Managing Director , Juniper Networks India
As our society becomes more information driven, expectations of public service are changing, with rising demands for improved quality of service and electronic access. And while it is understood that government needs to collect a wide variety of data on individuals, businesses and other organizations, citizens rightly expect that this data will remain secure and their privacy respected.
This putsa lot of focus on the quality of eGovernment infrastructure, both at core and the periphery.
Securing the data centre
At the core, today’s data centre architectures are in the crosshairs of several significant technology trends, each with fundamental implications for security and IT management.
This matters a great deal because government data centres are the repository for a great deal of sensitive and commercially valuable information that makes them a compelling target for cybercriminal organizations and foreign entities. At the same time the disruption of public services, driven from data centres, must be avoided.
For the security teams responsible for safeguarding national, state and local government IT assets, data centre consolidation, virtualization, application componentization and fabric networks present a host of challenges. New approaches and capabilities are needed to address the requirements of scale, visibility and intelligent enforcement to ensure proactive, effective security ofnextgeneration data centres.
Data centre consolidation is now well-established as a way to maximize economies of scale. Consequently, extremely large data centres are increasingly the norm and this concentration of computing, storage, and networking is creating unprecedented scale requirements for network security.
As virtualization becomes more mainstream, the nature of computing inside the data centre has fundamentally changed, with workloads increasingly moving from dedicated physical servers to multiple virtual machines. As a result, a typical application workload is now completely mobile; it can be initiated anywhere in the data centre, and it can even be moved from one physical server to another while running.
Most importantly, virtual machines running on a single server communicate via an internal virtual switch (vSwitch). This has fundamental implications for traditional network security architectures, which were not designed with a focus on intra-server traffic.
Applicationsare also becoming more componentized to allow for more code reuse and, given that each component can be scaled separately, provide better scalability and workload distribution.One effect of this, however, is that it multiplies data centre network traffic, with “East-West” traffic – between different servers with the data centre – growing fast and surpassing the amount of “North-South” traffic between the data centre and external destinations. This not only pushes the scale requirements of security mechanisms in the data centre but can expose additional areas of vulnerability, since conventional data centre security architecture was not really designed for this.
Both in reaction to the above trends – and in an on-going effort to improve data centreefficiency, scalability, availability, and agility – “fabric” network architecture is increasingly being adoptedby data centres. Thisenables many physical networking devices to be interconnected so that they are managed and behave as one logical device. Correspondingly, network security infrastructures need to be adapted to the management and integration implications of fabric network architecture.
Traditional data centre security approaches, which are characterized by a focus on relatively static patterns of communication and the network perimeter, will no longer suffice in the face of these trends.
To meet the challenges of the next-generation data centre network security needs to scale to accommodate increasing traffic, more processing-intensive intelligence to combat increasingly sophisticated threats, and more deployment options and scenarios. To be effective, network security solutions also need more on textual visibility into relevant traffic while security teams need the ability to efficiently enforce policies on both physical and virtualized workloads.
Juniper Networks has been working for some years on data centre security solutions that intersect these parallel trends and deliver the flexible, robust and proactive security needed in the next-generation data centre.
One of the cornerstones of our approach to the data centre is to simplify wherever possible, which is the thinking behind Juniper Networks® SrX Series Services Gateways. The SrX Series are multi-service devices that combine a firewall with a range of other security options including intrusion detection and prevention, virtual private networking and application level security, eliminating the need to deploy and manage separate devices for each of these services.
At the same time, the SrX Series is designed to enable organizations to scale multidimensional security, without compromise, in line with data centre workload and network performance in hyper-consolidated data centres.
And since the SrX Series run the same Juniper Networks®Junos operating system as our switches and routers, security is deeply integrated and orchestrated across the data centre network infrastructure. This includes the virtual level of operations where our vGW Virtual Gateway solution, running on a VMware hypervisor, enables network security policies to be automatically replicated from an SrX gateway and enforced on traffic flowing between different virtual machines.
To inject greater context and intelligence to data centresecurity, Juniper Networks has also introduced the Junos Spotlight Secure, a service that acts as the global consolidation point for attacker and threat information, feeding real-time intelligence to Juniper’s security solutions such as SrX gateways.
While data centresare expanding and consolidating, the opposite is happening to the devices we use to access and manipulate data. Desktop pCs are now the exception rather than the norm while the utility of mobile devices has changed almost beyond recognition and they are now numbered in billions.
For service-focused government information mobility – enabling a far more engaged model of public service – is just as attractive as anywhere, anytime data and application access is to businesses.
For every positive development in the mobile market, however, there is often a risk. For example, while application stores give users unprecedented ease of access to a plethora of programs; they are also proving to be a fertile environment for the distribution of malware. likewise, the increasing power of mobile devices also increases their potential to compromisesystems and government data.
APPLICATIONS ARE ALSO BECOMING MORE COMPONENTIZED TO ALLOW FOR MORE CODE REUSE AND, GIVEN THAT EACH COMPONENT CAN BE SCALED SEPARATELY, PROVIDE BETTER SCALABILITY AND WORKLOAD DISTRIBUTION
Finally, the very portability of mobile devices means that they are highly susceptible to loss and theft.
While just about every aspect of mobiles devices – including screen size, processing power, storage, user interface and applications – have advanced by leaps and bounds, mobile device security has remained static. It is as if, beguiled by the flashy features of our iphones and Androids,we have lost sight of the fact that they are computers and share the same vulnerabilities as pCs but also have their own size-related security issues.
Not surprisingly, mobile device attack vectors are at the top of the agenda for malicious hackers and threats to mobile devices are pervasive and escalating. Through malware, loss and theft, exploitation and misconduct, communication interception, and direct attacks, organisations and users are increasingly susceptible to devastating compromises of mobile devices. Therefore, woe betidesany IT manager who enables mobile access to data and applications without putting robust and proactive safeguards in place.
Within a given organization, a number of mobile device operating systems are typically in use, and these must be factored into an organization’s security framework. Also, typically, as consumers adopt a new device type they don’t abandon their existing devices. So, for example, getting a tablet doesn’t mean you give up your smartphone. The upshot of this is that security teams need to account for a broad set of devices, a set that gets larger with each passing day.
As the use of mobile device types and platforms grows, security administrators can’t feasibly use a different management console for each, as this would prove costly, inefficient, and susceptible to errors. What is needed is a single solution that can be deployed across all major mobile operating systems, so that they can effectively, consistently, and efficiently apply security policies across each platform.
To address these issues Juniper Networks has develop a mobile security solution set that enables organizations to costeffectively guard against current and emerging threats, while retaining optimal productivity and flexibility mobile device use.
Our portfolio of multi-platform mobility solutions defend against the breadth of threats plaguing mobile devices today, with capabilities including proactive malware protection, mechanisms that guard against the damage of lost or stolen devices, and encryption of mobile device communications.
Juniper Networks’ mobility solution, which builds on top of the existing enterprise security infrastructure, has two key elements:
• Junos pulse Mobile Security Suite – a comprehensive, scalable solution that provides smartphone security, management, and control. It protects mobile
devices against malware, viruses, trojans, spyware, and other malicious attacks on most of today’s leading mobile platforms and operating systems. The Mobile Security Suite also includes mobile device management features that mitigate the risk of losing or exposing corporate and personal data on devices that have been lost or stolen.
• The Junos pulse Mobile Security Gateway management console, which offers comprehensive capabilities for configuring and managing mobile security policies. The Mobile Security Gateway, which is available as a hosted web-based service, also provides detailed reports on virus infections, updates, and the latest threats detected on the mobile devices accessing the enterprise network.
By offering a complete, unified solution that features comprehensive OS and device support, minimal user requirements, integrated mobile device management and policy enforcement, and self-help support, Juniper Networks provides an unrivalled combination of administrative efficiency, cost-effectiveness, robust and pro-active security.