The Firewall is Dead. Long Live the Firewall!
Recently, Roger Grimes opined that the firewall was dead. Several folks chimed in to tell him that he was wrong, and much debate has ensued, citing reports about the nature of recent breaches, how attacks used to work, and how modern attacks work.
I think much of the misunderstanding has to do with the definition of the firewall. …Continue reading
Not Just for CIOs – The Role of IT is Changing Too
It’s a little late, but I wanted to comment on a great opinion piece by Nicholas Evans in Computerworld last week.
He makes several points that Brian, Matt, and I have been blogging about/around recently – the accessibility of applications and devices, the consumerization of IT, and the disintermediation of IT and the requisite role changes associated with adapting to all of the above. I’d argue there’s one thing to add, and another I’d like to expand on.
posted by: Brian Tokuyoshi on May 11, 2012 1:02 PM
filed in: Uncategorized
tagged: BYOD, consumerization, Mobility
Fresh Perspectives on Consumerization and BYOD – Part 3
This is the third of a three-part blog series exploring the issues and challenges with consumerization and BYOD. In part 1 of this series, we examined the challenge of dealing with the scope and diversity of consumerization. In part 2 of this series, we took a closer look at why the network plays such an important role in making an effective strategy. In this segment, let’s take a closer look at how the next-generation firewall provides the means to assert control.
It’s clear that the network is the right place for IT to enforce control between applications and users, and that’s true regardless of what device is being used. What the traditional network lacks, however, is the control structure to address applications, users or devices as policy criteria. For example, the legacy firewall can’t make the determination of what applications, users and devices are on the network, even though it is in the right location for enforcement. A VPN might know who wants access to a network after asserting authentication credentials, but it has no idea how to tie identity to the firewall’s enforcement of what traffic may pass. Device identification and blocking methods range from the ineffective (such as MAC address filtering) to the impractical (such as network access control). And some controls for handling consumerization, such as identifying whether an application is being accessed from an IT managed asset (and thus permitted to locally store application data), are not addressed by any traditional network security product. …Continue reading
