Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :

Stuart O'Brien

NTT-ThreatQuotient

Defender confidence on the rise in a maturing UK cyber threat landscape

960 640 Stuart O'Brien

By Rick McElroy, Cybersecurity Strategist, VMWare Carbon Black

Looking at the headlines around cyberattacks and security breaches, we’d be forgiven for thinking that organisations face an insurmountable cybersecurity task. However, when we delve deeper into the UK cybersecurity landscape, a more nuanced picture emerges. In fact, there is a real sense of positivity on the horizon when it comes to UK organisations’ assessment of their ability to detect and defend against cyberattacks. Despite the knowledge that the volume and complexity of attacks they’re facing continue at a sustained high level, our latest UK Threat Report found that more than three quarters of UK organisations felt more confident in their ability to repel cyberattacks than they did twelve months previously.

Supporting this sense of confidence, we also found that investment in cyber defence is holding up well, with 93% of UK organisations surveyed saying they plan to increase cybersecurity spending. Nevertheless challenges remain, not least in the fact that despite this growing confidence 84% of UK organisations surveyed said that they had suffered at least one data breach in the past twelve months caused by an external cyberattack. Here are four more things we learned when we asked 250 UK CIOs and CISOs about the threat landscape they face in the final quarter of 2019.

  1. Despite growing confidence, the attack landscape remains severe

Eighty-four percent of organisations said the volume of attacks they face has increased, while nine in ten said that these attacks had become more sophisticated. Globally, we found a sharp rise in the prevalence of phishing attacks as the attack type most likely to result in a data breach, and this was reflected in the UK where it was the cause of 33% of breaches. In fact, this figure had jumped from 20% in our January 2019 report. This global trend is a clear sign that attackers are going after the weakest link – end users. This is also a factor in the increase reported in breaches caused by ransomware, which jumped as a cause of successful breaches from 14% in January to 20%.

This focus on user-related breach vectors may also indicate that defenders are succeeding in making organisations a harder target for more direct malware-led attacks. The study found that the percentage of breaches caused by process failures and out of date security halved during the period from January 2019. This is another sign of a maturing approach to cybersecurity, where controllable factors are now a key focus.

2. Reputational damage outweighs financial impact when breaches happen

Given the high profile of regulatory changes in the past eighteen months, it is not surprising that 72% of businesses reported suffering reputational damage as a result of a data breach. The public is now much more aware of the risks and responsibilities that organisations bear around data protection and quick to lose trust in those who appear negligent. Perhaps more surprising is that the percentage reporting financial impacts from breaches was only 35%, lower than the global average of 44%. In fact, more than half (54.5%) of UK organisations said there had been no financial impact from the breach at all. At this stage it seems that organisations don’t see monetary loss on the same scale as reputational damage.

3. Emerging technologies and cyber skills scarcity are cause for concern

Looking to the coming year, the research found a significant level of concern in the UK about how emerging technologies such as 5G and fast-paced digital transformation projects are going to create cyber risk. In line with global sentiment, nine in ten respondents said they had concerns, which ranged from the potential for new and more destructive attack types to the difficulty in gaining full visibility over new projects and technologies. Almost a quarter (25%) said that they would need a bigger team to cope with these threats. However, recruiting staff with the necessary skills is a growing problem, with 55% of UK organisations saying the recruitment climate had grown more challenging in the past twelve months. Looking overseas to plug the gap is unlikely to be a solution as the situation is even more difficult globally – an average of 61% of businesses worldwide said recruiting the right skills has become more difficult. 

4. Threat hunting is firmly on the agenda

 Ninety percent of UK companies surveyed said that threat hunting had strengthened company defences and thirty percent had found significant evidence of malicious activity. This is almost double the sixteen percent who found significant evidence of malicious activity in January 2019. While this may be in part due to increasing levels of cyber threat activity, the high percentage increase indicates that threat hunting is becoming more effective, as defender skills and experience increases.

    5. A stronger outlook for UK cybersecurity

Taken together, these research findings indicate a maturing approach to cyber security as UK businesses adjust to the “new normal” where high volume, sophisticated cyberattacks are a factor of doing business. Organisations are locking down the controllable factors such as process weakness and out of date security, while at the other end of the scale they are proactively threat hunting. This is building defender confidence and power, as businesses get smarter about identifying where the risks lie and what tools they can deploy to mitigate them.  While new challenges loom on the horizon, the cybersecurity community in the UK is now better-positioned and more confident to meet and defend against them.

Hosted Security Landscape Report: Key insights for 2020

960 640 Stuart O'Brien

A new whitepaper has detailed market analysis of attitudes towards cloud adoption and purchasing behaviours behind hosted physical security from 1000 IT decision makers from across Europe.

The in-depth survey, undertaken by Morphean, a provider of hosted security solutions, illustrates a market that has overcome initial concerns about cyber-security, has understood the clear benefits and will be seeking to adopt such solutions at pace in 2020.

The independent survey of key decision makers within companies from UK, France and Germany with more than 50 employees clearly shows better security, cost benefit and better functionality to be the most influential factors and the most commonly realised benefits of hosted security solutions including video surveillance as-a-service (VSaaS) and access control as-a-service (ACaaS). These solutions are part of a cloud security market that is expected to grow from USD 4.1 billion in 2017 to USD 12.7 billion by 2022, at a CAGR of 25.5%.

The ‘2019 Landscape Report: Hosted Security adoption in Europe is the second study of its kind by Morphean, and facilitates a better understanding of market trends with comparative data from 2018. It revealed that 84% of IT managers are currently using (48%) or considering using (36%) a hosted security solution, which is broadly consistent with the 89% who said they would consider such a solution last year. It also shows that better security ranked #3 among the main benefits realised by the cloud (44%) compared to 27% in 2018; representing a 63% increase in the year and shift in perception around cyber security concerns.

2019 key survey findings include:

  • Better security, cost benefit and better functionality are viewed as the most influential factors AND the most commonly realized benefits of hosted security solutions 
  • Half of respondents cited better security as the #1 benefit of using VSaaS / ACaaS; better functionality (42%) and cost benefits (38%) placed #2 and #3 respectively
  • Half of IT managers have identified data / information security as a priority for improvement in the next 12 months
  • 84% of IT managers are currently using (48%) or considering using (36%) a cloud-based video surveillance or access control solution
  • Of those still considering VSaaS and ACaaS, 79% anticipate introducing these solutions to their business within 12 months
  • 77% of IT managers report that physical security is not optimized; 20% have identified physical security as a priority for improvement in the next 12 months

Rodrigue Zbinden, CEO, Morphean, said: “Our research clearly points to a market that is overcoming initial concerns about cybersecurity, understands the clear benefits of hosted services and reflects growing confidence and purchase intent for 2020. The increased appetite for hosted security presents an opportunity for us to work with businesses to help them improve their physical security, while also educating them on the potential business intelligence benefits offered by surveillance and access control solutions when integrated in the cloud.”

The growing confidence in cloud seems to translate into more positive purchasing intentions around hosted security solutions with 77% of IT managers reporting that physical security is not currently optimized and one in five identifying it as a priority for 2020. Of those considering hosted security solutions, 4 in 5 (79%) anticipate introducing them to their business within a year. While this clearly represents an opportunity for the IT reseller community to enhance its service offering, the report does highlight two trends that may inhibit growth; the first being the physical securityindustry’s ability to adopt the as-a-service business model; the second is system integration with emergent technology such as AI.

Alex Hilton, CEO of The Cloud Industry Forum, added: “With cloud technology we have a toolset that changes the way businesses think and act, ensuring a competitive landscape for years to come. Morphean’s latest research reveals that decision makers are seeing better security, cost benefits and improved functionality as a result of a switch to cloud-enabled security solutions. Cloud presents very real opportunities, but vendors need to hone their offerings and capabilities in order for its full potential to be realised across all markets and sectors.”

The Morphean survey also found that there has been a 5% drop in cloud investment over the past year. In 2018, 33% of the IT budget was spent on cloud services over the previous 24 months and this figure has dropped to 31.38% for 2019. This is in spite of the fact that the majority of respondents (78%) had said that they expected cloud related spending to increase due to the favourable benefits it presents. It’s not the only contradiction found in the report.

Cloud is key to driving operational performance, and yet 78% of IT managers felt that this area of the business was underperforming while only 36% identified it as a priority for improvement.

Security IT Summit – Can you afford not to be there?

960 640 Stuart O'Brien

Registration is now open for the summer 2020 Security IT Summit – don’t miss out on your free place as there are only 60 up for grabs!

Register for your complimentary guest place today.

Our Approach

Taking place on June 30th 2020 at the Hilton London Canary Wharf, the Security IT Summit allows senior professionals to share forward-thinking ideas, meet new partners and discover new ways to underpin their security strategies.

It’s entirely FREE for you to attend and your complimentary guest pass includes:

  • A bespoke itinerary of pre-arranged meetings with product and service providers who match your requirements and upcoming projects
  • Access to a series of seminars by industry thought-leaders
  • Networking with like-minded peers
  • Complimentary lunch and refreshments

How Do I Get Involved?

We have just 60 guest passes available, so register your free place today.

Security IT Summit

Unlock the secrets of commercial success at the Smarter Payments Summit

960 640 Stuart O'Brien

The Smarter Payments Summit is a unique one-day event which allows senior payment transaction professionals from the UK’s biggest brands to meet with innovative and competitive suppliers to the industry.

8 September 2020 – Hilton London Canary Wharf

These meetings are pre-arranged and based on mutual interest, meaning there’s no time wasted – and there’s no hard sell.

It is free for payment transaction professionals to attend, and each guest pass also includes access to a series of seminar sessions hosted by industry thought-leaders. Lunch and refreshments are complimentary, while there is plenty of opportunity for more informal networking.

Simply register your place here.

Five IT trends to watch in 2020

960 640 Stuart O'Brien

By Alberto Pan, Chief Technical Officer, Denodo 

Edge Computing will emerge as the key to device management 

Next year, devices are set to become smarter than ever before. The use of them is will also increase to new levels. Already, through the collection and analysis of data, these devices – whether they be voice assistants or smart thermostats – are able to learn about our preferences and adjust accordingly. 

But, the volume of data they collect is expected to exceed record levels in 2020. The more devices we use, the harder it becomes to collect all data into a central repository, analyse it and then push the resulting recommendations back to the device. Next year, businesses will need to adopt technologies that execute the compute function on these devices, or on the ‘edge’ of these devices, rather than doing it centrally. This will enable devices to learn and adjust in real-time.  

The use of data fabrics will increase 

In 2020, the search for an effective integration platform to access and utilise data and deal with issues like data security and siloed information will continue. But an increased amount of organisations will look towards using a data fabric to overcome these data challenges.  

By combining historical and real-time data sets across multiple data silos, a data fabric offers a single, secure and consistent data management framework. It reduces data delivery and helps to support the automation of data preparation and integration as well as enabling organisations to focus more on machine learning and artificial intelligence.  

Legacy to Cloud: hybrid, multi-location architecture will become the norm 

In 2020, as the cloud initiative progresses with more and more data migrating to the cloud, the center-of-gravity will shift. The balance will tip towards platforms where the data is spread across both cloud and on-premises data sources.  

Similarly, integration of the data will transition to a multi-location architecture. Unlike traditional data integration technologies, data virtualisation was designed from the beginning to provide data location transparency, data abstraction, and integrated security across multiple locations, which makes it a perfect fit for these scenarios. Therefore, it will take an increasingly important role in hybrid architectures next year. 

Voice technologies will infiltrate the office 

Voice assistants have established themselves as common place in our personal lives. But 2020 will see an increasing amount of businesses turning to them to improve and personalise the customer experience.  

This is because, advances in AI-driven technology and natural language processing are enabling voice interactions to be translated into data. This data can be structured so that conversations can be analysed for insights. 

Next year, organisations will likely begin to embrace conversational analytics to improve their chatbots and voice applications. This will ultimately result in better data-driven decisions and improved business performance. 

Selling information to third-parties using the Data-as-a-Service approach will become a growing source of revenue for big companies 

The effective use of enterprise data for strategic decision making has become a key priority for all big companies in the last few years. As a consequence, companies have created high quality datasets and a sophisticated technology architecture to manage them and expose them to consumers.  Companies have also invested heavily in automating their business processes for greater efficiency.   

In the new year, since many big companies will now own high-value, unique data and services, the next logical step is reusing this infrastructure in order to offer them to third-parties. For instance, we are already seeing telecommunications companies selling customers geolocation data for a variety of purposes. This trend will be significantly accentuated during 2020 in all major industries. 

From the investment standpoint, this will involve higher demand for the technologies involved in creating and exposing data as a service, like GraphQL, Data Virtualization and/or API management tools.

Image by 849356 from Pixabay 

5 Minutes With… James Hart, Business Critical Solutions

960 640 Stuart O'Brien

For the latest instalment of our IT executive interview series we sat down with Business Critical Solutions CEO Jim Hart to talk about his company, industry issues, opportunities and what Peaky Blinders means to the Black Country…

Tell us about your company, products and services

Privately owned, BCS is the only company in the world that is dedicated to optimising digital infrastructure across the globe for our clients. We offer consultancy services, including project management, cost & commercial management and business strategy, across the development, implementation and operation of the IT asset lifecycle and have delivered 1,500mW of IT load of mission critical data centre space in every continent. Our 100% record of repeat business is testament to the quality of our solutions and we nurture the strength and longevity of our client relationships.

What have been the biggest challenges the industry has faced over the past 12 months?

Our recent European wide survey highlighted concerns that a shortage of sufficiently qualified professionals at the design and build stages will cause a bottle neck, with 64% of data centre users and experts believing there is a lack of skilled design and delivery resource.

And what have been the biggest opportunities?

As we see the greater adoption of the Edge there will be deployments of much smaller facilities on a multiple scale. We see that as a real opportunity as it is about managing an ongoing and overarching programme rather than a single project. While the hyperscalers will still be there, we believe this change will start to redefine a data centre going forward. The edge of the network will continue to be at the epicentre of innovation in the data centre space and we are seeing a strong increase in the number of clients coming to us for help with the development of their edge strategy and rollouts. 

What is the biggest priority for the industry in 2020?

The industry will continue to come under pressure from a resource perspective, there is a real lack of new talent coming to the market. We’ve got to start training and become ambassadors for the industry by going in to universities and telling STEM graduates about the data centre industry and how great it is – it’s an exciting place to be and we have to get out there and spread the word. Going into 2020, this issue will become more acute.

What are the main trends you are expecting to see in the market in 2020?

Into 2020 we expect distributed cloud infrastructure to drive edge computing. Allied to the advent of 5G, Edge will start to gain real traction as organisations require near-instant access to data and computing power to serve their customers, and they are increasingly looking to edge computing to provide a suitable infrastructure.

What technology is going to have the biggest impact on the market next year?

The adoption of serverless computing. Serverless computing is predicted to be one of the biggest developments in the cloud space, however, the serverless transition would require a strategic approach. Moving to serverless infrastructure requires an overhaul of traditional development and production paradigm, meaning outsourcing the entire infrastructure to the cloud

In 2023 we’ll all be talking about…?

We will be talking about high-speed mobile internet, artificial intelligence, big data analytics, and cloud technology which are set to spearhead companies’ adoption of new technologies and they will look to machine learning and augmented and virtual reality for considerable business investment.

Which person in, or associated with, the industry would you most like to meet?

The person at CERN who one day thought ‘we haven’t got enough compute power, I know, let’s ask the world if we can borrow their unused processing capacity’, along with downloadable books, one of the first examples of an embryonic cloud.

What’s the most surprising thing you’ve learnt about the sector?

When I first entered the sector, certainly for the first 15 years, it was very conservative with the rate of change very slow. The rate of change over the last 5 years or so has increased exponentially and what is sure one day is no more the day after. 

You go to the bar at the Security IT Summit – what’s your tipple of choice?

A cold pint.

What’s the most exciting thing about your job?

Being at the forefront of change and forging trends.

And what’s the most challenging?

Change.

What’s the best piece of advice you’ve ever been given?

A quote from Ghandi which was along the lines of ‘live as if you were to die tomorrow. Learn as if you were to live forever.’

Peaky Blinders or Stranger Things?

Peaky Blinders, you can’t beat a bit of stylised gangsterism from the black country!

Security IT Summit

Secure your place at the eTailing Summit

960 640 Stuart O'Brien

There’s a free VIP place reserved for you at the eTailing Summit. Can you join us?

11 February 2020 – Hilton London Canary Wharf

This unique event is entirely FREE for you to attend – simply reserve your place here.

  • Source new innovative and budget-saving suppliers
  • Learn from inspirational seminar sessions hosted by industry thought-leaders
  • Network with like-minded ecommerce professionals who share your challenges
  • Enjoy complimentary lunch and refreshments

RSVP now to avoid disappointment!

Security IT Summit Summer 2020 – Secure your place!

960 640 Stuart O'Brien

Registration is now open for the summer 2020 Security IT Summit – don’t miss out on your free place!

Register for your complimentary guest place today.

Our Approach

Taking place on June 30th 2020 at the Hilton London Canary Wharf, the Security IT Summit allows senior professionals to share forward-thinking ideas, meet new partners and discover new ways to underpin their security strategies.

It’s entirely FREE for you to attend and your complimentary guest pass includes:

  • A bespoke itinerary of pre-arranged meetings with product and service providers who match your requirements and upcoming projects
  • Access to a series of seminars by industry thought-leaders
  • Networking with like-minded peers
  • Complimentary lunch and refreshments

How Do I Get Involved?

We have just 60 guest passes available, so register your free place today.

GUEST BLOG: Future proof with a cloud solution before it’s too late

960 640 Stuart O'Brien

Agile business models have never been more important – and for most MSPs the on-premises business is rapidly turning from predictable income stream to concerning business constraint. When it comes to cloud-based versus on-premises, the writing is on the wall – from the opex versus capex argument to better disaster recovery (DR) and enhanced security, most client businesses are heading into the cloud. So just how much longer can your business hold out, asks Mike Wardell, CEO, Giacom..

Cloud is Mainstream

When the majority of new software investment is Software as a Service (SaaS) based, any company still tethered to an on-premises only business model is radically limiting its market. And yes, while the existing client portfolio may still have a few years left to run with on-prem contracts, this is an inevitably dwindling revenue stream.

The fact is that most MSPs are coming under increasing pressure from clients for a cloud-based offering – and for good reason. SME CEOs and CFOs are increasingly aware that traditional on-prem solutions represent not only a financial compromise but also a significant business risk.

In the current uncertain economic situation, financial flexibility is essential. Given the lack of business confidence, capex is rarely an option; yet companies can also not afford to avoid investment essential to maximise new business opportunities. The opex SaaS model is compelling. Rather than the ‘just in case’ investment in storage or capacity or software licenses, the pay as you use cloud model enables SMEs to avoid wasted expenditure while providing the chance to rapidly scale up should business growth demand.

Business Protection

In addition to safeguarding company finances, many SMEs are also looking to the cloud to safeguard business operations. One in five small firms experienced a cyber-attack in the two years up to 2019 – that’s 10,000 attacks every day. From phishing to malware and ransomware, the speed with which the cyber-attack community evolves new threats is astonishing. SMEs simply do not have the resources in people, money or time, to adequately secure the business; nor can individual MSPs, however expert, safeguard clients’ on-prem business infrastructure.

The only way to combat this threat is to leverage the pooled knowledge of thousands of securityexperts operating collaboratively. From the use of artificial intelligence to identify unusual behaviour to email security products that can automatically remediate an identified threat by instantly removing it from every mailbox globally, cloud-based security solutions are leveraging the combined expertise of world leaders in a way that simply cannot be achieved with individual on-prem deployments.

The estimated £4.5 billion cost of these security attacks has also intensified SME awareness of the need for better Business Continuity and Disaster Recovery (BCDR). Typically such strategies have focused on the difficult issue of data backup and restore, and the time it can take to provide employees with access to vital information required to service customers.

Cloud completely changes the focus: cloud-based backup solutions enable vast data resources to be backed up in seconds and restored immediately. Organisations can instead begin to focus on the relocation of the workforce and the way dispersed teams could work together in the event of a disaster. Indeed, the adoption of cloud-based productivity and collaboration tools not only enable a far more flexible BCDR plan, they will also deliver significant day to day benefits, including flexible working policies.

Business Expansion

For MSPs, the growing SME awareness of the benefits of cloud computing is changing the business outlook. When new services and solutions can be provisioned within hours, organisations are less and less willing to incur the cost and upheaval associated with months of on-premises deployment. Add in the importance of flexible financial models and better business protection and the writing is on the wall: most clients will want some, if not all, services to be provisioned through the cloud.

Of course, for MSPs, the change is significant: from commercial models to technical and sales skills, moving to a recurring revenue based model requires both investment and a shift in thinking. But it’s essential for MSPs to recognise the cloud as an opportunity, not a threat. Yes, there is a very real risk that customers will be lost if an MSP cannot offer a cloud solution. But this is not just about meeting a client’s immediate cloud needs.

Working with the right CSP will also enable an MSP to add valuable options to the portfolio, like adding cloud security to existing security audit services, enhancing BCDR solutions or adding collaboration tools. The cloud offers a chance not only to retain existing customers but also significant opportunities to extend the business model, adding much needed new revenue streams.

Shining a spotlight on UK cyber security standards

960 640 Stuart O'Brien

Public sector organisations in the UK are in the midst of changing cyber security regulations. In mid-2018, the Government, in collaboration the NCSC, published a minimum set of cyber security standards. These standards are now mandated, along with a focus on continually “raising the bar”. The standards set minimum requirements for organisations to protect sensitive information and key operational services, which – given the way in which these services are increasingly dispersed – is driving significant changes in public sector network architecture and security.  

In addition to setting today’s ‘minimum’ standards, however, the guidance also sets a target date of 2023 by which public sector organisations will be expected to have adopted a ‘gold-standard’ cyber security profile.

Matt Cable, VP Solutions Architect and MD Europe, Certes Networks, outlines the essential considerations that will help organisations select an encryption solution provider that can easily integrate into any network infrastructure as they migrate from Legacy MPLS to SDN or SD-WAN network architectures...

The Principles

For both public and private sector organisations, customer experience is key. From finance and utilities, to local authorities and smart cities, customer touchpoints are increasingly dispersed, remote and application-driven, necessitating a move from Legacy MPLS to SDN or SD-WAN. However, under the Government’s new minimum cyber security standards framework, ensuring sensitive information and key services are protected is a critical consideration. 

The UK’s National Cyber Security Centre (NCSC) has therefore issued principles for cyber secure enterprise technology to organisations, including guidance on deploying and buying network encryption, with the aim of reducing risks to the UK by securing public and private sector networks. This guidance bears parallels with the US National Institute of Standard and Technology’s (NIST) Cybersecurity Framework and therefore applies equally to US and other federal organisations in a similar scenario. 

Similar to the NIST framework, the NCSC guidance shares the same principle that networks should not be trusted. It recommends that to keep sensitive information protected, encryption should be used between devices, the applications on them, and the services being accessed. IPsec is the recommended method for protecting all data travelling between two points on a network to provide an understood level of security, with further guidance outlining a specific ‘gold-standard’ cipher suite profile known as PRIME.

The guidance is based on the network vendor being CAS(T) certified (CESG (Communications Electronics Security Group) Assured Services (Telecommunications)), which involves an independent assessment focused on the key security areas of service availability, insider attack, unauthorised access to the network and physical attack.

However, there are challenges.

Challenge #1 – Public Sector Adherence to CAS(T)

Many public sector organisations are no longer mandating CAS(T) based services and therefore the risk appetite is expected to be lowered, mainly to support the emergence of internet and SD-WAN suppliers network solutions. This is key as the current NCSC recommendation Foundation standards for IPsec will expire in 2023, and users are being encouraged to move quickly off legacy platforms. 

Challenge #2 – Impact to Cloud Service Providers and Bearer Networks

This guidance, such as the protection of information flows on dedicated links between organisations, also applies to cloud service providers, or in the inter-data-centre connections in such providers’ networks.

The underlying bearer network is assumed not to provide any security or resilience. This means that any bearer network (such as the Internet, Wi-Fi 4/5G, or a commercial MPLS network) can be used. The choice of bearer network(s) will have an impact on the availability that an encrypted service can provide.

Challenge #3 – Partner Collaboration

NCSC explicitly states in its guidance that establishing trustworthy encrypted network links is not just about technology. It is also important that the management of these networks links is carried out by appropriate individuals, performing their assigned management activities in a competent and trusted fashion, from a management system that protects the overall integrity of the system. Thus, for encryption solution providers, the partner’s service credentials impact how the end user may use the technology. 

The Solution

IPsec helps protect the confidentiality and integrity of information as it travels across less-trusted networks, by implementing network-based encryption to establish Virtual Private Networks (VPNs). 

Under PRIME principles, devices which implement cryptographic protection of information using IPsec should:

  • Be managed by a competent authority in a manner that does not undermine the protection they provide, from a suitable management platform
  • Be configured to provide effective cryptographic protection
  • Use certificates as a means of identifying and trusting other devices, using a suitable PKI
  • Be independently assured to Foundation Grade, and operated in accordance with published Security Procedures
  • Be initially deployed in a manner that ensures their future trustworthiness
  • Be disposed of securely

Keeping the network design simple is one of the most effective ways to ensure the network provides the expected security and performance. The use of certificates generated in a cryptographically secure manner allows VPN gateways and clients to successfully identify themselves to each other while helping to mitigate brute force attacks.

Conclusion

There are many encryption solutions to help agencies and federal governments who want to move from Legacy MPLS to SDN or SD-WAN.  Layer 4 encryption, for example, can integrate easily into any network and encrypt data in transit without disrupting performance or replacing the current network architecture.

Selecting a provider that can offer a PRIME compliant solution – such as Layer 4 encryption – is key in conforming to both today and tomorrow’s cyber security standards. And with NCSC starting to treat all networks as untrusted networks (especially those agencies using internet), PRIME is becoming the gold standard for which NCSC will measure regulatory compliance.

Therefore, it is important to consider a vendor that can offer a security solution that is not only compliant but is simple and uncomplicated, minimising disruption, resources and costs.