Category: Internet Access Services

THE IMPORTANCE OF A BYOD & DATA PRIVACY STRATEGY

The Ultimate Guide to BYOD Security: Overcoming Challenges, Creating  Effective Policies, and Mitigating Risks to Maximize Benefits | Digital  Guardian Tyler Ward of IGI, an award-winning cybersecurity organization specializing in services and software, joins us in this post to discuss the very real problem now magnified with the Work from Home (WFH) reality enterprises are facing today. WFH has introduced the real challenge of balancing employee productivity and access to resources with good cybersecurity hygiene. The challenge is amplified on many levels, a loose perimeter, larger Attack Surface, endpoint security, Data Protection, and many other realms compelling Leaders to think about a new Cybersecurity strategy, well beyond traditional tactical techniques. Integrating BYOD—where employees access corporate data on untrusted, unknown devices to continue to be productive—means Data Privacy needs to be thoroughly re-evaluated, from policy to technical practice. Here we evaluate this real-world problem with solutions and guidance from the front lines where IGI fights the good fight every hour of every day. Questions:  Dominique: What challenges does BYOD & Data Privacy bring to Organizations?  Is this industry-specific? Tyler: Bring Your Own Device (BYOD) is a not-so-new concept we are now looking at through a different lens. Fifteen years ago, when you brought your flip phone to work, things were rather simple and clear for the business. However, mobile devices are no longer a static and predictable object, rather they are a conduit for anything and everything and are constantly evolving. The devices of 2020 are mere portals into the wide world of technological creationism and can bring unwanted guests into the company. In the eyes of those who manage risk, this can be equated to leaving the front door open in our homes. We just don’t do it anymore. Let’s look at a 2020 scenario: Someone is sitting in the conference room at a private board meeting for a public company, and the discussion is around stock pricing and a new merger. The chief revenue officer has their smartphone sitting on the table. The problem is this: we no longer know who may be activating that microphone, recording with their smartphone camera, or what kinds of malicious applications are running on that smartphone. Goodbye, flip phones. Hello, 2020 spy tools. This is the reality now, and we have to accept, mitigate, or transfer the risks. On the side of privacy, we have privacy laws for different states, all 50 states have their own data breach notification laws, and we now have international regulations such as the GDPR (Europe), Data Protection Act (U.K.), LGPD (Brazil), and many more. Now, we couple these regulatory obligations with the fact that nearly all businesses are running global operations with customers everywhere and are sharing data with many other companies. The vast majority of businesses are out of compliance with some privacy or security regulation, and they don’t realize it (yet). While different industries have their own governing set of privacy regulations such as HIPAA (Healthcare), privacy is touching nearly every single entity now. From sole proprietorships to multinational organizations, this is something that we all have to consider, assess, and act on. Dominique: How do Policies map to and why do they matter for Data Privacy and BYOD? Tyler: Policies are the guides for organizations and how they conduct operations. However, these are also significant catalysts for legal backing when the time comes to show good faith efforts to govern privacy and BYOD. One of the most significant impacts that I have personally witnessed was when a client was hit with a data breach, and their cyber insurance provider refused to pay because the company did not have a governing set of documentation surrounding information security. When companies apply for insurance policies, they must answer a series of questions. They will never see those questions again until they have a data breach in some cases. When they come back looking for evidence of those artifacts, they play a direct role in insurance payouts. This can be equated to not having an inspected vehicle and getting into an accident. Insurance companies may not be there to help in your time of need. Dominique: What are the key considerations for Organizations when allowing Corporate Data on BYOD?  What is the ideal vs. practical guidance? Tyler: Ideally, organizations should buy, own, and issue devices to each employee. Additionally, they should have a policy on how employees can use that device and what they cannot do—that is BYOD management in it’s simplest form. However, being a realist, I understand that this is not so economically feasible for some businesses. Therefore, we must determine how we will manage the data that the company owns on a device that the company does not own. Mobile Device Management (MDM) solutions are great at the containerization of data and sandboxing of applications. Still, we must also realize that those devices can be carriers for some, particularly malicious content. Be wary of allowing unowned or unmanaged devices connecting to the corporate networks and applications. Dominique: What about data destruction?  Who has the right to destroy data, is it limited to just the corporate data or the entire data on the device, if the device ends up lost or posing a risk to the Org? Tyler: In short, if the organization does not own the device, destroying data is a very nebulous area, to say the least. If they do not own the device, my recommendation is to get an MDM solution that containerizes the data and also have the employees sign a policy that grants the organization the right to destroy corporate data when required. If the organization does not own the device, then the destruction is limited to that of the data owned by the organization. We have many clients where employees lose their corporate and non-corporate devices. For both types of devices, you want to have the capability and policy-driven authorization to;
  1. Encrypt the contents of the device
  2. Set security policies on the device and data
  3. Remotely wipe the device or wipe all corporate data
Also, remember that if you implement an MDM solution on devices that are not owned by the organization, be very careful of GPS tracking. Tracking employee movements on their personal device is most certainly not a conversation that you want to have after the fact. Dominique: What about control over the device becoming a surveillance device?  Are there good security practices around installing 3rd party apps, guidance on devices that are more “trustworthy” than others, etc.? Tyler: As we talked about earlier, these devices are being used to surveil organizations daily. When we have no control over the devices and software installed, it would be naïve to think that the malicious parties could not leverage the microphones and cameras. We must gain control over the applications installed on corporate devices and also follow a process for how we approve applications. This should be predicated on performing security reviews. In trusting applications, we simply have to do our homework. Believe it or not, malicious applications make it into the Google Play Store and Apple App Store. We have to do the research prior and follow the criteria for authorization. We recently learned about TikTok’s ability to do some tricks with the iPhone. As stewards of security, we must come together and recognize that there are people out there that have alternative motivations when creating applications and software. Data is a valuable commodity, and we have to recognize that we are bringing risks into our organizations and exercise vigilance.   BY SEAN GOINES JULY 22, 2020

SOFTWARE DEFINED NETWORKING

What is SD-WAN?

A wide are network (WAN) might be used to connect branch offices to a central corporate network, or to connect data centers separated by distance. In the past these WAN connections often used tech that required special proprietary hardware. The SD-WAN movement seeks to move more of the network control into the cloud using a software approach.

Offers Clients:

  • Cost reduction
  • Bandwidth management
  • Network flexibility
  • Centralized management

SD-WAN

Sdwan demo

SOFTWARE DEFINED WAN FROM BRANCH

At a high-level, the image below shows what an SDN WAN looks like.  Instead of bringing in an MPLS network into a branch location, customers can bring in two diverse internet connections. One is delivered on a cable modem with 50 megs of bandwidth, and the secondary a 4G router. In an SDN environment, a router is placed on the edge to provide a couple of features:

  • Brings together the two connections
  • Load balancing
  • Proactive analysis of what is happening on that network
  • Creates the ability to do a VPN for office Internet connectivity to connect branches to headquarters
  • Because it is internet based, traffic that is destined for the internet can hop off right there

By application and by destination, this software can make intelligent routing decisions.  Thus, if you have traffic destined for Office 365, it will decide if the cable or the 4G path is best, based on who has the best peering and who is the closest. Voice and video can be prioritized whether is outgoing or incoming.  You can create a quality of service policy on both sides giving you end to end performance control that you would expect.  So yes, you can get the performance of an MPLS solution with an SDN WAN solution even though it’s over an internet connection. Internet service is readily available and very cost effective as opposed to MPLS environments.  The graphic from Freewire illustrates the flow:

VOICE AND VIDEO ERROR CORRECTION ON DEMAND

The image below reflects data collected with some intentional testing. In this example environment, we see two internet sources with high latency detected on one of the links.  Seeing this, the application reroutes the traffic across the secondary link, and it doesn’t skip a beat. As things change over time, the traffic comes back and becomes more normal, and switches back and forth across the two solutions. That’s a peek into the magic.

INTERNET WITH VPN CHALLENGE

Some folks have turned to Internet as a solution with VPN over the top of that. This solution does solve some of the bandwidth constraint problems, as you can bring in more internet access and have additional bandwidth and layer on VPN to securely get traffic from one location to another. The challenges are the inability to protect certain types of traffic over anything else when it is Internet based. Firewall, router, VPN configuration, branch heavy equipment, and configuration are also required. Still, the benefit is a low-cost high-bandwidth, albeit you can’t prioritize traffic over the top of it.


SDN CREATED HYBRID WAN

The industry is shifting towards software defined networking.  It is also known by several other buzz words like just SDN or Hybrid WAN.  SDN gives you the look and feel of what an MPLS solution brings to the table, with the ability to prioritize certain traffic over another. It’s configuration adjustment is more simplified than a traditional router switch.  You can also bring significantly more bandwidth for about the same money you would spend on a traditional network.  Here are the main benefits at a glance:

  • Enterprise-grade Performance
  • Rapid Branch Deployment
  • Cost-Effective Delivery Model

SDN UNIFIED COMMUNICATION FEATURES

With voice or IP communications, the ability to prioritize traffic is important. An SDN router keeps calls up and functioning in the event of any congestion, even Internet-based congestion. The router will duplicate the voice traffic and keep a secondary stream ready to go, so if it degrades while flowing on the primary connection, it will instantaneously flow over to the secondary connection and keep the call alive.

  • Application Recognition and Quality of Service Policy
  • Dynamic Application Steering
  • On Demand Link Conditioning

SDN CLOUD DRIVEN POLICY EASY DEPLOYMENT

One of the other challenges in the industry with firewalled and traditional environments is the difficulty in creating the configuration in the equipment. If you have ever unboxed a Cisco firewall and wanted to create a VPN tunnel, it is a very complex setup which might require outside resources and other heavy lifting. In an SDN, it’s more of a cloud driven application where these devices put out on the edge are configured in a portal with a simple configuration that is easy to manage and adjust real time performance.


SIMPLE MONITORING AND TROUBLESHOOTING FROM THE CLOUD

Because these solutions are driven from cloud interface, the administration of devices can be done anywhere and are simple enough that anyone can take a look and see how the network is performing.  Below is another image from Freewire-VeloCloud Orchestrator.



Q&A

Q: What happens if you have Internet connection on both links? A: Performance would suffer and I would recommend to look at two different diverse mediums where the chances of both having issues would be slim to none.  Examples would be fiber Internet backed up with coax, a coax backed up with a DSL, or a DSL backed up with a 4G.

Q: Is there room for innovation with this technology? A: An SDN solution gives great flexibility in your organization to bump up Salesforce in priority over youtube during the end of the month and adjust it back during the beginning of the month.  Its portal driven and simple to administer.

Q: What are some of the providers that CoreTelcom.com partners with? A: Freewire brings this in as an overlay to any service you have. They use a back end solution from VeloCloud and I would encourage you to visit their website to see how they explain how it works.  Vonage now also has VeloCloud instances as well.  There are other negotiations being finalized currently to offer more providers. Cisco and their iWan product do this type of concept.

Q: Do we know what bandwith  cutoff point would be? A: The VeloCloud solution from Freewire scales up to a gig of throughput.  The edges adjust as more bandwidth is added.

Q: How does OpenFlow differ from SDN? A: OpenFlow is the same technology that enables SDN at the core.

Q: From a hardware standpoint, is there much latency that’s introduced by the SD WAN controller? A: The performance is tied to the bandwidth.  If you’re getting a tier-1 providers internet, you will have less latency than a tier-4.

Q: Is it accurate to say that SDN is a poor-man’s MPLS?  Or do the other benefits really make it another flavor altogether? A: It can be considered an MPLS replacement.

Q: Does the VeloCloud solution support the generation of netflow records? A: Netflow is a way that Cisco routers and switches use to take a look at traffic flow. This information has to be interpreted by something like our VX solution.   An SDN router inherently has the software to show you how traffic is being marked as a high-low priority without the information interpretation processing.

BY SEAN GOINES
APRIL 10, 2018

Software Defined Wide Area Networks (SD-WAN)

1-Wire
1-Wire

1Wire is delivering the WAN you need

Our unique technology allows us to setup virtually any network situation with powerful features. You can build an entire network using our SD-WAN or integrate our SD-WAN onto your existing network to enhance underperforming aspects and cut costs.

High quality voice

1Wire offers QoS on any connection type and dedicates the best up and down tunnel for your VoIP calls.

Robust Internet Speeds

1Wire lets you combine Internet connections of any type or carrier to create one large bandwdith pipe for all your applications.

Always Connected

1Wire lets you combine any Internet connection type from any carrier and Failover between them. No packet loss, no dropped calls.

MPLS is a thing of the past with Private WAN over public links.

Create private Wide Area Networks with encryption, NAT and Port-Forwarding capabilities. Our Encryption feature allows for three layers of encryption for site-to-site traffic over public connections, creating secure WANs for customers looking for an alternative to MPLS.

1Wire Quality of Service(QoS) for any Application

Inconsistent bandwidth speeds and choppy VoIP are an everyday concern for businesses. Using 1Wire QoS lets you assign unlimited priority layers on a single link or inside 1Wire’s combined links. 1Wire’s QoS determines the performance of your link or combined links to carve out a reliable Pipe. Within this new reliable Pipe, you can assign unlimited priority layers for your critical applications such as VoIP, while Data flows free from any disturbances like jitter and latency.

QoS for everyone!

With 1Wire, businesses are no longer required to pay heavy premiums for QoS – our system will manage the flow of traffic between sites so that your calls and video conferences remain crisp and clean.

End-to-End QoS

Your business dependence on voice and video communications will grow overtime. So does the need for those apps to reach their destination. Get the peace of mind that their packets will make the trip free of any disturbances like jitter and latency.

Bonded Bandwidth for your applications

As you move more and more applications to the cloud, your demand for bandwidth increases: more users, more information, wider highway. With 1Wire, you can now combine FWA, DSLs, Cable, and virtually any other access connection from 1Wire or any other carrier. By combining your connections you introduce the sum-total aggregation of upload and download in both directions to your network. You can now have all the bandwidth you need and expand as you need too.

Use what you have and add more connections

1Wires bandwidth stacking technology allows you to keep your existing ISP agreements. You can take advantage of using your backup conections as well and take advantage of new features such as Failover.

Scale your bandwidth

Perfectly suited for businesses with slow connections due to poor line quality or who experience persistent outages. Adaptively increase network bandwidth by stacking on additional lines, so the network scales to meet your business needs at consistent speeds required.

Failover – say goodbye to downtime

1Wire provides Internet Failover Service (IFS). This unique service allows any business to combine multiple internet connections from any carrier(s) to create reliable internet connectivity. If one Internet connection suddenly goes offline, traffic will continue to flow to its destination and no data will be lost. If the problem connection becomes active again, the system will automatically add it back to its pipeline. No special configurations or specialist required to make changes to your network. Keep what you have and back it up with another internet connection. It’s that simple. Chances are, you might never realize you had an offline link.

Same-IP Failover

With 1Wire SD-WAN Service, the secret is in the system’s ability to maintain the gateway IP address and the Internet access. Because of this “secret sauce”, application sessions (phone calls, media streams, etc.) continue uninterrupted.

Per-packet balancing

On top of the IP Address remaining the same even when a connection fails, each application session (phone call, for example) is broken into packets which are sent over the network. If a connection goes offline, the system just re-routes the packets – meaning your session continues without interruption.

Get more out of your network

Our SD-WAN technology introduces sum-total aggregation of upload and download bandwidth, QoS on single or multiple Internet connections, Failover for redundancy and all under a single-IP address. But the features don’t end there.

  • Site to site Encryption
  • Firewall
  • Packet Spliting
  • Throughput Acceleration
  • QoS for any application
  • Private WAN
  • VPN
  • Bandwidth Adaptation
  • High Availabilty Failover between multiple Hardware devices
  • Zero Touch provisioning
  • Alternative to MPLS or MPLS replacement
  • Packet Monitoring