Posts Tagged ‘ IT ’


Corporate departments act on their own, contending IT is too slow in creating a path to cloud services

IT departments need to watch out for business units or even individual workers going rogue and bypassing IT to go straight to the cloud.

Theres a tug-of-war tension in the enterprise right now, said Gartner analyst Lydia Leong. IT administrators very rarely voluntarily want to go with the public cloud. I call this the turkeys dont vote for thanksgiving theory. The people who are pushing for these services are not IT operations people but business people.

When marketing, events or other corporate business units conclude that IT is dragging its feet on the way to the cloud, the contract for the services themselves. IT often doesn’t discover the move until oit shows up in the tech expenses papers.

Right now business strength lies in going around IT, said Rob Enderle, an analyst at the Enderle Group.

Enterprise IT often sees the cloud as a risk. If you go to a large IT meeting, theyll generally place the public cloud as one of their top three or four threats because their line organizations, like marketing or manufacturing, go around IT to set up their own cloud service deals. They can get something cheaper and faster than they could by going through IT but its probably not compliant, he added.

Several analysts said theyve talked with enterprise IT executives who are facing such issues. None of the execs, though, want anyone to know its happening to them.

Jeff Kagan, an independent analyst, said the problem lies in the fact that these are still the early days of corporate cloud services use. Companies lack rules for the technology and users are more eager than IT try it out.

This is the wild, wild West where there are no rules, he added. People are used to storing their own information on their own laptop. Storing it on the cloud doesnt seem to them all that different from what theyve been doing. Were stepping into this cloud world bit by bit and every company has different challenges. This affects many of them.

The Bring Your Own Device (BYOD) trend has contributed to the user push to the cloud, analysts say.

People have gotten pretty comfortable using their own smartphones and tablets at work. IT has had to adapt and learn to manage a network that theyre not totally able to control.

People, who dont want to wait for IT to catch up will contact companies like Google or Amazon directly and simply start storing data in the cloud.

It’s also about departments using clouds to get around budget constraints and a lack of capacity in IT, said Dan Olds, an analyst at Gabriel Consulting Group.

In a lot of ways, this reminds me of the 90′s when departments went wild with building their own data centers and IT capabilities. In a lot of cases, that resulted in higher costs, security vulnerabilities, and poor integration, Olds said.

When IT is left out, its personnel has no idea how secure the clouds are or exactly where the information is being stored. It also means IT can’t negotiate the best deal — one that could encompass many different departments or data stores.

Best case, organizations might end up spending more on cloud services than they would if they mounted the service on systems the data center already owns, said Olds. Worst case, the organization could find that critical data is now outside their firewall and perhaps could be accessed by folks who shouldn’t be able to see it.

Since analysts doubt IT can stop businesses from bypassing them on a whole-scale level, they say the tech execs need to set up strong cloud governance policies.

Its not really acceptable for IT to say no when someone wants to use the cloud, said Leong. They need to set up service agreements with approved providers and set up controls for how secure information needs to be. How do they provide risk management? How do they make this work instead of just saying, You cant do this.

Every time we take a step further into the information age, its unprotected, said Kagan. IT says theyre swamped just keeping everyone connected. They dont really have the time to proactively protect against future threats. They have to make the time.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCSE Training at certkingdom.com

 

Just because BYOD has become normal operating process in most workplaces doesn’t mean the practice has stopped up causing dispute for IT.

Take San Francisco-based law firm Hanson Bridgett LLP, for example, whose attorneys perform legal work in the healthcare business and must adhere to the federal HIPAA and the HiTech Act standards, amongst others. According to the firm’s IT director Chris Fryer, that income the Apple and Android smart phones and tablets that its attorneys use need to be managed so that the business data on them is encrypted and can be wiped if wanted. But no one wants to interfere with the personal data on those privately owned mobile devices.

“We run just the business data and leave the rest alone,” says Fryer. That’s done by using mobile-device management (MDM) software from Good Technology and its “containerization” part so that the business apps and data on every machine is encrypted and cordoned off from the individual data.

But as much as Fryer has establish the Good Technology MDM to be effectual, there are still hurdles, he says. Each MDM vendor’s APIs for containerization need to be supported in the mobile apps, which is not always the case, he says.

“It’s an imperfect word,” says Fryer, noting that lack of standards in MDM and mobile apps combined with the plethora of MDM vendors — by some counts there are more than 150 — has made this a tough terrain.

In addition, Fryer points out his law firm relies on Microsoft Office applications to prepare complex legal documents. But Microsoft didn’t launch Office for iPad until late March, and in a way that’s tied to a subscription for Microsoft 365 cloud service. Fryer is watching how that will unfold. “We’re trying hard to edit documents on an iPad,” says Frye. “We want to make sure that will happen in a container.”

Fryer says there also can be issues with how e-mail clients work with MDM.

“Some MDM vendors allow you to use the native e-mail client,” says Fryer. “You can put up Google mail and also your corporate e-mail for that.” But Frye says the Good Technology containerization requires the use of Good’s email component to securely control e-mail, which can be problematic to end users accustomed to something else.

All of these challenges mean that despite the positive experience that the law firm has had with Good’s MDM technology, there’s still cause to keep an eye out for something new. Many businesses are up for trying new BYOD security possibilities for e-mail and calendaring.

First United Security Bank, based in Alabama, has long been in the practice of making sure any desktop e-mail with sensitive data is encrypted when sharing with business partners. That’s done with the ZixCorp e-mail encryption service that lets pre-authorized senders and receivers encrypt and decrypt e-mail.

Now, about two dozen employees have received approval for BYOD use, says Phillip Wheat, CIO at First United Security Bank. But these BYOD-approved employees must add the Zix Mobile App 1.0 to their personal Apple or Android device. This allows them to view e-mail attachments but not save attachments to their mobile devices. Wheat says this eliminates the need to have to remotely wipe an employee’s device if it’s lost or stolen.

Several security vendors are coming up with ways to extend their basic product or service to accommodate BYOD security. Dell is tying BYOD security controls to its SonicWall E-Class Appliance by introducing enterprise mobility software for Google Android or Apple iOS. This Dell software, called Secure Mobile Access 11.0 with Mobile Connect App, lets the IT manager set up a way to selectively apply customized VPN controls only to the corporate apps, not the employee’s personal apps. Dell is looking at adding the Windows mobile platform.

Jay Terrell, chief technology officer for Fulton County in Georgia, is a SonicWall customer who may start using this BYOD mobility approach. But he adds the county is still working on devising a BYOD strategy as it migrates off corporate-issued BlackBerries primarily to Android use. In the past, the county has allowed some limited BYOD use if the employee consents to use AirWatch MDM software.

However, not all organizations are migrating off BlackBerry. In fact, parts of the Australian government, for instance, are adopting the BlackBerry Enterprise Service 10 for mobility, with a big emphasis on BYOD, because of its secure multi-platform containerization technology, called BlackBerry Secure Work Space for iOS and Android. In March, this BlackBerry containerization technology received the U.S. government’s Federal Information Processing Standard (FIPS) 140-2 certification issued by the National Institute of Standards and Technology.

Gary Pettigrove, chief information officer at the Australian National Audit Office, which has 350 employees, is supporting BYOD for over 50 staff members and expects to have more than 200 in BYOD mode later this year. User preference in BYOD dictates the technology choices, but users must allow their personal devices to be managed for security purposes by the IT group.

“The IT team controls the BlackBerry service and fleet through a central administration portal,” says Pettigrove. “No one can join the service without first submitting their handset for configuration and setting up BlackBerry’s Secure Work Space. This is containerization, application-wrapping and secure connectivity options, allowing us to secure and control employees’ iOS and Android devices via the BES10 administration console.”

Pettigrove says BYOD is clearly benefiting staff productivity and employee satisfaction. It also appears to be helping reduce technology costs.
BYOD and network-access control

What might be surprising to some is how Microsoft actively supports a BYOD program that doesn’t deny employees any choice of mobile computing device, including smartphones and tablets from Apple and Android.

BYOD on a large scale was a decision made a few years ago to “embrace what’s coming” in terms of worker preferences and productivity, says Bret Arsenault, chief information security officer at Microsoft. Today, about 90,000 devices are “personally owned” by Microsoft employees and used for business purposes, including email and document editing. But it’s not that just anything goes with BYOD, Arsenault emphasizes. “Security is not an afterthought.”

Microsoft does mandate encryption and can extend a wipe capability to corporate data through use of its own service, Windows Intune. “We’re effectively securing the data — segregating and protecting the data on the device when it’s not owned by the business,” says Tim Rains, Microsoft directory of Trustworthy Computing. Microsoft uses Intune across the enterprise, testing out new features before they’re generally available.

According to Arsenault, the Microsoft BYOD strategy involves “certifying a set of capabilities, not the device.” Through the certificate-based Intune agent software, Microsoft can set limits related to a PIN timeout policy and manage the key that provides access to encrypted data. Education and training on use of BYOD in business is also an element in all this. “It’s the base minimum,” he notes.

But BYOD is not usually accorded the same level of trust as corporate-issued devices. And BYOD is subject to specific network-access controls on the Microsoft enterprise network which is set up under a model called “variable user experience” based on the identity of the device and the location, says Arsenault. In this, Microsoft recognizes security levels tied to on-network, off-network, wireless and Internet. Sometimes BYOD users don’t get the same access as they might with a corporate-issued device, depending on the sensitivity of the resource.

Gartner analyst Lawrence Orans says it’s a common security practice associated with BYOD to set up policies for mobile-device management based on network-access control. But one of the challenges in all this is that the various MDM vendors have specific partnerships with specific NAC vendors and when you pick NAC, “you’re also picking the MDM. If you pick the MDM first, you also limit the NAC partnership,” he points out.

The big players in NAC, including Cisco, ForeScout and Aruba Networks, each have several partnerships with MDM vendors, typically partnering with the MDM vendor to create integrated NAC and MDM client software. But there are a lot more MDM vendors than NAC vendors, Orans points out, advising enterprise IT managers to choose carefully if they’re supporting NAC, too.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCP Training at certkingdom.com