Posts Tagged ‘VPN

  • A Frost & Sullivan Asia Pacific Enterprise Data Services Market 2010 news analysis reveals that the market for enterprise data services is robust and it estimates that revenues will almost double and reach $27.20 billion in 2017.
  • The analysis goes on to state that despite having the benefit of advanced technology, enterprise data services appears to be hindered by the rapid uptake of enterprise mobility, which is rather attractive to small and medium businesses.
  • In addition, with an increase in the adoption of cloud computing consolidation of data centers, Ethernet is being adopted for data center-to-data center connectivity because of the huge bandwidth requirement and faster throughput speeds. Hence, over a period of time, the larger branches that are still using multi-protocol switching (MPLS) will gradually change over to Ethernet.
  • However, multi- protocol switching IP virtual private networks are used to connect the smaller branches.
  • Old technologies such as asynchronous transfer mode, frame relay and leased circuits are being cast aside in favor of the new IP Ethernet. High-end MPLS circuits also seem to be fighting a losing battle, especially where speeds in excess of 100 Mbps is required and will probably give way to Ethernet once it becomes more ubiquitous.

read more


  • France Telecom is prioritizing service improvements in China, striking a deal with the country’s largest fixed line provider designed to boost coverage for Orange business customers.
  • The French incumbent is seeking to improve IP-based VPN services in China by outsourcing management to China Telecom, and is boosting Wi-Fi coverage through a reciprocal deal allowing customers of both operators to access hotspots while roaming.
  • China Telecom customers gain access to similar VPN services in Europe, and the two firms have also agreed to collaborate on network development, which includes researching new terrestrial and submarine cable links between Europe and Asia Pacific, and Africa.
  • Both parties are set to benefit from close cooperation by enabling each other to provide better customer access and services in our respective regions, and support the development of our multinational business customers internationally,” France Telecom chief Stephane Richard notes.

In keeping with this theme,  cloud computing risk assessments involve these 10 categories:

1.      Effectiveness of controls

Evaluate if the current controls provide adequate protections for the data or service the company is considering hosting in the cloud.  For example, is the separation of duties for cloud provider employees appropriate and does it limit the number with access to confidential data?

2.      Auditing and oversight

Evaluate the cloud provider’s current auditing  and how oversight of administrative changes is accomplished.  For example, ask for a change-control log where changes were tested and approved by appropriate management personnel.

3.      Technical security architecture

Evaluate current technical architecture including firewalls, VPNs, patching, intrusion prevention and network segregation.  This evaluation could also include programming languages and Web application frameworks.  Can the environment match business security requirements?

4.      Data integrity

Investigate how the cloud computing vendor keeps each customer’s data separate while utilizing the same hardware.  Does this separation match business security or compliance requirements?

5.      Data encryption

Investigate how the cloud computing provider implements encryption for both data-in-transit as well as data-at-rest.  Most providers will utilize encryption for data-in-transit, but may not have a capability for encrypting data-at-rest.  Do the provider’s encryption practices match business security or compliance requirements?

6.      Operations security

Review the disaster recovery and business continuity plans for the cloud service provider.  Do they provide adequate protection for business needs?  How often are the plans tested?  Does the data center provide enough redundancy for business needs?

7.      Standardized procedures

Evaluate the standard procedures that the cloud services provider utilizes in its operations.  An example would be the offsite tape backup procedure or the background pre-employment screening procedure.  Another important procedure to document is how the interests of the customer will be represented during a legal investigation or subpoena request.

8.      Business stability

Evaluate the current financial condition and history of the cloud computing provider.  It might be necessary to utilize other company resources to assist in this evaluation.  It’s easy to find information on publicly traded companies, but private companies may require more investigation.

9.      Intellectual property

Investigate potential issues with the cloud computing provider hosting business data.  This will include ownership, return and deletion of the data after the contract expires.

10.  Contractual language

Review the proposed contract with legal representation.  All of the controls documented in the previous nine audit categories listed above should match the contractual language in order to be meaningful.  Require that any deviation from these agreed-upon information security protections be communicated with the business and specify penalties associated with non-compliance.

The relevance can be recorded on the same 1-5 scale with five being the most important or relevant to the cloud computing solution being provided. A weighted score for each category can then be calculated by multiplying the relevance score by the risk score. An average of all of the category scores can then be generated to represent a single value that can be easily communicated to management.

The following table demonstrates what the final results of this process would look like for a typical business critical application:

Cloud Computing Risk Assessment Example
Relevance (1-5) Risk (1-5) Total
Controls 5 2.5 12.5
Audits 5 4 20.0
Architecture 3 3.5 10.5
Data Integrity 5 4 20.0
Data Encryption 2.5 4.5 11.3
Hosting Security 5 1 5.0
Procedures 4 2.5 10.0
Business Stability 5 2.5 12.5
Legal – Contract 5 4 20.0
Intellectual Property 5 2.5 12.5
Total Project Risk (out of 25) 13.4

  • Tenant-based cloud security is critical to solving the issue of protecting your individual cloud infrastructure. An infrastructure provider’s goal is to secure the platform and provide security options to the tenant (or customer). Tenant-based security is that answer and is an attractive model for obvious reasons – it allows each organization to customize the security to the company’s needs, not to mention it is cost effective, much more efficient and easily scalable for organizations looking to expand.


  • For most organizations, a cloud service providers’ foundational security will not suffice. The tenants in the infrastructure have unique applications and differing levels of confidential data. Each tenant needs to be able to build upon the infrastructure providers’ foundation with a set of security solutions aimed at solving the concerns and problems that they have.


  • For instance, some cloud users may have PCI compliance concerns while others may not be overly concerned as they are using the infrastructure for just dev and test. The first organization in these examples would require services such as firewall, IDPS, log management, web application firewall, and file integrity monitoring among others. The second organization may just opt for firewall and VPN. Each cloud customer needs to have the ability to easily make those choices and turn on and off the level of service they need. This security model is critical to ensuring the success of the cloud.

November 2018
« Dec    

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 6 other followers


Error: Twitter did not respond. Please wait a few minutes and refresh this page.

%d bloggers like this: