Cisco Cisco ASA 5525-X Adaptive Security Appliance Libro blanco
Lippis Report 158: Next Generation Network Security for Data Center Protections
lippis.com
2
And therein lays the rub. In today’s modern IT world, applications are being extended over multiple
networks, e.g., wired, wireless, mobile and remote, where users shift their application access back and
forth between these different network access methods and expect the same or consistent experience.
Security is paramount to user experience and IT asset protection. While IT security executives have
fortified their defenses of IT assets within corporate boundaries or perimeters, exponentially growing
numbers of mobile endpoints being connected into corporate networks and data centers present
significant security challenges that are unfortunately outside the control of IT.
networks, e.g., wired, wireless, mobile and remote, where users shift their application access back and
forth between these different network access methods and expect the same or consistent experience.
Security is paramount to user experience and IT asset protection. While IT security executives have
fortified their defenses of IT assets within corporate boundaries or perimeters, exponentially growing
numbers of mobile endpoints being connected into corporate networks and data centers present
significant security challenges that are unfortunately outside the control of IT.
The nature of mobile smart phone endpoints is to combine personal and business IT services, thereby
creating a unique user experience. Part of that experience includes information access from a plethora
of online destinations, such as public WIFI hotspots, SaaS applications, e.g., Salesforce.com,
workday.com, netsuite.com, etc, corporate VPN, and a wide range of personal sites for social
networking, banking, music, videos, news, communications, etc. Therefore, for every employee
equipped with a mobile endpoint, security vulnerabilities and threats are opened unless IT mitigates
with network security. Clearly mobile devices are becoming ubiquitous, and there are security solutions
available, such as VPN support, data wipe after loss, cloud-based security services, etc. But mobile
devices need a security solution that works in real time, meaning it’s always-on protection and provides
comprehensive coverage.
creating a unique user experience. Part of that experience includes information access from a plethora
of online destinations, such as public WIFI hotspots, SaaS applications, e.g., Salesforce.com,
workday.com, netsuite.com, etc, corporate VPN, and a wide range of personal sites for social
networking, banking, music, videos, news, communications, etc. Therefore, for every employee
equipped with a mobile endpoint, security vulnerabilities and threats are opened unless IT mitigates
with network security. Clearly mobile devices are becoming ubiquitous, and there are security solutions
available, such as VPN support, data wipe after loss, cloud-based security services, etc. But mobile
devices need a security solution that works in real time, meaning it’s always-on protection and provides
comprehensive coverage.
For example, mobile endpoints, and thus corporate assets, need to be protected from users accessing
the corporate network from insecure home WIFI networks and hackers. Internal applications need to be
secured against attacks such as SQL injection/data leakage, request forgery/impersonation, cross site
scripting/phishing, etc. SaaS access needs to be secure against unauthorized access, exposure from
password reuse, layer 7 attacks and more. Also the same level of reporting for mobile users as wired
users needs to be supported to assure activity/audit trail, regulatory compliance plus governance and
reporting. In short, IT needs the same level of control over mobile endpoints as it does over devices
within the corporate perimeter without ruining the mobile experience.
the corporate network from insecure home WIFI networks and hackers. Internal applications need to be
secured against attacks such as SQL injection/data leakage, request forgery/impersonation, cross site
scripting/phishing, etc. SaaS access needs to be secure against unauthorized access, exposure from
password reuse, layer 7 attacks and more. Also the same level of reporting for mobile users as wired
users needs to be supported to assure activity/audit trail, regulatory compliance plus governance and
reporting. In short, IT needs the same level of control over mobile endpoints as it does over devices
within the corporate perimeter without ruining the mobile experience.
Mobile Endpoint Policy and Enforcement
The most important aspect of real-time mobile security is policy enforcement as it places control of
corporate asset and SaaS access back into the hands of IT. Not only does policy and enforcement
mitigate threats from being transmitted from mobile endpoints onto corporate networks, it makes them
safer devices, too, by providing a means to adhere to corporate policy as corporate devices, even
though they are used for business and pleasure. This is important as many mobile devices are purchased
by employees, part of the huge consumerization trend that has been building over the last five years.
With IT able to administer policy with a means of enforcement, mobile devices can deliver personal and
business IT services. Employees may purchase mobile devices but if they require access to corporate IT,
then the endpoint has to comply with corporate policy and IT needs a means to enforce such policy. In
short, policy and enforcement enables IT to extend the corporate perimeter around mobile devices to
creating a virtual perimeter around IT assets.
corporate asset and SaaS access back into the hands of IT. Not only does policy and enforcement
mitigate threats from being transmitted from mobile endpoints onto corporate networks, it makes them
safer devices, too, by providing a means to adhere to corporate policy as corporate devices, even
though they are used for business and pleasure. This is important as many mobile devices are purchased
by employees, part of the huge consumerization trend that has been building over the last five years.
With IT able to administer policy with a means of enforcement, mobile devices can deliver personal and
business IT services. Employees may purchase mobile devices but if they require access to corporate IT,
then the endpoint has to comply with corporate policy and IT needs a means to enforce such policy. In
short, policy and enforcement enables IT to extend the corporate perimeter around mobile devices to
creating a virtual perimeter around IT assets.