems with us. The good thing about the disaster recovery solution we offer is that is is affordable. In the past CIOs had the mindset that a setting up a DR site means doubling the IT budget because everything they have they have to replicate. A lot of CIOs shied away from implementing DR solutions because of the perception of the cost. However as the industry matured and with proper business continuity planning, businesses can zero in on the most mission critical systems that need to be up and running in no time, then the cost of having a DR set up, whether it is a cloud set up or a full server set up, is actually a fraction of
Yasser Zeineldin, CEO, eHosting DataFort, says setting up a disaster recovery site is much cheaper than companies think.
â€œWhen you have a local presence you have better latency than having to go through servers outside the country, so the round trip for communication is less. Our legacy is in security and the fact that we deploy very sophisticated security technologies also gives customers peace of mind. â€? YASSER ZEINELDIN, CEO, EHOSTING DATAFORT what they think it might be. With the software used to do this replication, especially with the availability of high bandwidth networks, DR can be delivered as a cloud solution at a fraction of the cost of what a DR solution used to cost 10 -15 years ago. Before it used to be millions of dollars for a bank to have a disaster recovery site, now it could be tens of thousands of dollars. We have a number of disaster recovery sites so we can architect and design the solution and can
offer primary services and DR services. For example the Dubai Multi-Commodities Centre opted for a solution that also has a DR component so we are running both production and the DR. BENEFITS OF LOCAL PRESENCE The key thing for us really is the service level management, we take a lot of pride that we are probably the only company in the region that is certified in a number of standards related to service delivery. For example the
business continuity standard is a British one called BS 25999, we are certified in that, to ensure business continuity, and also in IT security management, IT service management and in ITL. When you have a local presence you have better latency then having to go through servers outside the country, so the round trip for communication is less. Our legacy is in security and the fact that we deploy sophisticated security technologies also gives customers peace of mind. November 2012 Vol.18 No.11 43
0 3 ,1 e rag ion ave culat 2 A 1 r i P *B ed c ne 20 it Ju d au an J
SERVING THE MIDDLE EASTâ€™S NETWORKING COMMUNITY FOR MORE THAN16 YEARS
LAY O F
Netw ork infra stru ctur e so lutio ns e volv e to
mee t bu sine ss de man ds
SAUD IA UP GRAD ED
Sau d und i Arabia erta kes n Airlin majo es r up grad e
Unrivalled reach, Unrivalled coverage
SERV ER SO LUTIO NS
Late st d eve lo syste pmen ms a ts in nd h serve 6( 37 ardw r (0 %( are 5
OCTOBER 2012 VOLUME 18 ISSUE 10
SECURITY FIRMS REVEAL THE BIGGEST CYBER-SECURITY THREATS IN 2012 P66
TAKING A LEAD
QATAR PLANS TO INVEST $500 MILLION IN A NATIONAL FIBREOPTIC BROADBAND NETWORK P86
CIARAN FORDE p30
DU EXPLAINS THE IT SECURITY THREATS BEING FACED BY AIRLINES AND THE AVIATION INDUSTRY P44
For advertising enquiries please contact:
George Hojeige Sales Director, ITP Technology Tel: +971 4 444 3203 Email: firstname.lastname@example.org
To subscribe for free visit
PROJECTS OF 2012
â€œIn general 10G BASE-T is an application intended for the normal office LAN and the data centre environments.â€?
Two cabling giants debate whether UTP or STP cables are best for 10GBASE-T networks
EDITORâ€™S LETTER P2 NETWORK NEWS P3 SECURITY NEWS P95 LAST WORD P104
No longer byte-sized: big data Oracle sketches road map for enterprise information growth
s smartphone penetration rates rocket across the Middle East, greatly exceeding those of Western markets - in countries such as the UAE and Saudi Arabia - and tablet revenues gain ground on PC sales, CIOs inevitably discuss the implications of so many mobile data creators. The top global players in the region continually present statistics about the exponential growth of information stores. HP and Intel forecast that by 2015, 15 billion devices will be connected to the internet and IDC predicts that by 2020 the data volume within the enterprise market will be 44 times what it is today.
“Where we are finding most traction right now is with mid-size companies,” says Jean-Claude Michaca, VP of Engineered Systems, Oracle.
FINDING A SOLUTION SMBs and enterprises with a presence in the region are reaching for a fitting technology solution that will crack the data nut and pour out actionable business intelligence. Oracle spent much of GITEX 2012 talking about big data, a subject close to its corporate heart and much on the mind of those businesses. “Any customer who has a large amount of databases that they wish to consolidate in order to reduce OPEX, should consider going down the big data route,” says Jean-Claude Michaca, VP of Engineered Systems, Oracle. “What we have been discussing is, how do you build big data infrastructure without having to start from scratch?” Oracle believes it is about using the assets a business has in place in order to move from a structured data space to a coveted semantic model. However, Michaca explains, it is the lower rungs of the data ladder that the
“Big data really starts to kick in when you load low-sensitivity data like social media information into a Hadoop cluster, perform pre-aggregation on it and combine it with your existing structured data.” JEAN-CLAUDE MICHACA, VP OF ENGINEERED SYSTEMS, ORACLE
majority of business is found. “Where we are finding most traction right now is with midsize companies who cannot afford to have all the IT staff or, for example, a large corporate bank,” he states. Michaca describes an enterprise evolution path where large SMBs with data warehouses, or even disparate corporate databases, can move towards richer and richer info-centric data environments by bolting on more advanced capabilities.
STEP ZERO On the first rung, companies still
live in the traditional structured data space, running one or more relational database management systems, each supporting multiple databases. These environments are capable of little more than vanillaflavoured reporting backed by simple Select statements. All businesses can do within these environments is to address issues of optimal up-time and highvolume transaction efficiency. “A lot of customers have already some kind of data warehousing in place,” explains Michaca. “They capture what we call high-density data such
as revenue and SKUs and they put that into database and run queries on it. That is step zero. We first make that part run smoothly by putting it on an optimised platform for database work such as Oracle’s Exadata.”
STEP ONE To bolt on some measure of business intelligence requires richer data such as location information. With this information analysts can build a more rounded view of the business and even offer some decision support mechanisms. “To build on [the structured November 2012 Vol.18 No.11 45
data model] we can blend in spatial and geo data,” Michaca says. “Then you can start to ask questions like, ‘Where are my best customers located?’ and ‘Who are the customers that are due to churn next month?’ But you are still, at this point, in the realm of structured data.”
STEP TWO Climbing to the next rung requires a little more computational power and, depending on the exact business application, may require the use of distributed solutions to cover the volume of information covered by social media. Potentially massive chunks of unstructured data need to be broken down and analysed so that actionable patterns can be recognised. “Big data really starts to kick in when you load low-sensitivity data like social media information into a Hadoop cluster [a massively distributed, highvolume database spanning hundreds, frequently thousands of server nodes], perform preaggregation on it and combine it with your existing structured data,” says Michaca. The questions that enterprises can ask of this sort of structure are along the lines of: “What do people think of us as a company?” or “What are the products they like or don’t like?”
STEP THREE The next step, Michaca explains, involves high-velocity, high-performance setups where organisations stream data and analyse it in real time. Such environments are among the most agile in terms of decision-support, being able to react to live environments at a hitherto unthinkable pace. “At the Nato summit this summer in Chicago the police were doing real-time Twitter feed analysis to understand what rioters were planning and where they were intending to go,” says Michaca. “So in real time they
46 November 2012 Vol.18 No.11
were able to reallocate police officers to where the crowds were [about to gather].” Once data environments hit critical mass, the level of querying capability opens doors to semantic analysis. Michaca sketchesa picture of a business connected to its customer base in unprecedented fashion because of social media. The kind of research that would typically take months, via door-to-door quizzing and weeks through telephone polls, takes relative moments through big data architectures. “You can give tools to business people to allow semantic queries on the data, so if I am about to launch a new car, I can ask, ‘Who is the best athlete out there to represent the brand?’”, says HP and Intel have forecast that by 2015, 15 billion devices will be connected to the internet and creating data.
Michaca. “You can analyse social media feeds where the names of athletes appear and where the community of interest is cars and you link the two together to rank the personalities by popularity.”
MISSION STATEMENT Michaca believes that data is king and that big data can monetise the information assets of a business. But some organisational habits may need to be broken in order to realise that potential. “We want to enable companies to become data-driven enterprises,” Michaca says. “We want to move away from making decisions based on what we call HIPPOs – that is the highest-paid person’s opinion, which generally comes from C-level because those are the
people with greatest seniority – to using accurate data. In Singapore, authorities wanted to find out why you could not find a taxi on a rainy day in Singapore. The HIPPO in this instance asked, ‘Why do you want to put a team together to investigate this when the answer is obvious? When it rains people will all jump into taxis. Analysis was performed on 10 years of GPS data for taxis correlated with data from weather forecasts and it was found that a lot of taxis were sitting idle on a rainy day. “Further analysis showed that a lot of those taxis were part of one particular taxi company, which had a retention policy on salaries in case of an accident. So the taxis were not taking the risk. This is a data-driven conclusion.”
November 2012 Vol.18 No.11
Shibu Vahid from R&M says that enterprises across the region are keen to jump onto the cloud bandwagon.
Cloud: Implications for network cabling Shibu Vahid, head of Technical Operations, R&M Middle East & Africa, shares his insights into cloud and cabling
loud computing is becoming pervasive and cloud-delivered hosted applications are presenting new challenges and business opportunities. IDC predicts that the cloud market alone will have grown into a $45 billion industry by 2014, nearly tripling its business within five years. This ongoing trend towards cloud computing will in turn change the way organisations manage and operate their data centres. The Cisco Global Cloud Index, which is an ongoing effort to forecast the growth of global data centre and cloud-based IP traffic, predicts that by 2015,
more than one-third of all data centre traffic will be based in the cloud. The report states growing adoption and migration to the cloud and the ability of cloud data centre to handle significantly higher traffic loads as the reasons behind this. Enterprises across the region are eager to jump onto the cloud bandwagon but are now asking pertinent questions about how to leverage this new technology while still maintaining the same levels of security, reliability and performance as were seen with on-premise deployments. At the heart of these discussions are concerns regarding the integrity
of the infrastructure required to support a successful cloud deployment and network cabling is one of the key components being assessed. In recent years, much of the growth that the cabling industry has witnessed has been due to the increasingly prominent role of the data centre. Organisations have shifted their focus from the traditional â€˜siloâ€™ approach to one which treats the data centre as a strategic piece of IT infrastructure. The mega-trend of digitisation has meant that data centres now have to deal with volumes of data that were previously unimaginable. Industry
experts have already heralded the coming of the zetabyte era plunging data centre managers into a frenzy to implement the most cost-effective, future-proof connectivity infrastructure both quickly and efficiently. Another technology trend which has driven the need for the deployment of highperformance and robust cabling infrastructure is that of server virtualisation. In many ways is seen as the precursor to cloud computing- the concept of virtual machines not being tied to physical servers allows for the flexible scaling required in the cloud paradigm. While virtu-
alisation reduces the number of physical servers present in the data centre, it translates to a greater utilisation of existing resources. What this then means is that a large number of applications are now dependent on the same underlying infrastructure, thereby placing the latency and robustness of the system in the limelight. The flexibility required to implement these developments in the data centre environment places a new series of demands on the network cabling infrastructure. IMPACT OF CLOUD COMPUTING: THE NEED FOR SPEED As server virtualisation paves the way for cloud-based deploy-
ments, organisations will now need to ready themselves for a transition to a cabling infrastructure which supports 40 and 100 Gbit/s speeds. This demand for higher speeds requires higher performing cabling to support the infrastructure. Revision of current standards has led the industry to transition from the use of Cat 6 copper cables to Cat 6A cables. In addition, fibre optic cabling is being increasingly deployed to meet the high speed requirements with OM4 multimode fibre being very widely deployed. FOCUS ON SECURITY The ability to quickly and securely transfer data to and from the cloud will determine the success
“Enterprises across the region are eager to jump onto the cloud bandwagon but are now asking pertinent questions about how to leverage this new technology while still maintaining the same levels of security, reliability and performance as were seen with on-premise deployments.”
of the deployment. The move to the cloud will also require much higher precision and a much tighter system design approach. In the case of private clouds, since most applications will be delivered via the network, scaling the bandwidth to meet the requirements of the users will be a must. Also, with the growing use of mobile devices, network managers will need to plan for supporting the bandwidth requirement in a safe and secure manner. FLEXIBILITY FOR MIGRATION Given that cloud computing is still in its infancy, it can be expected that enterprises will chose to gradually migrate their services to the cloud. The challenge then faced is planning an infrastructure that supports the current requirements while still accommodating for future needs. The cloud computing model supports and emphasises the dynamic allocation of services. The ‘on demand’ nature of this technology will result in peaks and troughs in network usage. The physical network then needs to provide the additional capacity to allow for peaks to be handled without significantly
impacting capital expenses due to over provisioning. BENEFITS As security is still a large part of the ongoing cloud discussion, organisations are likely to favour the ‘private cloud’ for their business-critical applications. This may then lead to a scenario wherein the organisation chooses to bring the private cloud assets back into the enterprise. Here too the flexibility of the cabling solution to support the migration with minimal impact on regular business operations will play a key role. Cloud computing promises compelling financial benefits, ‘on demand’ processing, and reduced management overheads. It is likely to impact the entire manner in which IT delivers information services which will inevitably affect data patterns and traffic levels on the network. Already essential to business success, the network will no doubt assume an even greater significance. It is imperative then that IT infrastructure managers implement the most cost-effective, future-proof connectivity infrastructure with performance, security and flexibility at the top of their priority lists. The cloud computing model supports and emphasises the dynamic allocation of services, according to R&M.
48 November 2012 Vol.18 No.11
November 2012 Vol.18 No.11
Nicolai Solling from helpAG says that one of the biggest issues with passwords is that there are too many of them to remember.
Two-factor authentication is vital to secure access Nicolai Solling, director of technology services at help AG, says passwords are no longer enough to keep enterprises secure
asswords have long been used by enterprises to permit secure access to vital applications, data, systems and networks. This tired-and-tested form of
authentication is still widely deployed as the first line of defence, protecting sensitive corporate data and applications from external threats. However, in todayâ€™s world, as the depen-
dence on information technology grows exponentially, many corporations are now struggling to manage and store passwords securely for their employees. One of the big issues with
password management is that there are simply too many of them. Research has shown that at any given point of time, a single employee will be required to maintain an average of 15 dif-
Providing an OTP over SMS may seem secure, but SMS is not a secure transmission channel.
ferent passwords within both the private and corporate spheres. The challenge of remembering this sheer volume of login credentials is exacerbated by rigid password policies which specify guidelines such as use of lower and upper case characters, special characters and alphanumeric combinations. What this inadvertently promotes then is the reuse passwords across multiple applications including social media websites which have historically proven to be woefully insecure. Furthermore, complex password policies often stipulate regular update which can make it difficult for users to remember their passwords. Resetting a forgotten password would require a call to the IT helpdesk. Statistics show that 35% to 50% of help desk calls are related to passwords with a cost estimated between $25 to $50 per call. And this does not even account for the loss of productivity in the
time that it takes to reset the password which itself is a massive overhead. COMPLEXITY Organisations have tried to remedy these problems though the use of Single Sign-On (SSO) solutions. By employing complex application integration, enterprises grant users access to all the systems with a single username/ password combination. But this is limited by the complexity of the underlying systems and compatibility issues. More importantly, given that cyber criminals now have a number of sophisticated means to infiltrate systems and steal credentials, the Single Sign-On (SSO) is no longer a viable authentication solution. Organisations need to make long-term plans for replacing or supplementing password-based authentication with stronger forms of authentication. TWO FACTOR AUTHENTICATION
“The challenge of remembering this sheer volume of login credentials is exacerbated by rigid password policies which specify guidelines such as use of lower and upper case characters, special characters and alphanumeric combinations.” 50 November 2012 Vol.18 No.11
This is seen as the next logical step in user authentication and is far more secure than password based authentication. The basic principle followed by such systems is to grant access based on ‘something you know’ such as a username/ password combination and ‘something you have’. The latter part of this requirement could be a one time password (OTP) provided in a text message or by a secure token systems. What IT managers need to be aware of however, is that the various forms of two-factor authentication are vastly different in their implementations and therefore will differ in their performance. By understanding the vulnerabilities of each of these systems, decision makers can select the solution which best protects the organisation. THE PITFALLS OF TEXT MESSAGING PASSWORDS Providing an OTP via a text message may seem secure but organisations need to consider that SMS is not an inherently secure transmission channel. As SMS does not employ any form or encryption, it is very easy for hackers to use low cost hardware to intercept these messages, extract the information from them and then gain access to the network by using this. The cost associated with SMS services may mean organisations limit the authentication challenges. Furthermore SMS based token solutions are troublesome as with certain mobile networks, SMS is a low priority service and therefore may sometimes only arrive with considerable latency, thereby making authentication impossible. TOKEN BASED AUTHENTICATION A highly popular form of twofactor authentication, which has already seen usage by enterprises across the globe, has been the use of a dynamically generated token. This is by far the best form of authentication but CIOs still need pay close attention to how the tokens are distributed and managed. Currently, most well estab-
lished vendors provide hardware devices which generated tokens based on pre-loaded seat-keys. The problem with these systems however is that these seat-keys are hardcoded into the devices at the time of manufacture and this information is managed by a third party provider. As with any critical business application, entrusting such information to a outside source should immediately raise security concerns. This became all but too apparent when hackers broken into the servers of security firm RSA and stolen information linked to the company’s SecurID tokens, which are widely used to grant secure access to corporate networks and online bank accounts. Furthermore, the token device itself entails a substantial overhead and as the number of users increases, the cost of such an implementation skyrockets as well. Loss of the device could translate to loss of productivity as there is inevitably a time duration associated with procuring a new hardware device. ADVANCEMENTS IN TWOFACTOR AUTHENTICATION The good news however is that there are now players in the market who offer two-factor authentication solutions which overcome both these limitations. These solutions entrust the generation of seat-keys to the organisation itself thereby removing the dependence on a third party provider. Furthermore, software tokens can be generated on the employees mobile device and though desktop applications thereby bringing down implementation costs as well as easing distribution efforts. Organisations need to understand that investment for a secure architecture at the time of initial deployment can mean far better cost-efficiency than working security into the design at a later point. Username/password as the sole means for authentication is no longer a feasible solution and smart businesses that avail the latest technologies will see long term benefits.
Richard Hyatt, Co-founder and CTO, BlueCat Networks, says organisations can reduce migration costs and minimise the business impact of the changeover.
Migrating to IPv6 Richard Hyatt, co-founder and CTO, BlueCat Networks, explains the move from IPv4 to IPv6
HOW CAN COMPANIES MOVE FROM IPV4 TO IPV6? A successful IPv4 to IPv6 migration strategy can be broken into six manageable phases. BlueCat Networks leverage IP Address Management solutions and expertise to help customers take a structured approach to these phases: Discover – Discover all IPv4 and IPv6 resources on your network to prepare for IPv6 and identify potential security gaps. Plan – Plan your IPv6 environment based on a thorough understanding of your existing networks and IP addresses that are already in use. Model – Create and model IPv6 blocks and networks including local and global unicast address space for optimal design. Add IPv6 hosts and define IPv4, IPv6 or dual addresses for each host. Map – Map IPv6 networks and addresses to existing IPv4 devices and track dual-stacked IPv4/IPv6 hosts by DNS name,
MAC address or device. Implement – Deploy IPv6enabled DNS hosts and create the necessary IPv6 AAAA records and corresponding NAPTR records alongside existing IPv4 DNS data. Manage – Simplify the ongoing management of IPv6 and dualstacked environments with a cohesive, business-centric view of your entire naming and addressing infrastructure (both IPv4/IPv6). With this phased migration approach, organisations can reduce migration costs and minimise the business impact of the changeover. Organisations need to put the transition into perspective and think of IPv6 in business rather than technology terms. All organisations will need to migrate to IPv6 but, at this point, most only need to look at external IPv6 connectivity. Some organisations will face limits on their internal IPv4 address space, but most
will be fine for a few more years. Over the next few years, the next generation of ‘killer apps’ and network technologies, which will be built around IPv6, will create the demand and business case for migrating most internal networks to IPv6. HOW DOES IPV4-6 MIGRATION HARDWARE/SOFTWARE WORK? While there are several different IPv4-IPv6 migration tools available, including tunneling and translation, most organisations will likely opt for a dual-stacked approach in which IPv4 and IPv6 are run simultaneously. The ability to run IPv4 and IPv6 within the same network means that there’s no need to move to IPv6 all at once – you can gradually migrate parts
of your network as you go forward. Dual-stacked IPv4/IPv6 networks will require a new approach to IP Address Management. In a dual-stacked environment, organisations will have difficulty managing their IP space with traditional manual methods like spreadsheets or database tools. These legacy methods lack the automation, integration and agility needed to effectively manage today’s dynamic and complex data center and cloud networks, much less accommodate IPv6. With an enormous address pool and complex subnet structure, IPv6 simply cannot be tracked on a spreadsheet – finding a specific address in a seemingly endless list of IPv6 addresses in Excel would be like finding a needle in a haystack. Everyday tasks
“Organisations need to put the transition into perspective and think of IPv6 in business rather than technology terms.’” RICHARD HYATT, CO-FOUNDER, BLUECAT NETWORKS November 2012 Vol.18 No.11 51
such as determining the next available network will become anything but trivial. In the short term, organisations looking to reduce costs for their external IPv6 connectivity should look at DNS64/NAT64. Although not as flexible as dual-stack, network address translation (NAT) allows you to keep your IPv4 infrastructure by NATing the traffic in front of it. This works by mapping existing DNS IPv4 Address (A) records to IPv6 (AAAA) records and NATing the IPv6 traffic to IPv4. This method works well for most environments, although scalability may become an issue as organisations continue to add more devices to our networks. Another potential with NAT is logging and tracking source addresses, since they are not visible to IPv4 applications. Some vendors have workarounds for this, but it does add an extra wrinkle to the process. IP Address Management (IPAM) solutions automate common
greatest routers and switches but most have a mixture of new, old and in between. Many of the larger names in switching and routing have had IPv6 functionality for sometime since the IPv6 RFC standard was issued in 1998. Although your device might have IPv6 functionality, the big question will be ‘Does it run in software or hardware?’ If the answer is software, it will be good for a test system, but probably not for your production environment. This is an unfortunate expense, but you need to keep in mind that many organisations have yet to transition their infrastructure and having IPv6 functionality in software helped keep costs in line over the last several years. Networking hardware is only part of the issue; the potentially larger expense will lie in the software systems that you use to run your organisation. The latest operating systems from Microsoft, Apple and Linux fully support IPv6,
“While there are several diﬀerent IPv4IPv6 migration tools available, including tunneling and translation, most organisations will likely opt for a dualstacked approach in which IPv4 and IPv6 are run simultaneously.’” RICHARD HYATT, CO-FOUNDERM BLUECAT NETWORKS
administrative tasks and insulate network administrators from the complexity of defining, allocating and managing IPv6 blocks, dualstacked networks and addresses. Without IPAM, organisations will be unable to cope with the added complexity. An IP Address Management (IPAM) solution offers capabilities for controlling, automating and managing IPv6 address space and name space. IS IPV4-6 MIGRATION A LARGE EXPENSE FOR ENTERPRISES? Migrating an entire organisation will be expensive and will take several years. Gartner estimates that as much as 6% of the total annual IT budget will be spent on IPv6 migration. Some organisations have the latest and
52 November 2012 Vol.18 No 11
but the previous implementations that many of us have don’t work as well. Operating systems such as Microsoft XP that has been released for over a decade has many issues running the IPv6 protocol. One solution might be to upgrade the operating systems but in many cases, the software running on them is not compatible with the new technology. In addition, many in-house or custom applications will require close examination to determine if they are IPv6 compatible. If not, additional expenses will add up fast. Transitioning for some might make the Y2K effort seem small in comparison. In addition to the software, hardware and application costs, one needs to factor in the cost for training,
In a dual-stacked environment, organisations will have difficulty managing their IP space with traditional manual methods like spreadsheets or database tools.
education, consulting and cutover costs. Today, most enterprises are simply not equipped for IPv6 and need to build their inhouse expertise. From our own experience with customers, they have required a fair amount of training to even start with their IPv6 planning let alone begin their actual transition. Although the costs of transitioning seem expensive and extreme, most organisations will only elect to transition their external, publicfacing internet infrastructure at this time. Some might see this as delaying the inevitable but, in today’s world where every dollar counts on the bottom line, it might make sense. WHAT ARE THE BIGGEST CHALLENGES IN IPV4-6 MIGRATION? In our work with customers, we have identified two key IPv6 challenges: The first is an incomplete or fragmented view of existing IPv4 networks, which can increase IPv6 migration risks. A solid IPv6 transition plan starts with a thorough understanding of your existing IPv4 environment. IPv6 provides an opportunity to simplify many aspects of IP addressing by allowing organisations to map business logic to IPv6 addresses and better structure and break down IPv6 address space. In order to take full advantage of IPv6, organisations need to start with a properly planned IPv6 address space to avoid carrying the errors and inefficiencies of the past forward. The second big challenge is IPv6 training and education. IPv6 addresses and networking
concepts differ greatly from IPv4. IPv6 addresses are four times longer than IPv4 addresses and are represented in hexadecimal, a format that is not human-friendly. Unlike IPv4, IPv6 networks are not limited by broadcast. IPv6 multicast allows for the creation of larger, flatter networks that will need to be managed and tracked differently than with IPv4. WHAT IS THE TIMELINE FOR COMPANIES IN THE REGION TO MOVE TO IPV6? On September 14, 2012, The RIPE NCC, the regional internet registry for Europe, the Middle East and parts of Central Asia, announced that it is now allocating IPv4 addresses from ‘the last /8’ – the final block of 16.8 million IPv4 addresses. From now on, the RIPE NCC can only distribute IPv6 addresses and a one-time /22 IPv4 allocation (1,024 IPv4 addresses) from the last /8 to those Local Internet Registries that meet the requirements. For organisations in the Middle East, this essentially means that IPv4 exhaustion has arrived and the time for talking about IPv6 is over. Technologies like NAT may help you extend your existing IPv4 address space, but this is not a permanent solution. With IP-dependent initiatives like cloud, virtualisation and BYOD rapidly consuming the last remaining IPv4 addresses, organisations need to get serious about planning IPv6 migration. Like any large-scale IT initiative, fire drills are not the way to approach IPv6, you need a migration plan to reduce transition costs, mitigate risk and minimise disruption.
THE WORLDâ€™S LEADING PEER-LED DATA CENTER CONFERENCE & EXPO SERIES 2012 CALENDAR
Add your nearest DatacenterDynamic s conference to your diary now
FEATURED EVENT DUBAI /07&.#&35) +6.&*3")#&"$))05&Gold Sponsors
DCD Converged pulls together the people, process and technology necessary to execute a world-class data center strategy under one roof. With 70% of DCD attendees responsible for the direction, tactical management, and operational implementation of their data center strategy we are continually evolving our conference programs to meet your growing information needs.
Why should I attend? t0VUTUBOEJOHLFZOPUFTQFBLFSTUIBUXJMMJOTQJSFZPV t/FUXPSLXJUITQFBLFSTBOEJOEVTUSZQFFST t$IPPTFTUSFBNFETFTTJPOTEJSFDUMZSFMFWBOUUPZPVSSPMF t%FCBUFXJUIBMBSHFBVEJFODFPGEBUBDFOUFSQSPGFTTJPOBMT t%JTDPWFSUIFMBUFTUUFDIOPMPHZGSPNFYIJCJUPST
NEW SMARTPHONE APP '*/%*/(/&88":450*/5&3"$5 8*5)$0--&"(6&4*/ "-*7&&/7*30.&/5 App name: DCD Planner Apple App Store "OESPJE.BSLFUQMBDF
JOB FUNCTIONS OF ATTENDEES 11% 27%
Finance, Sales, Other
Contact Us: Registration Enquiries: Wasim Hamid + 971 (0) 4 434 8452 Sponsorship Enquiries: email@example.com or + 971 (0) 4 434 8452
November 2012 Vol.18 No.11
Eugene Kaspersky of Kaspersky Lab has confirmed that the company is working on an operating system.
Kaspersky develops OS to secure critical platforms
Cyber security specialist Kaspersky Lab has confirmed rumours of the launch of a new operating system that will be designed to secure critical infrastructure distributions such as energy generation and telecommunications. Writing on his blog, Eugene Kaspersky, co-founder and CEO of Kaspersky Lab, reiterated the warnings he gave to delegates and press at this week’s International Telecommunication Union (ITU) Telecom World 2012. Kaspersky Lab co-hosted a cyber-security roundtable with the UN ICT watchdog at the event, where Kaspersky himself
delivered the keynote address. On the blog, he confirmed that the company was “working on developing technologies for a secure operating system aimed at protecting critical IT industrial control systems”. His warnings, which embrace a number of doomsday scenarios involving critical infrastructure collapse from malware exploits, were designed to provoke action among regulators and governments to take steps to plug what Kaspersky sees as gaping holes in critical systems. “Today I’d like to talk about the future,” he blogged. “About a not-so-glamorous future of mass
cyber-attacks on nuclear power stations, energy supply and transportation control facilities, financial and telecommunications systems, and in general what we call critically important installations. Or you could think back to Die Hard 4.0, where an attack on infrastructure plunged pretty much the whole country into chaos.” Kaspersky’s alert comes at a time when numerous enterpriselevel technology platforms across the GCC have been subjected to malware attacks. Exploits have ranged from the zero-day virus incursions at Saudi’s Aramco, to the counterfeiting of Qatari
news network Al Jazeera’s SMS alert service, which allowed cyber criminals to blanket fake press coverage to subscribers of the assassinations of prominent members of the Qatari government. “Alas, John McClane isn’t around to solve the problem of vulnerable industrial systems, and even if he were, his usual methods of choice wouldn’t work,” Kaspersky wrote. “However, we are working on developing technologies for a secure operating system aimed at protecting precisely these same critical IT industrial control systems (ICS). “
AnchorFree warns of cyber-threats to SMBs Online privacy and internet freedom leader, AnchorFree, has highlighted the need for the UAE’s small and medium sized enterprise (SME) sector to safeguard against cyber-attacks. “SMEs are vital to the UAE’s future development and they need to be as nimble and flexible as possible, not only to stay ahead of the competition, but also compete with large companies with more resources,” said David Gorodyansky, CEO, AnchorFree.
“To suddenly be hamstrung by malware, phishing or spam could spell disaster in terms of downtime and lost data. It is critical that business people are safeguarded at all times – irrespective of whether they are in the office or logging on to a hotel’s WiFi hotspot on the road.” The problem is particularly pronounced for new businesses reliant on mobile technology and cloud-based solutions. The potential playing field for
would-be cyber-attackers is more extensive than ever in the region, with IT spend among SMEs in the Middle East and North Africa (MENA) set to rise from last year’s outlay of $16.73 billion to $24.48 bn by 2015, according to IDC. Although many companies use anti-virus software on their computers, most ignore a different set of potential threats that emerge during unprotected internet usage, particularly in public Wi-Fi hotspots.
The UAE currently accommodates around 200,000 SMEs, with the UAE Ministry of Economy revealing that their contribution to the country’s GDP in 2011 stood at 60%. AnchorFree, which is expanding in the MENA region, is gaining increasing traction from SMEs in the region for its Hotspot Shield VPN, which is designed to encrypt accessed web pages and provide a secure tunnel, to prevent hackers from preying on users of public WiFi.
November 2012 Vol.18 No.11
Prolexic says the DDoS attacks have been launched using the itsoknoproblembro DDoS toolkit
Prolexic discovers complex DDoS attack Distributed Denial of Service (DDoS) protection experts Prolexic Technologies has warned of an escalating threat from unusually large and highly sophisticated DDoS attacks. These attacks were launched at the end of September using the itsoknoproblembro DDoS toolkit. According to Prolexic, the cybercriminals behind the attacks seem to have knowledge of common DDoS mitigation methods, due to the sophisticated nature of the denail of service attack. The attack signatures are
extremely complex and Prolexic has recorded sustained floods peaking at 70 Gbps and more than 30 million pps against some of its customers. The company says that most mitigation providers would struggle to combat DDoS attacks with these characteristics. “What we are experiencing is a dramatic uptick in the size and sophistication of DDoS attacks to a level not previously observed,” said Prolexic chief executive officer Scott Hammack. “Only a handful of companies around
the world could survive a hit of 70 Gbps in conjunction with the complex blend of attack vectors we have witnessed.” The itsoknoproblembro toolkit includes multiple infrastructure and application-layer attack vectors, such as SYN floods, that can simultaneously attack multiple destination ports and targets, as well as ICMP, UDP and SSL encrypted attack types, according to Prolexic. A common characteristic of the attacks is a large UDP flood targeting DNS infrastructures.
Uniquely, the attacking botnet contains many legitimate (nonspoofed) IP addresses, enabling the attack to bypass most antispoofing mechanisms. “The size and sophistication of this threat has created a highalert within various industries and with good reason,” said Hammack. “I’m proud to say we’ve successfully mitigated multiple itsoknoproblembro campaigns throughout the year, even when attack vectors have continuously modulated during the course of the assault.”
49% of users connect infected storage devices Kaspersky Lab statistics show that 49% of users in the GCC have had computer infections caused by portable data carriers such as optical discs or USB drives. The survey conducted by O+K Research in May 2012 at the request of Kaspersky Lab, shows
that users encounter infected flash drives on a regular basis. Along with cyber-threats, users worry about unauthorised access to their personal data and the devices it is stored on. According to the survey, this problem affected 46% of desktop
and laptop users in GCC, 10% of tablet owners and 9% of those respondents with smartphones. The experts at O+K Research also found that in UAE, 39% of smartphone users and 34% of tablet owners use unsecured public networks and that 17% of
those with laptops also make use of free Wi-Fi. Over half of the respondents use these networks every day or at least 2-3 times a week. This statistic demonstrates that users clearly underestimate the dangers of free Wi-Fi.
November 2012 Vol.18 No.11
Nicolai Solling, director of technical services at help AG, talks us through his career
Can you tell us how you began working in the IT industry in the UAE? Like many other people it started with a holiday. At that point in time I was working for Juniper Networks, and while on vacation I got in touch with one of the Juniper Partners down here. We quickly found out we think the same way and I could have a future here in the Middle East. Five years on I have to say that it has been a very good experience being here and to be a part of the growth of help AG has just been a phenomenal experience. What is the best and worst thing about the networking industry in the UAE? The positives far outweigh the negatives.The positive thing is all of the individuals I interact with on a daily basis. What I dislike the most is probably the drive home from Abu Dhabi on a Thursday afternoon. Dealing with all the traffic on the roads in the UAE is actually a constant challenge. Another thing that sometimes frustrates me is how customers allow themselves to be influenced by vendors instead of trying to understand exactly what their individual requirements are. Talk us through what you do on a daily basis. First of all I have a lot of meetings with customers, doing design workshops and outlining how technical requirements can be met. I try to spend as much time with customers as possible as it allows me to keep sharp by constantly listening and trying to
figure out what problems they face. A lot of my time is spent in interviewing potential new employees. What has been your proudest achievement in your career so far? There are a few, but what far outshines anything else is what we have achieved with help AG in such a short timeframe. From being seen as just another systems integrator we are now seen as a real market leader in the security industry offering a complete portfolio of high quality services and solutions within security infrastructure, consultancy, vulnerability assessment and penetration testing â€“ all combined with a very solid support organisation. Comparing the IT industry in the UAE to other countries, do you think it measures up or is lacking and why? In the UAE and in the Gulf I think the intentions are extremely good, but sometimes the implementation of those intentions is a bit less successful, or at least an area that we can improve upon. I really enjoy seeing when one of our solutions or projects positively changes how a customer operates or security levels are improved. What IT company, other than your own do you admire and why? In our domain I would highlight F5 Networks, Palo Alto Networks and Juniper, which all are delivering great technology. If I can look a bit outside IT I really admire the companies focusing on green energy, specifically wind and wave technology as these technology
companies ultimately are going to change the way we live and exist, specifically in the current economic climate they are having a tough time. Who do you look up to in your career and why? There have been a number of people. I had the pleasure of meeting John Chambers from Cisco Systems during my career there and he was definitely a very charismatic personality. What do you do for fun? I write proposals and answer RFPsâ€Śno seriously I do work a lot. I did recently take up one of my old hobbies though which is guitar playing. Music is in general one of those interests I have which can completely switch me off from the normal world and allow me to reflect and concentrate on other stuff. What is one unusual thing about you? I am probably a very normal person with all the quirks and odd features it involves. Like many other people, I sing in the shower and only shower when I sing.
All-in-one \adj: all-inclusive. For the contact centre, Interactive Intelligence defines its all-in-one IP communications platform this way: All communications applications running on a single platform. A single point of administration for all functionality, meaning less training and less complexity. Add-on applications activated with simple license keys, to bypass costly, complex integrations. Complete fault tolerance and business continuity for all contact centre applications. A single all-inclusive solution from a single vendor, including a single maintenance contract. All redefined by a lower total cost of ownership. Shouldnâ€™t this be your definition too?
www.inin.com &217$&7&(17(5Â‡81,),('&20081,&$7,216Â‡%86,1(66352&(66$8720$7,21 Cloud-based or On-premise
Click. Click. Let the video collaboration begin.
Connecting your business with video comes easy with Avaya. With Avaya, your next video call is always just a click, swipe or touch away. And unlike other vendors, we connect to your existing infrastructure to create a video system thatâ€™s simpler and more affordable. To learn more about video and support services where everything just clicks, visit avaya.com/click.
ÂŠ 2012 Avaya Inc. All rights reserved.