VNS3 Network Platform

Along with acting as Cohesive Networks COO and CFO, Dwight is now also the Treasurer of the FBI’s InfraGard National Member Alliance. This week, Dwight is in Dallas to attend the InfraGard National Congress, a meeting for all InfraGard chapters. He is officially sworn in and was even asked to impromptu moderate a session on Insurance for Cyber Security Incidents.

Dwight’s path to InfraGard leadership has been a long time in the making. He began his career post-Masters Degree as one of the founders of the Chicago Board Options Exchange (CBOE) during its early and rapid growth years. He became an EVP, learning from some of the financial and security industry greats. This was Dwight’s first exposure to the challenges of a start-up facing the inertia and monopoly power of the ‘owners’ of the securities industry.

Dwight has been a founder of several software tools and cryptography companies along the way. At O’Connor Associates, which was later acquired by The Swiss Bank Corporation, Dwight become the person responsible for infrastructure architecture, system engineering, network Engineering, and global data center operations for the company’s Trading and Markets Divisions. Dwight saw first hand how mass market retail chips (such as Intel and ADM) eventually eliminated all the expensive custom equipment in the market. The first sector to first to fall was storage, then processing, and now networking as commoditization continues to sweep established sectors.

Through Borland Software, which acquired Patrick Kerpan’s Bedouin Inc, Dwight worked more closely with our now CEO. They collaborated again when they founded CohesiveFT. From CohesiveFT, they successfully spun out Rabbit Technologies Limited (makers of RABBITMQ) to VMware. Today, Cohesive Networks focuses on software connectivity and security.

Dwight takes on many of the security compliance projects at Cohesive Networks, including his work on the NIST Cybersecurity Framework. He’s authored the NIST Cybersecurity Framework white paper , and recently presented at CircleCityCon. Dwight is also a member of the Chicago Secret Service Electronic Crimes TaskForce.

Dwight’s tips for cloud network security:

1. Assume all networks are dangerous. Protect internal networks the same way you’d guard against hackers and snoops on public internet. Google’s BeyondCorp is proof that we should dump the edge protection corporate network model.
2. Focus on securing all data as it travels across networks or in shared environments. Use strong encryption, network segmentation, and defense in depth to limit interactions between critical applications.
3. Segment internal networks . Most enterprises focus on perimeter defenses and overlook internal network security. But, network segmentation is the best way to protect all applications, servers, systems. Even with only basic interior firewall rules and encrypted VPN tunnels, an organization can protect themselves from the east/west exploit in the Sony hack.
4. Use the NIST Cybersecurity Framework to review and update corporate risk-management approaches. The Framework combines existing security assessments, regulations and guidelines into a workable reference guide – and it’s free.

The UK government has published a “statement of intent” on data privacy and security this summer. The law, an updated version of the Data Protection Bill, will mirror the EU’s upcoming General Data Protection Regulation (GDPR) rules for data privacy and the fines for non-compliance. The UK law will likely go into effect in September 2017, which does not give organisations time to meet the GDPR requirements by 28 May 2018.

About the Data Protection Bill

The new Data Protection Bill requires any organisation that collects or manages personal data to be accountable for that data. All data collection, storage, and management must prioritize end user privacy rights. Any organisations that deals with high-risk data processing must protect that data, allow end users to remove and transport their data.

Worryingly, only one in 10 FTSE 350 companies (10 percent) do not currently have a response plan for dealing with a cyber incident. Less than a third of organisations’ boards have a comprehensive cyber risk plan. Only 6% of UK businesses completely prepared for new data protection rules, which makes the Data Protection Bill and GDPR deadlines even more important.

Bottom line: businesses must ensure their data is secure, private, and well managed or pay the price.

Unlike the GDPR, the UK law sets the national data protection regulator as the Information Commissioner’s Office (ICO). The ICO will have the power to defend consumer interests and issue higher fines. Organizations that do not properly protect personal data or fail to report security breaches can be fined up to £17 million or up to 4% of their global turnover. Previous laws set the maximum fine at £0.5 million.

From the Government, the Data Protection Bill intends to:

• make it simpler for users to withdraw consent for the use of personal data;
• allow people to ask for their personal data held by companies to be erased;
• enable parents and guardians to give consent for their child’s data to be used;
• require ‘explicit’ consent to be necessary for processing sensitive personal data;
• expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA;
• update and strengthen data protection law to reflect the changing nature and scope of the digital economy;
• make it easier and free for individuals to require an organisation to disclose the personal data it holds on them;
• make it easier for customers to move data between service providers.

An Evolution of Digital Security
The DCMS has evolved from the Department of National Heritage (DNH), into the Department for Culture, Media and Sport (DCMS) was renamed in 1997, to today’s Department for Digital, Culture, Media and Sport on 3 July 2017. PM Theresa May’s government updated the name to reflect the department’s increased activity in the Digital sector.

On 7 August the DCMS released a “statement of intent” to update and strengthen data protection laws. A new Data Protection Bill will mirror the EU’s General Data Protection Regulation (GDPR). Like the agency, the original Data Protection Act first came into law in 1984, then updated again in 1998. The proposed 2017 law will bring the EU’s GDPR into UK law, so data security will remain a priority regardless of Brexit.

How is the Data Protection Bill is similar to GDPR?

The Data Protection Bill is designed to enact the GDPR into UK law. The Bill is very similar to the GDPR – it includes the famous “right to be forgotten” data removal requirements, “explicit consent” for collecting new data, and “data portability” for moving data between providers.

Another key similarity is the concept of “privacy by design/default.” Organisations must build applications and systems with data privacy protection built in.

What can you do today to prepare?

Reevaluate access controls for IT teams and other departments. With cloud-based systems, it should be easier to implement strong password and authentication programs. With access management tools IT teams can also gain insight into what users require access to each service or application and apply the rule of “least privilege” required for each.

Add encryption in-transit to any existing encryption best practices. Cloud providers offer excellent encryption for data at rest, but only some services and intra-region transfers have data-in-motion encryption. Any data traveling between cloud regions, traveling over the public internet, and between organisation locations should be encrypted.

Prepare with security, but plan for a data breach. GDPR requires all organisations report any data breaches involving personal information within 72 hours of discovery. Along with controls to detect any unwanted network access, your teams should also have a plan to control and shut down any malicious actors.

VNS3 and data protection

VNS3 can help organisations meet data security measures for data privacy compliance. Even if your company is not located in the EU, your data might include information on a “data subject.” For organisations with large amounts of data and data that travels between networks the best options include adding encryption in-transit. Cloud providers offer excellent encryption for data at rest, but only some services and intra-region transfers have data-in-motion encryption. Any data traveling between cloud regions, traveling over the public internet, and between organisation locations should be encrypted.

But, don’t just take our word for it! Use VNS3 in any cloud environment with our Free Edition. Try it today from the AWS Marketplace or Azure Marketplace.

Get in touch with our sales team for BYOL versions for other large clouds, custom pricing, or for a POC.

This week was the final AWS Summit for the Cohesive Networks team. We’ve been to this year’s London, Chicago, and New York Summits in 2017 and had a few thoughts from the events.

AWS Summits recap

London, at the end of June, was the first summit for the Cohesive team. The biggest trend I noticed was the marked difference in conversations for the AWS Summit in London last year. Last year, I noticed most attendees were just starting to consider cloud and AWS and had not actively started using any IaaS technology. This year, by contrast, so many conversations jumped right into cloud use cases, from network connectivity concerns to encryption in transit. Not only are people using cloud but they are seeing the need for VNS3’s enhanced network and security.

I had a long talk with a pair of website and app developers who wanted to segment their AWS subnets for added network security. Another wanted to add more VPN endpoints to his VPC regions. Several conversations about VNS3 also involved Azure, which was a big surprise. Not only are Londoners actively using AWS but they are already embracing a multi-cloud hybrid approach.

One thing that was unique and helpful in London was their Marketplace seller “passport” promotion. Attendees visit 10 booths of AWS Partners that sell products on the AWS Marketplace. Each booth signs the passport and has a chance to chat with attendees who are looking to earn some AWS credits. Once attendees earn 10 signatures, they can turn it in to the AWS Marketplace staff to get $100 of AWS credits. Granted, most just stopped by for a quick hello and signature but it was a great way to meet active AWS users in the crowd in addition to the brave souls who stopped to have a longer conversation.

Next stop, Chicago at the end of July. Most of the Chicago Cohesive team was on hand which was a very good thing since the expected crowd of 5,000 was well over 7,000 from our estimates. After hearing rumors of AWS Summit not coming back to Chicago, it was good to see such a big crowd and a 2 day event.

Personally, the best part of the Chicago Summit was getting to see so many local AWS users and partners. I organize the AWS Chicago user group , so many group members stopped by the Cohesive booth just to say hi. AWS account reps and technical leads based in Chicago are becoming more active with the local AWS users. After a long time of not being able to meet with AWS employees in person in Illinois, it’s great to shake hands with real people from Amazon.

Final stop, New York Summit. This summit was probably a victim of poor timing. A Monday conference in August in NYC is an odd choice. I suspect attendance was lighter than hoped for since everyone I know was taking a last-ditch vacation before school starts up again. Nonetheless, most attendees had connections to banking and financial services and knew they have serious security challenges to solve.

It is always nice to have happy customers walk up and introduce themselves. We had a few in New York immediately say “I use VNS3 and it’s great!”

I assume AWS Summit attendees are interested in cloud, IaaS, and AWS in particular so it’s not a full view of the cloud user market. Just from comparing last year to this year in London and Chicago, AWS users are advancing into more technical user cases with cloud, far beyond dev/test and new projects. Attendees at each event had complex use cases for connecting existing data centers, extending cross-region networks, and encrypting data as it travels in shared environments.

AWS Summit Promo just for you!

Now through the end of the year, we’re running a special on VNS3 Lite editions in the AWS Marketplace. Try VNS3 today for free.

Try one instance of VNS3 Lite for 29 days without any cost. There will be no hourly software charges for that instance, but AWS infrastructure charges still apply. Free Trials will automatically convert to a paid hourly subscription upon expiration. See all the details in the AWS Marketplace.