Archive for April, 2019

Thales Completes Acquisition Of Gemalto To Become A Global Leader In Digital Identity And Security

Tuesday, April 16th, 2019
  • Thales (Euronext Paris: HO) has today completed the acquisition of Gemalto (Euronext Amsterdam and Paris: GTO), creating a global leader in digital identity and security.
  • With Gemalto, Thales will cover the entire critical decision chain in a digital world, from data generation via sensors, to real-time decision support.
  • This acquisition increases Thales’s revenues to €19 billion and self-funded R&D to €1 billion a year, with 80,000 employees in 68 countries.

Completed in 15 months, the acquisition of Gemalto by Thales for €4.8 billion creates a Group on a new scale and a global leader in digital identity and security employing 80,000 people. The larger Thales will master all the technologies underpinning the critical decision chain for companies, organisations and governments. Incorporating the talent and technologies of Gemalto, Thales will develop secure solutions to address the major challenges faced by our societies, such as unmanned air traffic management, data and network cybersecurity, airport security or financial transaction security.

This combination creates a world-class leader with an unrivalled portfolio of digital identity and security solutions based on technologies such as biometry, data protection, and, more broadly, cybersecurity. Thales will thus provide a seamless response to customers, including critical infrastructure providers such as banks, telecom operators, government agencies, utilities and other industries as they step up to the challenges of identifying people and objects and keeping data secure.

Research and development: inventing the world of tomorrow

Thales and Gemalto share a passion for the advanced technologies that serve as a common foundation and focus for their 80,000 employees. Research and development (R&D) is at the core of the new Group, with its 3,000 researchers and 28,000 engineers dedicated to R&D. Thales has been developing state-of-the-art technologies to meet the most demanding requirements of customers around the world for decades. Today the Group has become a giant laboratory inventing the world of tomorrow, with a portfolio of 20,500 patents, of which more than 400 new ones were registered in 2018.

Technological synergies

The new Thales will cover the entire critical decision chain in an increasingly interconnected and vulnerable world, with capabilities spanning software development, data processing, real-time decision support, connectivity and end-to-end network management.

With €1 billion a year devoted to self-funded R&D, the Group will continue to innovate in its key markets, drawing in particular on its world-class digital expertise in the Internet of Things, Big Data, artificial intelligence and cybersecurity.

The first illustrations are as wide as the Group’s portfolio:

  • Banking: Big Data analytics
  • Defence: biometrics
  • Aerospace: unmanned traffic management
  • Ground transportation: Internet of Things •
  • Space: Internet of Things •
  • Telecommunications: Big Data analytics

An extended global footprint

Following this acquisition, Gemalto will form one of Thales’s seven global divisions, to be named Digital Identity and Security (DIS). Gemalto will interact with all of the Group’s civil and defence customers and will significantly strengthen its industrial presence in 68 countries. Thales will considerably expand its operations in Latin America (2,500 employees, up from 600), triple its presence in Northern Asia (1,980, from 700), Southeast Asia (2,500, from 800) and India (1,150, from 400) and North America (6,660 employees, up from 4,600).

“With Gemalto, a global leader in digital identification and data protection, Thales has acquired a set of highly complementary technologies and competencies with applications in all of our five vertical markets, which are now redefined as aerospace; space; ground transportation; digital identity and security; and defence and security. These are the smart technologies that help people make the best choices at every decisive moment. The acquisition is a turning point for the Group’s 80,000 employees. Together, we are creating a giant in digital identity and security with the capabilities to compete in the big leagues worldwide.” Patrice Caine, Chairman and CEO, Thales.

About Thales

The people who make the world go round – they rely on Thales. Our customers come to us with big ambitions: to make life better, to keep us safer. Combining a unique diversity of expertise, talents and cultures, our architects design and deliver extraordinary high technology solutions. Solutions that make tomorrow possible, today. From the bottom of the oceans to the depths of space and cyberspace, we help our customers think smarter and act faster – mastering ever greater complexity at every decisive moment along the way. Thales generated revenues of €19 billion in 2018 with 80,000 employees in 68 countries.

Click here to view the Thales Group’ website.

Privacy 2019: TOR, MEEK and the rise and fall of domain fronting

Tuesday, April 16th, 2019

This post is the first in a series covering privacy, anonymity and security on the internet in recent times, with a focus on real issues affecting people in the real world. Censorship and pervasive state-sponsored surveillance is a daily reality for hundreds of millions of people around the world.

Privacy: 2019

Surveillance and censorship on the internet is a day-to-day reality in many countries. There are some well-known examples such asChinaRussia and Iran, but these countries are not the only countries employing censorship. And there are indications that it is becoming more common, especially with software solutions that enable turn-key censorship being a commodity such as Symantec BlueCoat.

Whilst surveillance is definitely more difficult to measure and estimate, and often based on whistleblowers and information leaks, censorship can be felt in many countries very directly, with some of the most common sites on the internet completely blocked off in various regions of the world. In an attempt to beat censorship, many have turned to the Tor Project.

The Tor Project

The Tor Project promotes and develops software to protect the privacy and anonymity of online users. They manage the Tor network, which allows volunteers to run a relay on their device, allowing it to transport multi-hop, encrypted and anonymized traffic of users in the network.

In order to detect and monitor censorship on the internet, Tor also runs the Open Observatory of Network Interference project. Probes are run by volunteers and attempt to access blocked websites, at some risk to those running the probes. They have no real anonymity in-front of their respective ISP or any surveillance technology possibly deployed against them. Such exposure is unavoidable as the intention is primarily to test whether normal internet user traffic and protocols, chiefly DNS, HTTP and HTTPS traffic, are blocked.

The data collected by OONI leaves no margin for speculation: censorship is real, it is widespread and it affects a great deal of people in a major way. Tor provides free plug-and-play tools such as the Tor Browser Bundle, which includes a browser with privacy extensions and optimal configurations pre-loaded. The browser is configured to attempt to leak as little information as possible (such as DNS) outside the encrypted, anonymized Tor tunnel.

The Importance of TLS & SNI

TLS, the successor to SSL, is a cryptographic protocol designed to provide integrity and privacy between applications. The most common usage of TLS is within HTTPS, which is HTTP over TLS (or SSL). With TLS, two endpoints can establish communication over the internet that prevents eavesdroppers from observing, modifying or spoofing messages between them.

TLS is also used in QUIC, a protocol originally designed by Google in 2012 and still under development, which is planned to replace HTTP/HTTPS. QUIC doesn’t rely on TCP for the transport layer but opts to use UDP instead.

SNI

The latest version of the TLS protocol is TLS 1.3, which was approved in 2018. TLS 1.3 contains very important changes; most importantly it removes old, deprecated and insecure cryptographic suites that should not be in use in 2018, and it also comes with speed-up features, such as TLS False start and 0-RTT. It also makes mandatory an extension known as Server Name Indication (SNI), one of the original proposed extensions from RFC4366, which was written all the way back in 2006.

There are real, solid reasons for why SNI is required, but there is also a major downside to SNI. SNI leaks the hostname on establishment of every TLS 1.3 connection. There is more to be said about SNI and how to fix it, and this will be addressed more fully in a post of its own; for now, note that the IETF Survey of Worldwide Censorship Techniques (draft 07) has been marking it as an Achilles heel for years.

data-id=”4701

Pluggable Transports and Censorship

Multiple countries have been documented attempting to both monitor and block Tor traffic, and incorrect usage of Tor has led to the documented downfall of multiple users over the years. One example is that connecting to the Tor network without a bridge is easily detectable, and can be used for attribution or creating a small target group.

China has been attempting to block Tor at least partially since 2008Venezuela began blocking Tor in 2018, and Russia passed a bill in 2017 forbidding the use of proxies and Tor specifically.

Tor’s cat and mouse against censors and monitoring led to the development of bridge relays, which rely on various techniques and protocols to bypass censorship. These techniques are called pluggable transports.

One crucial pluggable transport is meek, and to explain what meek is, we first need to explain domain fronting, the technique meek leverages to provide privacy.

What is Domain Fronting?

Domain fronting is a technique to obfuscate the SNI field of a TLS connection, effectively hiding the target domain of a connection. It requires finding a hosting provider or CDN which has a certificate that supports multiple target domains (known as SAN’s, subject alternative names). One of the domains will be a common one which the client wants to pretend to be targeting in the connection establishment in the SNI field, and the other domain is the actual target of the connection and the following HTTP request.

The following image shows an example of the google.com certificate, which has many SAN domains, among them *.appengine.google.com.

data-id=”4702

Once that’s done, domain fronting can be attempted. A quick test to see if domain fronting works for a pair of domains is to use cURL, sending the hidden host (android.com in this case) as an HTTP header and specifying the target as the domain we’re hiding behind (google.com in this case). cURL will specify that domain in the SNI field.

data-id=”4704

And here is another demonstration of the flow that hopefully makes it a bit clearer.

Pluggable Transports: meek

On the 14th of August 2014, the Tor Project announced the release of the meek pluggable transport. Meek uses domain fronting to hide the target bridge relay behind a very popular domain. For example, it could use google.com as a cover for xyz-meek-relay.appspot.com.

This allowed the creation of meek bridge relays on large clouds such as Google App Engine, Amazon CloudFront/EC2 and Microsoft Azure, hiding the actual target hostname behind domains such as google.com, amazon.com or various static asset CDNs.

Domain fronting was nothing short of revolutionary for Tor users in high-risk countries.

  1. It made Tor traffic look exactly the same as normal HTTPS (with some caveats, bad usage can still make connections stand out).
  2. The side effect of blocking meek is very expensive to most censors, blocking Akamai/Amazon/Google either partially or completely in a country is not an act that goes unnoticed.

Meek is not a silver bullet as there are scenarios such as China blocking access to Google; regardless, meek still had huge impact and utility, and more providers were being discovered and researched. It was not unrealistic to expect a situation where blocking all meek bridges completely would require blocking a large chunk of the internet.

Domain fronting was adopted by other privacy-seeking service providers, notably Signal and Telegram, and proved itself when Signal was blocked in Egypt, Oman, Qatar and the UAE. Signal was still accessible thanks to domain fronting on Google App Engine due to these countries not being willing to go as far as blocking access to google.com just to block these services.

Malicious Use of Domain Fronting: APT29

Domain fronting isn’t only used for good purposes; unfortunately, hiding the target domain is also a valuable tool for attackers looking to hide connections to their command and control servers and other assets, as was the case with the hacking group APT29, also known as Cozy Bear and The Dukes.

On March 27th, 2017 Mandiant/FireEye reported they had detected the Russian nation-state backed APT29 group employing domain fronting for at least two years. Domain fronting received quite a lot of attention around this time from the hype created in the cybersecurity community.

The Demise of Domain Fronting

On April 14th, 2018 a bug report was opened on the Tor bug tracker regarding breakage in the meek-google transport.

It was quickly discovered that Google’s infrastructure began responding with an HTTP Error 502 with the message “This HTTP request has a Host header that is not covered by the TLS certificate used. Due to an infrastructure change, this request cannot be processed”.

Google thus silently killed off domain fronting on its infrastructure. Two weeks later, Amazon followed suit blocking domain fronting and posting a blog post on the subject.

data-id=”4705

The use of domain fronting peaked in late April 2018. Amazon announced the blocking of domain fronting on April 27th. The same week of Amazon’s announcement, Signal announced their Amazon CloudFront account was frozen. Amazon pointed to Signal’s blog and Github account as proof of the alleged violation of Amazon’s ToS.

Signal had never attempted to conceal its usage of domain fronting, as it had announced the featurefor users in Egypt and UAE in 2016. Telegram also took a major hit, especially in Russia, where a ban on the app was upheld in court, affecting 15 million Telegram users at the time.

A week after Amazon had joined Google in blocking domain fronting, the Tor Project published “Domain Fronting is Critical to the Open Web”, a treatise on the importance of domain fronting to internet privacy, and detailing the move to Microsoft Azure.

As of April 2019, domain fronting still works on Microsoft Azure and serves as a critical lifeline for those relying on meek. While Microsoft’s cloud is smaller than those of either Amazon or Google, the effect of blocking it entirely would be immense for most censors. Blocking access to Azure would affect first-party cloud services owned by Microsoft such as Office 365 and Outlook, and even possibly disrupt vital services such as Windows update. On top of that, there is an unknown (but definitely large) amount of legitimate 3rd-party services hosted on Azure that would also take a hit.

Closing Thoughts on Vendor Responsibility

In closing, we would like to say we do not think Google or Amazon dropping domain fronting should be seen as an attempt by them to harm privacy on the internet. Domain fronting is an awkward but clever trick to side-step a flaw (or lack of feature) of the TLS protocol. As there has also been malicious usage of domain fronting, the most prominent one being APT29, it is certainly a liability in some respects. It has been suggested that political pressure may have been applied on these companies to phase out domain fronting; however, neither Google nor Amazon have commented on such speculation.

Also, as we will cover in our next post, Google is one of the vendors working on solving this issue, along with Cloudflare, Fastly, Apple and other members of the TLS working group that are involved with eSNI.

It is commendable in our eyes that Microsoft continues to provide domain fronting on Azure. There is no doubt that it is crucial to meek and other services that use the technique to protect the privacy of their users.


Click here to view the original post on SentinelOnes’ website.

How to configure Ruckus Unleashed in 5 minutes or less

Tuesday, April 16th, 2019

Over 30 billion connected “things” are expected by 2020, while applications such as 4K video are projected to drive internet traffic to 278,108 petabytes per month by 2021 – with users generating a staggering 163 zettabytes of data on an annual basis by 2025. Clearly, consumer-grade Wi-Fi routers are no longer capable of meeting the needs of small and medium businesses (SMBs).

These days, even smaller businesses are demanding fast, reliable, always-on connectivity for dozens or hundreds of connected devices. This is precisely why we are making Wi-Fi easy for SMBs with Ruckus Unleashed. Our controller-less, high-performance and affordable portfolio of access points (APs) can be up and running in five minutes or less. In addition, Ruckus Unleashed enables anyone to manage their network from an intuitive Unleashed mobile app for Android and iOS or website browser

Ruckus Unleashed Mobile App

In this video, we will demonstrate how easy it is to install and manage a Ruckus Unleashed network using your smartphone

First, let’s briefly review the installation process. Simply connect to the ‘configure me’ network and open the Ruckus Unleashed mobile app. Then follow the on-screen instructions to install the access point (AP). Once your Unleashed access point is up and running, there are several things you can do with your mobile app:

  • You can be notified of any changes on your network like an unresponsive access point.
  • Restart your AP from the Ruckus Unleashed mobile app.
  • Get a quick snapshot about clients connected to the network, WLANs and access points in your network through the dashboard.
  • Quickly add a new WLAN just by clicking on the plus button over the total WLAN dashboard icon.
  • Touch on the client symbol to learn about all the clients connected to your network.
  • Rename a client to easily identify the connected device and mark it as a favorite to receive instant notifications about that client.

If you run into any trouble, Ruckus can jump in to assist you using our remote management system. For additional information about Ruckus Unleashed and SMB Wi-Fi, please check out some of our previous articles:

Click here to view the original post on Ruckus’ website

Why Wi-Fi 6 is a breakthrough technology for the IoT

Tuesday, April 16th, 2019

Tom Soderstrom, the IT Chief Technology and Innovation Officer at NASA’s Jet Propulsion Laboratory (JPL), recently wrote an article titled “The Next Computing Wave: Ultra Powerful, Ultra-Accelerated, Ultra Connected.” The article, published on MeriTalk, touches on a number of topics, including Wi-Fi 6 (802.11ax), 5G, quantum computing, and the Cloud.

data-id=”4691

Wi-Fi 6 & the IoT

As Soderstrom observes, Wi-Fi 6 is nothing less than a “breakthrough technology” in the wireless arena.

“It’s coming soon, and it’s built for IoT. It will connect many, many more people to mobile devices, household appliances, or public utilities, such as the power grid and traffic lights,” he states. “The transfer rates with Wi-Fi 6 are expected to improve anywhere from four times to 10 times current speeds, with a lower power draw, i.e. while using less electricity.”

According to Soderstrom, IoT devices (aka sensors) will create and store massive amounts of data in the Cloud – all the time. 

“The flexibility of the Cloud allows service providers and developers at home and in enterprises to modify applications in near-real time,” he explains. “In fact, almost all AI-based applications or machine learning programs will be built in the Cloud, including the wireless apps used in retail, manufacturing, transportation and more.”

Wi-Fi 6 & Increased Power Efficiency

As Soderstrom succinctly notes, Wi-Fi 6 is more power-efficient than its predecessors. As we’ve previously discussed here at The Ruckus Room, this is made possible by a technology known as Target Wake Time (TWT). Essentially, TWT enables devices to determine when and how frequently they will wake up to send or receive data. In real-world terms, this allows wireless Wi-Fi 6 access points (APs) to increase device sleep time and significantly conserve battery life, a feature that is particularly important for the IoT. In addition to saving power on the client device side, Target Wake Time enables wireless access points and devices to negotiate and define specific times to access the medium. This helps optimize spectral efficiency by reducing contention and overlap between users.

The Origins of Target Wake Time

The Target Wake Time mechanism first appeared in the IEEE 802.11ah “Wi-Fi HaLow” standard. Published in 2017, the low-power standard is specifically designed to support the large-scale deployment of IoT infrastructure – such as stations and sensors – that intelligently coordinate signal sharing. The TWT feature further evolved with the Wi-Fi 6 standard, as stations and sensors are now only required to wake and communicate with the specific beacons transmitting instructions for the TWT broadcast sessions they belong to. This allows the wireless Wi-Fi 6 standard to optimize power saving for many devices, with more reliable, deterministic and LTE-like performance.

Conclusion

Wi-Fi 6 is the latest generation of Wi-Fi that bridges the performance gap towards ten gigabit speeds. It delivers faster network performance, connects more devices simultaneously and effectively transitions Wi-Fi from a best-effort endeavor to a deterministic wireless technology that is now the de-facto medium for internet connectivity. Deployed in dense device environments – such as those created by the IoT – Wi-Fi 6 supports higher service-level agreements (SLAs) to more concurrently connected users and devices with more diverse usage profiles. This is made possible by a range of features that optimize spectral efficiency, increase throughput and reduce power consumption. In addition to TWT, these include Multi-User Multiple Input Multiple Output (MU-MIMO)Orthogonal Frequency-Division Multiple Access (OFDMA)BSS Coloringand 1024-QAM.

Click here to view the original post on Ruckus’ website.

New ESG webinar discusses risk areas for BYOD and guest access

Wednesday, April 10th, 2019

A while back, Ruckus Networks sponsored a white paper from Enterprise Strategy Group (ESG) titled “Does Your Method for BYOD Onboarding Compromise Network Security?” This thought-leadership piece did a great job of calling attention to the security flaws in the ways organizations typically get BYOD and guest users connected to the network.

We’d like to share with you a brand new on-demand ESG webinar published under the same title featuring Senior Analyst and Practice Director Bob Laliberte. No registration is required to view the webinar. As much as we like white papers, hearing Bob cover this subject matter in webinar form really brings it to life. You can think of the white paper and webinar as companion pieces that reinforce one another. The webinar builds upon the white paper content to reach new heights of insight. Even if you have read the white paper, the webinar is well worth viewing.

What does the new ESG webinar cover?

As you probably know, ESG is a highly regarded and influential IT industry analyst firm with practice areas that include networking and IT security. Many IT professionals look to them to provide insights into trends in the world of IT. Those of us on the vendor side also follow them to keep tabs on what’s going on in the broader IT landscape. You can check out some of ESG’s videos on their YouTube channel and follow them on the major social media platforms.

The new ESG webinar contains a little over 34 minutes of great content from Bob Laliberte, placing network access security in the broader context of industry topics like digital transformation and IoT adoption. It argues that the attack surface for potential data compromise is growing and suggests some root causes for that dynamic. Bob goes on to cite several drivers for making IT purchase decisions, referencing ESG research to back up his assertions.

Then things really get going as he delves into the core of the subject matte — how commonly used methods for getting BYOD and guest users connected to the network can leave you vulnerable to data and network compromise. (This is something we at Ruckus have been trying to raise awareness about for some time, so it’s great to have ESG validate that perspective.) Bob covers some questions you should ask yourself in relation to network access security. He also makes specific recommendations about how IT teams can improve security in this area.

The Ruckus take on secure network access

Since this is a vendor-sponsored webinar, you probably expect that Ruckus will have something to say on the subject matter, as well. If so, you are correct. Please note that we don’t claim the lion’s share of the airtime though—less than half of the time that Bob spends presenting. The focus here is on his thought-provoking and educational content.

We do take some time at the end to discuss our take on how to plug the security holes inherent to the default methods for getting users and devices connected to the network. This may be giving too much away about the ESG webinar content, but Cloudpath Enrollment System, our SaaS/software for secure onboarding, has security features that address precisely the issues discussed in the webinar.

Conclusion

We’ll wrap up this blog by inviting you again to watch the new on-demand webinar featuring ESG, and reiterate that you don’t need to provide any contact details to view it. It’s a great resource to learn more about network access security issues and how to address them. It can also be a good place to refer others in your organization, who may influence IT strategy, to help them understand the issues. You can also access the companion white paper, either in the form of a dynamic website or a PDF. After that, feel free to check out other resources on the Cloudpath product page. You can even request a live online demo there when you’re ready for a closer look at the product.

Click here to view the original post on Ruckus’ website.

Three ways we’ll change, and three ways we’ll stay the same as part of Thales

Wednesday, April 10th, 2019

 data-id=”4670

This week, Gemalto became part of Thales, It’s the culmination of a phenomenal journey over the last 13 years (and longer, for longstanding Gemplus and Axalto employees), and the starting point for a new stage in our development and the kind of work we’ll be doing.
But amongst all the change, many things will remain very familiar to Gemalto staff, customers, suppliers and partners.

As I look backwards – but mainly forwards, I wanted to reflect on some of the positive changes – and on some of the things that will remain unchanged – as we enter this new era.

Three ways we’ll stay the same:

1. Our vision for digital security remains unchanged as part of Thales. Thales is onboard with our vision and we feel that it will only be accelerated by being part of the group. Our expertise in digital identification and data protection will remain but on top of this we gain experience in Sensors, AI, Big Data. This will help us to gather more data, transfer it securely and make more sense of it in real-time. This will allow our customers to take more intelligent decisions.

2. Our focus on innovation – Gemalto and Thales, and now Gemalto as part of Thales, share a common passion for R&D and customer-focused innovation. Our engineers and researchers are curious and focused on the latest agile practices.

3. Our customer-centric approach. Taking care of our customers, innovating in ways that will make a difference to their bottom line, and so on, is core to the ethos of the combined entity. There’s no question that integrations are busy times, and even amongst the change and the process of bringing the two companies together, a top priority will be our work to ensure that our customers don’t notice what’s happening behind the scenes.

Three ways we’ll change:

1. Our size/reach will shift dramatically. Gemalto will move from being a 15,000 person company to part of an 80,000 person company. Our reach expands from 47 to 68 countries. This gives us access to more people to design, build and sell innovative solutions in more countries around the world.

2. A world of new business ideas. The markets each business are present in will trigger opportunities for collaboration and partnership, as Thales customers benefit from direct, combined access to Gemalto thinking and solutions and vice versa. An example of this is drone traffic management where we can link our expertise in IoT and Thales’ avionics expertise.

3. Boosted R&D capabilities to bring them to market. Our direct investment in R&D grows from €265m to > €1bn and we’re now part of a group with more than 30,000 researchers and engineers. We have many new ideas for new solutions combining technology from Thales & Gemalto that wouldn’t have been possible before.

This change is a positive one for investors, customers, employees, suppliers and more. The combination of our business with Thales’ digital ambitions will help us accelerate our strategy. The future’s bright – it just isn’t orange anymore.

Click here to view the original post on Gemalto’s website

Poor Wi-Fi Can Cause Teachers to Disconnect from Digital Learning

Wednesday, April 10th, 2019

Are teachers really on board (and online) with digital learning? Students look so fearless swiping and tapping on iPads and Chromebooks. Teachers, on the other hand, can look a little shell-shocked when things don’t go as expected. Like when the Wilton middle school in Connecticut debuted online math testing. And the school’s entire Wi-Fi network crashed.

On paper (or tablet), the Wilton Public Schools had done everything right. All the schools were equipped with Wi-Fi before a digital learning curriculum was launched. Sure, there were complaints about connectivity and wait times. But the problems were intermittent, so the school forged ahead.

But think of Wi-Fi as the road in the digital learning roadmap. If the road isn’t designed for heavy traffic, prepare for crashes. When that happens, you may find that teachers are more resistant to digital learning. It’s understandable, when you consider the time that teachers put into creating lesson plans. How precious classroom time is. And the incredible pressure schools face around testing.

The digital learning plan

Lesson learned! The Wilton school administration brought together an IT manager and a digital learning curriculum designer to create an integrated plan: road + roadmap.

Before the next school year began, the new plan was underway. Every classroom in the four schools was equipped with Ruckus APsRuckus ICX switches were installed in wiring closets. The district-wide network is managed from one system— over 9,000 personal devices and over 14,000 wireless devices (including Chromebooks and iPads) were registered in the first school year.

Now if you visit the middle school, you might find fifth graders video chatting with a peer class in Africa. The two classes are collaborating on designing and building a product prototype to solve an energy-related problem. In another school, third graders are learning about Native Americans. As part of the curriculum, each student will take an iPad from a mobile cart and use an online design program to reproduce an archaeological artifact to represent the life of indigenous people, record an audio description using an online voice recorder and create a QR code for an interactive museum.  

Across the district, students produce about half a million documents each month using a wide variety of Google suite applications. And, if you’re wondering, the district easily supports online testing—not just in a single school but district-wide. No traffic congestion. No crashes. And every lane on the new Wi-Fi is a high-speed lane.

When teachers have confidence that applications will load and tests will be administered, they’re more willing to go outside their comfort zones. Would you like to learn more about the Wilton Public Schools Ready Access plan? Or how the district actually saved money on this Wi-Fi project? Read the full case study or watch the video below.

Click here to view the original post on Ruckus’ website.

A New Leader in Data Protection

Wednesday, April 10th, 2019

It’s been an exciting week for everyone at Thales and Gemalto. The combination of our two companies creates the worldwide leader in digital security, protecting more data, transactions and identities than any other company and enabling tens of thousands of organizations to deliver trusted digital services to billions of individuals around the world.

The Leading Data Protection Provider

In addition, this week we launched Thales Cloud Protection & Licensing by bringing together two leading global data protection providers, Thales eSecurity and Gemalto’s Enterprise & Cybersecurity business.

The combination of the Thales eSecurity and Gemalto SafeNet data protection portfolios creates an unrivalled leader in data protection. Our products, including the SafeNet Luna HSM, Thales Vormetric Data Security Platform and Thales payShield, are the recognized de facto standards when it comes to securing data, identities and transactions in any environment.

data-id=”4665

Together, we now have a unique position in the market with global leadership in:

  • General Purpose Hardware Security Modules
  • Payment Hardware Security Modules
  • Cloud Hardware Security Modules
  • Data Encryption and Key Management
  • Encryption for High-Speed Networks

Cloud First, Cloud Ready

Even as we lead the market today, we are also building our services and solutions for the future, especially one that is cloud first. It’s quite clear that more and more businesses are building their entire IT infrastructure on the cloud. And it’s not just startups. Large enterprises like banks are going all in on the cloud. Just recently, Standard Bank of South Africa, the second largest bank in Africa, announced it was going to the cloud with AWS. In addition, recently I met with a CIO at a major international bank who told me that within the next 12-18 months a majority of their workloads will be in the public cloud. Two years ago this would have seemed impossible, but clearly the shift to the cloud is accelerating, even for the most security conscious organizations like banks and financial services companies.

This is why we launched SafeNet Data Protection On Demand, making encryption, key management and hardware security modules available from the cloud as consumable, on-demand services through an online marketplace, from Cloud HSM On Demand and Key Management On Demand to Encryption on Demand services. With SafeNet Data Protection On Demand, security is made simpler. DevOps, security and IT professionals just sign up to create an online account and click on the data protection services they need, including securing CyberArk server keys in an HSM as a key vault or an on demand key brokering service that acts as a custodian of keys for your Salesforce.com environment.

The Acceleration of Innovation

With the additional resources and expertise from the combination of our two companies, we will be able to leverage our combined knowledge and increase our investments in order to accelerate innovation. Together, Thales and Gemalto will have 28,000 engineers and 3,000 researchers. For our customers, our promise will be to ensure they can easily upgrade to the new solutions we develop from the products they use today.

Looking to the future, we are uniquely positioned to help organizations protect the new perimeter, which is the data itself and the users accessing that data. While most security vendors provide services that protect just data or secure access to data, we are the only provider that does both with our data protection and access management services. Our vision is that one day these markets will converge and companies will benefit from an integrated solution that helps them identify their most sensitive data. We actually look forward to a time when security becomes part of the DNA of the data and automatically applies encryption and user access controls.

It’s an exciting time to be a part of Thales Cloud Protection & Licensing. Our ambition is to create the global leader in data protection for a cloud first and digital world.

Welcome to the new era for data protection. Learn more about Thales Cloud Protection & Licensing.

Click here to view the original post on Gemalto’s website

How Wi-Fi 6 is changing the hospitality landscape

Wednesday, April 10th, 2019

I always liked the name Wi-Fi. Some say it comes from Wireless Fidelity. Others say the name was just a fun word play off High Fidelity (for those of us who may own/owned music albums). Wi-Fi was originally designed to support basic network connectivity for limited services such as retail point of sale (POS) transactions in proprietary business environments. Early consumer adoption kicked off in 1999 when Apple adopted the wireless standard, then branded as AirPort, for its iBook, with IBM announcing its support of Wi-Fi a year later for the ThinkPad 1300. Wi-Fi acceptance quickly accelerated with Intel’s launch and branding of the Centrino platform in 2003. Intel’s endorsement and integration significantly simplified connecting wireless clients and helped make Wi-Fi a standard requirement at hospitality suites across the world.

These early iterations of the IEEE 802.11 Wi-Fi standard were relatively limited in terms of speed, spectrum utilization and the efficiency of communications between the access point (AP) and client devices. In fact, the very first iteration of the Wi-Fi standard specified only two raw data rates of 1 and 2 megabits per second (Mbit/s). Fortunately, Wi-Fi has rapidly evolved over the years, bolstered by dedicated memory, faster throughput, and more sophisticated algorithms. Put simply, we’ve been putting bigger engines in our cars. 

The latest Wi-Fi iteration – Wi-Fi 6 (802.11ax) – offers a four-fold increase in speed over its Wi-Fi 5 predecessor, enabling hotels to smoothly stream a range of guest applications including 4-8K video, VR/AR applications, and eSports games. In addition, Wi-Fi 6 supports many devices and systems – including IoT infrastructure, smartphones, tablets, and laptops – in high-density environments such as hospitality rooms, convention centers, gyms and pools.

It is important to emphasize that Wi-Fi 6 (802.11ax) is revolutionary, rather than simply evolutionary. This is because Wi-Fi 6 isn’t just faster than its predecessors, it is smarter (deterministic) and moves away from a ‘first come, first served’ model. Put simply, Wi-Fi 6 isn’t about brute force speed increases, as the new wireless standard prioritizes more effective utilization of spectrum for both Wi-Fi 5 (802.11ac) and Wi-Fi 6 (802.11ax) APs and clients. 

To better understand this concept, let’s think about a carpool lane, with the first two lanes dedicated to Wi-Fi 6 (802.11ax) devices. Let’s imagine 50% of the devices are Wi-Fi 5 (802.11ac) and 50% are Wi-Fi 6 (802.11ax). We put all the Wi-Fi 6 (802.11ax) devices in the carpool lane, allowing them to operate more efficiently. The remaining Wi-Fi 5 (802.11ac) clients benefit because we took half the cars from all the lanes – which frees up contention for the Wi-Fi 5 (802.11ac) devices. This provides higher throughput and performance for networks, allowing everyone to move at 15 miles an hour instead of 10.  

The impact of Wi-Fi 6 in hospitality

Next-generation Wi-Fi 6 APs (802.11ax) have already begun shipping, with IDC forecasting Wi-Fi 6 deployment ramping significantly in 2019 and becoming the dominant enterprise Wi-Fi standard by 2021. Hotels must plan now for the coming tide of guest devices expecting Wi-Fi 6. This new wireless infrastructure is for hospitality guests and property alike, as Wi-Fi 6 significantly improves operational efficiency.

Wi-Fi 6 access points are already changing the hospitality landscape. This is the first major change in Wi-Fi architecture and the long-term benefits will last for years to come. The bottleneck used to be on the client device. Then APs became more powerful and moved the bottleneck back to the client. Now with Wi-Fi 6, the client device and AP are optimized – and the conversation will change to switching in support of these faster communications. I still like the name Wi-Fi and think it keeps getting better with age.

Click here to view the original post on Ruckus’ website.

Manage twice the number of APs and clients with Ruckus Unleashed

Wednesday, April 10th, 2019

Ruckus Unleashed is our easy-to-install, simple-to-manage portfolio of access points (APs) built with the same patented technologies that are present in our enterprise-grade deployments. The eighth version of Unleashed software is a much-anticipated launch for us as we are bringing a major breakthrough in Unleashed scale.

Ruckus Unleashed

With this release, we are doubling the number of clients that a Ruckus Unleashed network can support in a single site. Now, you can deploy up to 50 APs in a single site to support up to 1,024 clients. We are also adding features that will help further simplify the management of Unleashed networks and provide stronger network control.

Let me get into some of the key highlights:

  • Captive portal customization: Connect customers to your brand through a personalized access to Wi-Fi.
  • AP groups: Apply multiple configuration profiles to different groups of APs.
  • Bonjour Fencing: Provides a mechanism to limit the scope of Bonjour service discovery in the physical/spatial domain.
  • Favorite client support: Mark a client as “favorite” to receive notifications when the client connects or disconnects.
  • Merge guest and social media WLAN types: Social media WLANs are now a subcategory of guest WLAN rather than being a separate WLAN type as in previous releases.

This is only the tip of the iceberg. Visit the Ruckus Unleashed support site to learn about all the 200.7 features in detail.

In addition, we have also updated our mobile app with the new 200.7 features. Upgrade your Unleashed APs and Ruckus Unleashed Mobile App to the latest version to find out more. We take great pride in our APs—the best in business.

We are expanding the Unleashed portfolio with following APs:

  • M510: Mobile Indoor 802.11ac Wave 2 2×2:2 Wi-Fi AP with LTE Backhaul
  • R320: Indoor 802.11ac Wave 2 2×2:2 Wi-Fi AP

Now, who says you can’t have an enterprise Wi-Fi that is easy to deploy, simple to manage and affordable? Make sure to check out all the excitement here.

Click here to view the original post on Ruckus’ website.