Next Generation Communications

TMCnet - The World's Largest Communications and Technology Community
New Coverage :  Asterisk  |  Call Center Outsourcing  |  Call Recording  |  SIP Trunking  |  Hosted Exchange  |  PBX
WEBINARS
TMCnet CHANNELS
#1 VoIP Enabler: Risk-free, Quick & Easy Deployment
4G Mobile Backhaul
Appliance Deployment
Application Performance Monitoring
Auto Attendant
Auto Dealer CRM
Bandwidth Management
BPA (3rd Party Remote Call Monitoring)
Broadband Solutions
Budgeting Software
Business Ethernet
Business Process Automation
Business Solutions
Business VoIP
Call Accounting
Call Center
Call Center Certification
Call Center Furniture
Call Center Hiring
Call Center Management
Call Center On Demand
Call Center Operations
Call Center Scheduling
Call Center Software
Call Center Solutions
Call Center Training
Call Center Wallboards
Call Center Workforce Management
Call Monitoring
Call Recording
Cloud Based Predictive Dialer
Cloud Business
Cloud Communications
Cloud CRM
Cloud Recording
Cloud Storage
Cloud Telephony
Communication Test Equipment
Consumer Robotics
Contact Center Outsourcing
Contact Center Software
Coordinated Care Management
CRM Cloud Computing
Customer Engagement
Data Center Network
Data Center Power
Data Center Services
Deployment and Management Solutions
e911
E911 Hosted Solutions
Embedded Multi-core
Enterprise Fax over IP
Enterprise SBC
Environmental Monitoring
Ethernet Extender
Expense Report Software
Fax
Fax Over IP
Fax Server
Fax Software
Fax VoIP
FoIP
Forensic Accounting
Google Apps - News
Green Builders
HD Voice
Healthcare Robotics
Hosted Billing
Hosted Call Center
Hosted Call Recording
Hosted Contact Center
Hosted PBX
Hosted Predictive Dialer
Hosted Softswitch
Identity Management
Industrial Robotics
Infrastructure as a Service
IP Communications
IP Fax
IP Media Server
IP Phone Maker
IP Phone Systems
IP Phones
IP Softswitch
IP Transit
IVR
IVR System
Knowledge Management
Lead Management Software
Least Cost Routing
Load Balancer
Load Testing
Managed Networks
Master Agent
Metro Ethernet
Military Robotics
Mobile Banking
Mobile Device Management
Mobile Security Management
Mobile Unified Communications
Mobile Video
Mobile VoIP
NERC Compliance
Netflow
Network Acceleration
Network Diagramming
Network Performance Management
Online Video Platform Solutions
Out of Band Management
Password Manager
PBX
Power Protection
Predictive Dialer
Quality Monitoring
Quality of Management
Renewable Energy
Sales Software
Satellite Communications
Satellite Optimization
SIM Server
SIP End Points
SMB VoIP
SMS Text Marketing
Social CRM & Mobile Care
Softswitch
Software Licensing
Solar Power
Spanish Language Contact Center Solutions
Speech Analytics
System Integrator
Telecom Expense Management
Telecom Platform Deployment
Telemarketing Software
Text Messaging
Unified Performance Management
Video Conferencing
Video Content Management Systems
Virtual Call Center
Virtual Office
Virtual PBX
Voice Broadcast
Voice Management
Voice Peering
VoIP Call Center
VoIP Call Recording
VoIP Gateways
VoIP Management
VoIP Solutions
VoIP Switch
WAN Optimization as a Service
Wind Power
Wireless Connectivity
Wireless Expense Management
Wireless Management
Workforce Management
Workforce Optimization
Share
 
| More
RSS-XML alerts
Print this page
E-mail this page to a friend

Industry Blog

» Balancing Security and Privacy Using 4G LTE Enabled Video Surveillance  - 2/13/2012

» Improving Network Efficiency with Preloaded evolved Multimedia Broadcast Multica…  - 2/13/2012

» IMS Provides Eco-Efficiency Choices, Creates New Revenue Opportunities  - 2/7/2012

» LTE Service Provider Solution: Reduce Cost, Increase Efficiency with Evolved Mul…  - 2/6/2012

» Improving Safety for Train Passengers with Video Surveillance and Other Technolo…  - 2/6/2012

» Rich Communications Suite -- SP Tool to Monetize the New Social Conversation Exp…  - 1/30/2012
 View All
 View Now 

Video Casts

  » Delivering Enriched      Communications [2:22]
  » Virtual Tradeshow [1:27]
  » Alcatel-Lucent 9900 Wireless      Network Guardian [2:28]
 View All 

Podcasts

� Trends and         Transformation Series1    [12:49]
          � SIP Introduction [3:42]

 View All

Articles / White Papers

» How to Approach IPTV Solution Integration - A Framework Based on Lessons Learned
» The Need for IPTV End to End Solution Integration - Learned the Hard Way
» The Changing Role of IT in Telecom
» Touchatag: The Interactive Advertising Opportunity
» French Hospital Leverages IP Communications for Improved Patient Care
Business Critical Communications Featured Article
October 10, 2008

A User-Centric Security Approach for the Dynamic Enterprise: Security Management in Wireless Environments

By TMCnet Special Guest
With the convergence of information technology (IT) and communications and the emergence of innovative technologies, end-user devices and applications, the pace of change in enterprises is accelerating. This acceleration, combined with increasing end-user mobility and more demanding regulatory requirements, makes managing enterprise security risks a considerable challenge.

 
This article focuses on the increase in enterprise mobility and securing mobile users’ communications.
 
Securing Mobile Users’ Communications
The wide adoption of mobility has benefits for both end users and enterprises. It enables unique productivity gains with richer communications capabilities, more openness to the applications world and even new business models. However, with these benefits comes increased exposure and risk, including:
 
·         Risk related to the protection of sensitive data stored on mobile end-user devices, such as laptops and smartphones
·         Risk related to the multiplicity of network interfaces, including Wi-Fi, 3G and WiMAX (News - Alert), that mobile end users access
 
The user-aware network security edge mechanisms cover remote VPN connections but are no longer sufficient outside the corporate perimeter. For example, when a mobile laptop leaves the enterprise, it creates a mobile blind spot. The IT department loses visibility of the device and, as a result, loses its ability to protect either the device or its sensitive data. In this blind spot, corporate resources cannot be protected by a simple perimeter security approach because mobile devices can connect to the public Internet using network interfaces that are no longer subject to the security controls of the IT organization.
 
Uncontrolled connection to any untrusted network, such as the Internet, can compromise the mobile device. For example, malicious software may run undisturbed for several hours or even days before the IT administrator detects it and applies the necessary safety measures. Most critically, an infected device can “leak” sensitive information onto the public Internet, creating a nightmare scenario for the enterprise. Furthermore, proprietary sensitive information may be at risk in case of loss or theft with the potential for major financial liabilities to the enterprise. Regular software updates and data backups provide a first level of defense against some of these threats but are insufficient.
 
IT organizations need a way to address these challenges while continuing to capitalize on the benefits provided by mobility. A complete protection solution should include:
 
·         Always-on protection of device interfaces
·         Always-on protection of sensitive data, including a remote kill capability
·         Always-on IT protection mechanisms, such as patch management, antivirus updates and backups
 
Putting control back in the hands of IT organizations can be achieved y embedding in each device an always-available, secure, service delivery platform for enterprise remote access and device management. The platform can have different form factors — Personal Computer Memory Card Industry Association (PCMCIA) data card or Universal Serial Bus (USB), for example — depending on the interfaces available on the mobile device.
 
Because this type of platform is powered by battery, it can provide always-on services that, when combined with a 3G interface, greatly reduce the mobile blind spot. By implementing a root of trust for the mobile device, the platform can store encryption keys for maximum protection and remote kill capabilities, patch downloads and antivirus updates. It also ensures a continuous VPN connection to the enterprise, so the device is protected by corporate security measures at all times.
 
Finally, this type of service delivery platform solution can improve the end-user experience by automatically creating VPN connections, selecting the appropriate and most efficient network interface, pre-fetching patch and antivirus updates and creating backups (even when device is powered off) in order to avoid frustrating, abrupt degradations of computing or network capacity. The implementation of a secure, always-on service platform in mobile devices puts the control back in the hands of the IT organization and helps enable 100 percent IT security policy compliance for mobile users anytime, anywhere, even when the device is powered off.
 
Managing user-centric security
Management is a key component of any user-centric approach — from identity to audit to incountry-specific policies and regulations. There are two key objectives that enterprises need to keep in mind at all times:
 
·         Simplicity – is security’s best friend. Although this fact has been stated often, it remains a challenge.
·         Reuse – offers a clear path to protect capital expenditures and contain operating expenditures.
 
Deployment of a security layer should maximize the existing architecture and ensure seamless integration with existing operational tasks and procedures. The latter will also increase simplicity by reducing training time and leveraging existing skill sets. One approach to achieve simplicity and maximize reuse of the existing environment is to centralize functions and converge security management and network management under a single framework whenever possible. The following describes three areas where this type of centralized approach can be applied.
 
Centralized AAA services
It is good practice to use existing Authentication, Authorization and Accounting (AAA) standards and extend their use for all devices in a unique repository (desktops, laptops, IP phones, mobile handsets, for example). With this approach, Remote Authentication Dial-In User Service (RADIUS) can be used for all new devices. This allows for easy overlay deployment within the existing, secure architecture. It also helps ensure seamless deployment of Layer 2 authentication methods, such as IEEE (News - Alert) 802.1X for IP phones.
 
Centralized policy management for all users
All user policies must be integrated and federated with the directories and systems already being used to manage user identities in the enterprise. A user-based profiles approach allows for security management and network management under a common framework and enables a set of attributes and user roles to be mapped with optimal abstraction. Users are defined in reference to roles (employee/engineering, contractor/finance, visitor/briefing center, for example) as well as network criteria (subnets, MAC range, VLAN, for example). This approach, combined with definition of resources, allows for powerful, logical association between users and network resources, such as bandwidth and Quality of Service (QoS) provisioning, and access controls, such as allow or deny. The centralized point of configuration is then propagated to the whole network.
 
Enterprises also need to custom-define their quarantine rules and remain fully functional in a multivendor environment. The advantage goes beyond provisioning and includes operational procedures, such as central isolation and remediation of policy violators down to port, device and user, anywhere on the network — wired, wireless or remote. Interaction of network devices with a centralized policy management system facilitates deployment of quarantine mechanisms against the faulty user and contains attacks at the edge, and everywhere in the network.
 
Centralized monitoring and logs for audit and compliance
Full visibility is fundamental to detect suspicious traffic or activities and provide actionable information for better control. To avoid managing an overwhelming volume of raw data, monitoring and logging systems should support a per-user/role traffic classification with both real-time and historical data, including applications usage. In addition, for efficiency in operational procedures, the solutions should provide a dashboard that summarizes all collected security statuses and provides the ability to view and audit key user data and drill down to low-level events if necessary. Finally, two properties will protect the evolution of the monitoring and logging platform:
 
·         Open interfaces for event collection and correlation with support for a complex ecosystem (third parties) as audit and compliance requirements evolve
·         Hierarchical implementation for scaling to support growth of the network and its user base The benefits will be fully realized with a user-friendly interface that allows IT staff to understand the overall security status at a glance and that makes it easy to generate customizable reports for auditing purposes.
 
CONCLUSION
The user-centric security approach described in this paper allows Dynamic Enterprises to support the evolution of everyday end-user realities and quickly adapt to the changing competitive landscape by implementing:
 
·         Reinforced security at the edges of the extended corporate network where mobile end users are likely to connect
·         Enhanced mobile user security with dedicated security functions embedded in the communications devices they rely on
·         Simplified and user-centric management of security with centralized functions, converged
·         security management and network management under a unique framework whenever possible
 
There are several advantages to this structured and straightforward approach to user-centric security:
 
·         Improved productivity as a result of automated security functions and reduced end-user involvement
·         Regulatory compliance facilitated by bringing key security functions closer to end users and the devices they carry
·         Lower total cost of ownership by unifying security functions and operational procedures
 
Alcatel-Lucent (News - Alert) is committed to user-centric security and offers a full portfolio of solutions and multivendor professional services to support Dynamic Enterprises as they evolve their risk management strategies. By leveraging innovative technologies from Bell Labs and services teams with a global presence, Alcatel-Lucent delivers always-on security solutions that meet the needs of enterprises, small and large, in any industry.
 
For more information about the Alcatel-Lucent user-centric approach to security, please go to http://www1.alcatel-lucent.com/enterprise/en/solutions/security/index.html
 
To find out more about the Alcatel-Lucent user-centric security product portfolio, please go to http://www1.alcatel-lucent.com/enterprise/en/solutions/security/security_portfolio.htm
 
 
 

TMCnet publishes expert commentary on various telecommunications, IT, call center, CRM and other technology-related topics. Are you an expert in one of these fields, and interested in having your perspective published on a site that gets several million unique visitors each month? Get in touch.

Edited by Greg Galitzine
See More Next Generation Communication Articles
 
Share
 
| More
RSS-XML alerts
Print this page
E-mail this page to a friend








Subscribe to our Next Generation Communications eNewsletter Close Window