A Vision for Cloud Security

“Rainwater straight from the clouds is distilled water, as safe to drink as tap water. Can you say the same about data from the Cloud?” asks Dr Hongwen Zhang, CEO of Wedge Networks. “How would you react to a water company that sold water as polluted as the typical spam and malware riddled Internet connection?”  This also raises serious concerns for the Internet’s long-term survival.

By Dr. Hongwen Zhang, Wedge Networks CEO

Water is the stuff of life: nearly 60% of our bodyweight is made of water and the presence of water is the first thing astronomers look for when considering a habitable planet. Find a good source of clean water and you are established for life: ancient trade routes went from water source to water source, and cities grew up around those precious assets.

In cyberspace it is not water but information that flows to those nodes. But the same rule applies: deliver good information and business will flourish. For the service provider the information comes from the Cloud, just as water ultimately comes from the clouds, but is it as clean? How might a service provider benefit if it could promise not just data, but pure data for its customers?

What’s in it for the Service Provider?

Customer churn is one of service providers’ biggest headaches. The annual churn rate in global mobile telecommunications service companies ranges from 20% to 40% and it gets worse as the market matures. It’s common knowledge that the cost of acquiring a new customer is way over the cost of retaining an existing one – it reduces profits as well as the referral benefits of continuing service customers.

So consider my question: “how would you react if your water supply was as polluted as a typical Internet connection?” You would be forced to spend money on your own filter systems or water sterilizing tablets, bottled water from other suppliers, and would be constantly looking for better ways to buy water.

This is just how it is for Internet users: they are expected to invest in third party anti-virus and security systems, so they have less to spend on services. Then they get angry at the daily floods of spam and keep looking for better, or at least cheaper, services and providers.

This is the very engine of churn. A constant pressure from unwanted spam mail – carefully engineered with every psychological ploy to attract your attention and distract you – and you are forced to trawl through your in-tray in order not to miss a few vital e-mails that might also be there. More than 97% of all emails sent over the net are unwanted, according to a Microsoft security report – and the daily count of spam messages passed the 200 billion mark in 2010. There’s also the money and time spent on third party Internet protection software to keep out malware… Then you hear about a different provider that seems to be offering a good deal, maybe start with a clean new e-mail account? For the customer it’s just scratching at an itch – for the provider it’s churn.

Now change the scenario: you have a provider who, for the last year, has provided good service with guaranteed levels of spam reduction and malware protection that match your need without any extra effort on your behalf. Why bother to change? We are back to the more usual business situation here, where it is far easier to sell to an existing customer than to woo a new one.

20 to 40% churn is not normal behavior, it’s a symptom of frustration. Reduce that frustration by delivering clean data, and you reduce churn

The bigger issue

I’ve argued so far that any company that finds a way to deliver unpolluted Internet access will gain an immediate advantage from slashing customer churn. Good for them – but what about the benefits to business, the economy and society?

This would not make much difference to the large enterprise or public organization that has already invested heavily in security solutions. Such groups have their own well-defined requirements which vary from the military’s bomb-proof security, through the high speed needs of financial traders, the personal data protection of healthcare and government and so on. They will have their own security systems in place and a specialist team to administer them.

The real beneficiaries will be the individuals, home users and smaller businesses that don’t want to be vulnerable but resent the time and resources needed to provide their own protection. This is a large sector of the population, but is it as economically significant as the larger enterprises?

Taking Europe as an example, the EU website defines SME as having less than 250 employees, of which “small” means less than 50 employees and “micro” means less than ten employees. In these terms SMEs “provide two out of three of the private sector jobs and contribute to more than half of the total value-added created by businesses in the EU. Moreover, SMEs are the true back-bone of the European economy, being primarily responsible for wealth and economic growth, next to their key role in innovation and R&D” according to the EU website. Canadian figures rate “small” as less than 99 employees, “medium” as less than 500, while “large” 500 or more employees: in these terms “Small businesses make up 98.2% of employer businesses, medium-sized businesses make up 1.6% of employer businesses and large businesses make up 0.1% of employer businesses.”

If these figures are at all typical – and there are around 220 million companies worldwide with less than 250 employees – then the economic benefits of cleaner Internet connectivity to any country will be enormous. And this is simply in terms of the time and cost savings to smaller businesses that do not have the resources to protect themselves from malicious and time wasting traffic.

Add to that the benefits to home users, for whom the Internet is largely a provider of recreation and social contact. A society where people can interact, share experiences and freely discuss ideas is potentially a very healthy society. But when the medium of communication becomes polluted with phishing probes, spam contacts, “grooming” and other forms of malicious traffic, then the medium that once united society becomes the very means to fragment it and spread distrust and anger.

To take a specific example: there are already more than 2.1 billion mobile web users amongst a total world population of 7 billion, and the 2013Q2 China Mobile Security Market Quarterly Research Report includes a survey result suggesting that 53% of mobile data users do not want to install security software in their mobile devices. This might seem shocking news to an IT security professional, but it simply reflects human need and is an extension of the frustration that a home user would feel at having to take steps to secure home IT systems. For the fact is that much of the attraction of mobile web access lies in its immediacy, simplicity and directness – once you start complicating that with more passwords and levels of security that attraction goes.

So this is the bigger picture: a society that provides clean Internet access and does not leave the main burden of security to the individual user will not only gain economically but also benefit from better social cohesion and less discontent.

But is it possible?

The move to cloud computing has barely started, but it is another game-changer in terms of the need for better security in the Internet. With estimates around a trillion dollars per annum for the damage that is already being done by Internet pollution to the world economy – despite some $60+ billion being spent to resist it – it is clear that clean Internet would make a staggering contribution to global economic and social welfare. But is it a pipe dream? How would it be realized?

Another game changer has been the massive increase in content on the web, driven particularly by the popularity of video. With 90% of attacks being concealed within content – text, video and sound – any solution needs to involve real-time object level analysis of network traffic. This “Deep Content Inspection” not only analyses the bytes within the network packets, but also the digital objects that are carried over many network packets can also be recognized and handled. Clearly, inspection at this level is an enabler for any number of new network applications, and removing spam and malware is just the beginning.

I began by addressing the benefit to the service provider: deliver clean Internet to your customers and you have an immediate competitive advantage. OK, I also suggest that all SPs should do this, so the competitive advantage would be short lived, however the reduction in churn remains as an important bonus.

But there is another factor here: if the service provider has the means to clean up the traffic, including content, then there is also the potential to provide a range of security and other services. “Clean Internet”, like clean water, is of course by far the biggest draw overall, but there will also be some customers with special needs who would appreciate an SPs offer of “flavored water” with added levels or styles of filtering according to region of origin, language, date of origination or any number of special criteria. Deep Content Inspection offers unlimited potential for future services along these lines.

What is needed to achieve this must be an add-on “security layer” – for few providers would welcome a forklift upgrade of their immense and far flung infrastructure investment. It should be provided as software, running as a hardened, embedded operating system, that can be installed on ordinary off-the-shelf hardware appliances and servers, or else packaged as virtual machines.

The good news is that such software is already available and thousands instances of it are already deployed in service providers, enterprises, and small businesses worldwide, performing high performance deep content inspection for these organizations. Use it to “clean up their act”, and service providers now have a major opportunity to improve business and make a significant contribution to society.

The biggest issue

A cleaner Internet has enormous implications for business and society. It also raises important issues about the future of the Internet itself.

It has already been suggested that a very large network, by its very complexity, adaptability and organic growth, has many characteristics of a living organism. A living organism, however, consists of more than just flesh and bone, for it has systems that overlay that structure. The nervous system plays the role of a recognisably distinct “control plane” that receives data from every part of the body, in the form of senses and pain, and transmits back signals to control and manage that body.

Modern trends in networking recognise a similar need for a control plane to turn a static network into a dynamic “living” entity that can adapt to fast evolving business and regulatory demands. This is the essence of software-defined networking (SDN) and is now widely recognised as the future of networking.

All complex life has evolved such a nervous system, together with other systems that function in parallel. Wikipedia states that: “The immune system is a system of biological structures and processes within an organism that protects against disease. To function properly, an immune system must detect a wide variety of agents, from viruses to parasitic worms, and distinguish them from the organism’s own healthy tissue.” This is a very clear description of biological deep content inspection.

It goes on to describe the “layered response” of an immune system, beginning with innate immunity that provides an immediate, non-specific defence for all plants and animals from single cells upwards. Then there is the adaptive immunity that has been developed in vertebrates such as human beings: “Here, the immune system adapts its response during an infection to improve its recognition of the pathogen. This improved response is then retained after the pathogen has been eliminated, in the form of an immunological memory, and allows the adaptive immune system to mount faster and stronger attacks each time this pathogen is encountered”. As pathogens evolve and adapt, the immune system has evolved multiple defence mechanisms to keep pace.

The point is that ultimately no organism can survive without some form of immune system, just as it cannot move and adapt without a nervous system. So what is the long-term future of networking unless we can develop not only a software-defined nervous system but also a software-defined security system that is built into the structure itself?

The security layer I have described will provide an immune system for the organism we call the Internet. This software-defined security is as fundamental a development as SDN.

It could prove vital to the Internet itself, as well as to society and the economy.

Posted in Industry News, Latest Security News, Wedge News | Leave a comment

Harper Government Kick-Starts Entrepreneurship in Calgary

Calgary, Alberta, December 19th, 2013 – The Honourable Diane Finley, Minister of Public Works and Government Services, was pleased to announce today that the Government of Canada has awarded a contract to Calgary company Wedge Networks for its innovation, WedgeOS, through the Build in Canada Innovation Program (BCIP).

“Our Government continues to focus on helping Canadian businesses expand and succeed,” said Minister Finley. “We are proud to encourage Canada’s entrepreneurial spirit and to invest in innovations that directly benefit Canadian workers and families by creating jobs, economic growth and long-term prosperity.”

WedgeOS is a new software platform that conducts a full inspection of content within Internet traffic in real time. It provides protection for all endpoints within an organization, including servers, computers, laptops and other mobile devices. It can provide accurate and transparent security by scanning all network content and making sure it is free from malware, spam and other security threats. It offers a platform for Internet service providers, government and large enterprise markets that require this type of solution to combat growing security threats that expand far beyond Canada. The value of the contract awarded to Wedge Networks is $507,464.

“A cutting-edge innovation such as this one could bring many benefits to the IT industry, so I am very pleased to announce this contract,” added Minister Finley.

The BCIP was launched in 2010 as a pilot program to connect Canadian companies with federal departments and agencies that have a need for innovative products and services. By selling to the federal government, businesses can demonstrate the value of their products and services, and potentially generate future sales to non-government customers in Canada and around the world.

To build on the early success of this pilot program, Economic Action Plan 2012 allocated additional funding for three years, starting in 2013. As of 2016, $40 million will be permanently dedicated to the BCIP annually. The latest Call for Proposals for the Build in Canada Innovation Program was announced on November 21, 2013 and suppliers have until January 7, 2014, to submit proposals.

For more information about the program or for the complete list of innovations, please visit the BCIP web page.

For more information, media may contact:

Marcel Poulin
Office of the Honourable Diane Finley
819-997-5421

Media Relations
Public Works and Government Services Canada
819-956-2315

For the full news release, please visit the Government of Canada website.

Government of Canada Logo

Posted in Industry News, Wedge BeSecure Community Support Forum, Wedge News | Leave a comment

Wedge CEO Provides a Vision for Security in the Cloud

A Vision for Security in the Cloud – an article written by Wedge Networks CEO, Dr. Hongwen Zhang, has been published by Germany’s Cloud Computing Insider.  In this article, Dr. Zhang discusses Wedge’s Vision for making data flow as clean as drinking water from the tap by providing network security in the Cloud.

To read the full article, please visit Cloud Computing Insider.

Cloud Computing Insider

Posted in Industry News, Wedge News | Tagged , , , | Leave a comment

Wedge Networks Set to Spearhead Global Cloud Security Drive

Article on Techday.com, TelcoReview, November 21, 2013, By Sean Mitchell, Techday Writer.

Wedge Networks, a leader in real-time network security solutions for Enterprises and Service Providers, has been chosen by The CloudEthernet Forum to help lead its new Cloud Security initiative.  As a result of the deal, Dr. Hongwen Zhang, CEO of Wedge Networks is to be appointed co-chair of the CEF’s Security Working Group.

“We are delighted to welcome Dr. Hongwen Zhang on board to help spearhead our security initiative,” says Sam Youn, CEF Technical co-chair and Director, Network Architecture, Equinix. “Wedge Networks are experts in developing next generation security solutions, with a solid vision about the future of internet security.  We are confident they will lead the way in transforming the management of security services from the Cloud.”

Youn says initial work will commence this month, in conjunction with other CEF members, to develop use cases which will help accelerate security advancements for Cloud computing.  The focus of this initiative will be the networking aspect of security issues; the case of securing SDN and providing ‘Security from the Cloud’.

For the full article, please visit Techday.

Techday

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , | Leave a comment

Bring Your Own Key: The next big thing?

Wedge CEO, Dr. Hongwen Zhang, is quoted in Davey Winder’s article “Bring Your Own Key: The next big thing?” published on CloudPro, November 14, 2013.  In the article, Mr. Winder writes “Forget BYOD, or even the much hyped BYOC (Bring Your Own Cloud), the hot ticket in cloud buzzwords might have changed to BYOK.”

Excerpt:

“Most of the IT security experts I spoke to, such as Dr. Hongwen Zhang who as well as being CEO of Wedge Networks is a member of the CoudEthernet Forum responsible for spearheading its security initiative, are encouraged by the Thales/Microsoft development.  However, there are other issues facing companies when it comes to asset protection in the cloud that are shared by the industry.

Zhang, for example, worries that security quite often goes against convenience.  “Collaboration among web services is a key aspect of cloud computing.  It is time for the key players to establish a standard on cloud data encryption so that security and interoperability can both be achieved.” he warns.”

For the full article, please visit CloudPro.

CloudPro

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , | Leave a comment

Wedge Moves On ISP Security In EMEA

Article on ITWeb, September 26, 2013, By Staff Writer,

Wedge Networks, a North American-based network security solutions company, has introduced a turnkey managed security platform for internet service providers (ISPs) in Europe, the Middle East and Africa (EMEA).  Announcing the development today at the NetEvents cloud spotlight in Nice, France, CEO Hongwen Zhang said the new solution would help ISPs deliver better security, increase customer satisfaction and generate additional revenue per user.

“Value-added services are important in increasingly commoditised bandwidth markets to increase customer experience and reduce churn,” says VP of global sales at Wedge, Steve Chappell.  The new solution, he says, is non-disruptive to networks and works with the current infrastructure using software-defined network security methodology.  Chappell adds the solution is able to be deployed on top of existing network fabric.

To read the full article, please visit ITWeb.

ITWeb

Posted in Industry News, Latest Security News, Wedge News | Tagged , , | Leave a comment

Wedge Networks Introduces Turnkey Managed Security Platform for Service Providers

Wedge Networks has introduced a Turnkey Managed Security Platform for Service Providers at NetEvents.  The new solution helps ISPs to deliver better security, increase customer satisfaction and generate additional revenue per user.  Value added services are important in increasingly commoditized bandwidth markets to increase customer experience and reduce churn.  The new solution is non-disruptive to networks and works with the current infrastructures using Software Defined Network Security (SDNS) methodology.  It is simple to deploy on top of existing network fabric.  To view the entire article and learn more about this solution, please visit Telecomkh.com.

Telecomkh

Posted in Industry News, Latest Security News, Wedge News | Tagged , , | Leave a comment

Wedge Provides Turnkey Managed Security Platform for ISPs

Article on MSP Today, September 27, 2013, By Bob Emmerson, TMC European Editor.

Wedge Networks has introduced a Turnkey Managed Security Platform that ISPs can employ in order to deliver better security, increase customer satisfaction and generate additional revenue per user.  The business and technology model is distinctly different. Wedge is hosting a comprehensive range of proven, third-party security software products that ISPs can offer to their customers, primarily SMBs, for an additional modest fee, e.g. 20 percent.  This fee is split 50:50 with Wedge, who takes care of software updates.  There is no charge for the ISPs: it’s a revenue sharing model.  Learn more about this article in MSP Today.

MSP Today

Posted in Industry News, Latest Security News, Wedge News | Tagged , , | Leave a comment

Wedge Networks Highlighted by the Calgary Herald

Wedge Networks was introduced and highlighted by the Calgary Herald.  Read the article for more on this story.

CalgaryHerald

Posted in Industry News, Wedge News | Leave a comment

Wedge Networks Seeks U.S. Channel for Content Security

To jumpstart its partner program, Wedge Networks is offering resellers’ customers a 45-day trial of its full security suite through its “Instant-On Program”, which is designed to expedite the evaluation period as well as identify vulnerabilities in the customer environment to ease the sale. The trial is run from a virtual machine or from the cloud. Barry George, the VP Global Sales at Wedge, said it takes about an hour to set up and 24 hours to get enough data for diagnostics. Typically, Wedge Networks’ software finds 20-22 percent more issues than do firewalls or UTM systems alone, he said.

Wedge Networks also provides partners with co-op marketing funds and discounts on annual software licenses. Full discounts are recognized on renewals. Partners also can resell Wedge Networks’ professional services and its support contract for a discount. Click here to read the full article.

IT_Channel_Partners

Posted in Industry News, Wedge Channel Partner Forum, Wedge News | Tagged , , , | Leave a comment