Posts Tagged ‘ practice ’


Just because BYOD has become normal operating process in most workplaces doesn’t mean the practice has stopped up causing dispute for IT.

Take San Francisco-based law firm Hanson Bridgett LLP, for example, whose attorneys perform legal work in the healthcare business and must adhere to the federal HIPAA and the HiTech Act standards, amongst others. According to the firm’s IT director Chris Fryer, that income the Apple and Android smart phones and tablets that its attorneys use need to be managed so that the business data on them is encrypted and can be wiped if wanted. But no one wants to interfere with the personal data on those privately owned mobile devices.

“We run just the business data and leave the rest alone,” says Fryer. That’s done by using mobile-device management (MDM) software from Good Technology and its “containerization” part so that the business apps and data on every machine is encrypted and cordoned off from the individual data.

But as much as Fryer has establish the Good Technology MDM to be effectual, there are still hurdles, he says. Each MDM vendor’s APIs for containerization need to be supported in the mobile apps, which is not always the case, he says.

“It’s an imperfect word,” says Fryer, noting that lack of standards in MDM and mobile apps combined with the plethora of MDM vendors — by some counts there are more than 150 — has made this a tough terrain.

In addition, Fryer points out his law firm relies on Microsoft Office applications to prepare complex legal documents. But Microsoft didn’t launch Office for iPad until late March, and in a way that’s tied to a subscription for Microsoft 365 cloud service. Fryer is watching how that will unfold. “We’re trying hard to edit documents on an iPad,” says Frye. “We want to make sure that will happen in a container.”

Fryer says there also can be issues with how e-mail clients work with MDM.

“Some MDM vendors allow you to use the native e-mail client,” says Fryer. “You can put up Google mail and also your corporate e-mail for that.” But Frye says the Good Technology containerization requires the use of Good’s email component to securely control e-mail, which can be problematic to end users accustomed to something else.

All of these challenges mean that despite the positive experience that the law firm has had with Good’s MDM technology, there’s still cause to keep an eye out for something new. Many businesses are up for trying new BYOD security possibilities for e-mail and calendaring.

First United Security Bank, based in Alabama, has long been in the practice of making sure any desktop e-mail with sensitive data is encrypted when sharing with business partners. That’s done with the ZixCorp e-mail encryption service that lets pre-authorized senders and receivers encrypt and decrypt e-mail.

Now, about two dozen employees have received approval for BYOD use, says Phillip Wheat, CIO at First United Security Bank. But these BYOD-approved employees must add the Zix Mobile App 1.0 to their personal Apple or Android device. This allows them to view e-mail attachments but not save attachments to their mobile devices. Wheat says this eliminates the need to have to remotely wipe an employee’s device if it’s lost or stolen.

Several security vendors are coming up with ways to extend their basic product or service to accommodate BYOD security. Dell is tying BYOD security controls to its SonicWall E-Class Appliance by introducing enterprise mobility software for Google Android or Apple iOS. This Dell software, called Secure Mobile Access 11.0 with Mobile Connect App, lets the IT manager set up a way to selectively apply customized VPN controls only to the corporate apps, not the employee’s personal apps. Dell is looking at adding the Windows mobile platform.

Jay Terrell, chief technology officer for Fulton County in Georgia, is a SonicWall customer who may start using this BYOD mobility approach. But he adds the county is still working on devising a BYOD strategy as it migrates off corporate-issued BlackBerries primarily to Android use. In the past, the county has allowed some limited BYOD use if the employee consents to use AirWatch MDM software.

However, not all organizations are migrating off BlackBerry. In fact, parts of the Australian government, for instance, are adopting the BlackBerry Enterprise Service 10 for mobility, with a big emphasis on BYOD, because of its secure multi-platform containerization technology, called BlackBerry Secure Work Space for iOS and Android. In March, this BlackBerry containerization technology received the U.S. government’s Federal Information Processing Standard (FIPS) 140-2 certification issued by the National Institute of Standards and Technology.

Gary Pettigrove, chief information officer at the Australian National Audit Office, which has 350 employees, is supporting BYOD for over 50 staff members and expects to have more than 200 in BYOD mode later this year. User preference in BYOD dictates the technology choices, but users must allow their personal devices to be managed for security purposes by the IT group.

“The IT team controls the BlackBerry service and fleet through a central administration portal,” says Pettigrove. “No one can join the service without first submitting their handset for configuration and setting up BlackBerry’s Secure Work Space. This is containerization, application-wrapping and secure connectivity options, allowing us to secure and control employees’ iOS and Android devices via the BES10 administration console.”

Pettigrove says BYOD is clearly benefiting staff productivity and employee satisfaction. It also appears to be helping reduce technology costs.
BYOD and network-access control

What might be surprising to some is how Microsoft actively supports a BYOD program that doesn’t deny employees any choice of mobile computing device, including smartphones and tablets from Apple and Android.

BYOD on a large scale was a decision made a few years ago to “embrace what’s coming” in terms of worker preferences and productivity, says Bret Arsenault, chief information security officer at Microsoft. Today, about 90,000 devices are “personally owned” by Microsoft employees and used for business purposes, including email and document editing. But it’s not that just anything goes with BYOD, Arsenault emphasizes. “Security is not an afterthought.”

Microsoft does mandate encryption and can extend a wipe capability to corporate data through use of its own service, Windows Intune. “We’re effectively securing the data — segregating and protecting the data on the device when it’s not owned by the business,” says Tim Rains, Microsoft directory of Trustworthy Computing. Microsoft uses Intune across the enterprise, testing out new features before they’re generally available.

According to Arsenault, the Microsoft BYOD strategy involves “certifying a set of capabilities, not the device.” Through the certificate-based Intune agent software, Microsoft can set limits related to a PIN timeout policy and manage the key that provides access to encrypted data. Education and training on use of BYOD in business is also an element in all this. “It’s the base minimum,” he notes.

But BYOD is not usually accorded the same level of trust as corporate-issued devices. And BYOD is subject to specific network-access controls on the Microsoft enterprise network which is set up under a model called “variable user experience” based on the identity of the device and the location, says Arsenault. In this, Microsoft recognizes security levels tied to on-network, off-network, wireless and Internet. Sometimes BYOD users don’t get the same access as they might with a corporate-issued device, depending on the sensitivity of the resource.

Gartner analyst Lawrence Orans says it’s a common security practice associated with BYOD to set up policies for mobile-device management based on network-access control. But one of the challenges in all this is that the various MDM vendors have specific partnerships with specific NAC vendors and when you pick NAC, “you’re also picking the MDM. If you pick the MDM first, you also limit the NAC partnership,” he points out.

The big players in NAC, including Cisco, ForeScout and Aruba Networks, each have several partnerships with MDM vendors, typically partnering with the MDM vendor to create integrated NAC and MDM client software. But there are a lot more MDM vendors than NAC vendors, Orans points out, advising enterprise IT managers to choose carefully if they’re supporting NAC, too.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCP Training at certkingdom.com

New CEO Satya Nadella comes out swinging on ‘cloud first, mobile first’ strategy

As expected, Microsoft CEO Satya Nadella today hosted a press conference where the company unveiled Office for iPad, breaking with its past practice of protecting Windows by first launching software on its own operating system.

CEO Satya Nadella expounded on Microsoft’s ‘cloud first, mobile first’ strategy today as his company unveiled Office for iPad as proof of its new platform-agnosticism.

Three all-touch core apps — Word, Excel and PowerPoint — have been seeded to Apple’s App Store and are available now.

The sales model for the new apps is different than past Microsoft efforts. The Office apps can be used by anyone free of charge to view documents and present slideshows. But to create new content or documents, or edit existing ones, customers must have an active subscription to Office 365.

+ ALSO ON NETWORK WORLD Trial Microsoft software and services — for free +

Microsoft labeled it a “freemium” business model, the term used for free apps that generate revenue by in-app purchases.

Today’s announcement put an end to years of speculation about whether, and if so when, the company would trash its strategy of linking the suite with Windows in an effort to bolster the latter’s chances on tablets. It also reversed the path that ex-CEO Steve Ballmer laid out last October, when for the first time he acknowledged an edition for the iPad but said it would appear only after a true touch-enabled version had launched for Windows tablets.

It also marked the first time in memory that Microsoft dealt a major product to an OS rival of its own Windows.

“Microsoft is giving users what they want,” Carolina Milanesi, strategic insight director of Kantar Worldpanel ComTech, said in an interview, referring to long-made customer demands that they be able to run Office on any of the devices they owned, even those running a Windows rival OS. “The connection to Office 365 was also interesting in that this puts users within Microsoft’s ecosystem at some point.”

Prior to today, Microsoft had released minimalist editions of Office, dubbed “Office Mobile,” for the iPhone and Android smartphones in June and July 2013, respectively. Originally, the iPhone and Android Office Mobile apps required an Office 365 subscription; as of today, they were turned into free apps for home use, although an Office 365 plan is still needed for commercial use.

Talk of Office on the iPad first heated up in December 2011, when the now-defunct The Daily reported Microsoft was working on the suite, and added that the software would be priced at $10 per app. Two months later, the same publication claimed it had seen a prototype and that Office was only weeks from release.

That talk continued, on and off, for more than two years, but Microsoft stuck to its Windows-first strategy. Analysts who dissected Microsoft’s moves believed that the company refused to support the iPad in the hope that Office would jumpstart sales of Windows-powered tablets.

Office’s tie with Windows had been fiercely debated inside Microsoft, but until today, operating system-first advocates had won out. But slowing sales of Windows PCs — last year, the personal computer industry contracted by about 10% — and the continued struggles gaining meaningful ground in tablets pointed out the folly of that strategy, outsiders argued.

Some went so far as to call Windows-first a flop.

Microsoft has long hewed to that strategy: The desktop version of Office has always debuted on Windows, for example, with a refresh for Apple’s OS X arriving months or even more than a year later.

Microsoft today added free Word, Excel and PowerPoint apps for the iPad to the existing OneNote.

On his first day on the job, however, Nadella hinted at change when he said Microsoft’s mission was to be “cloud first, mobile first,” a signal, said analysts, that he understood the importance of pushing the company’s software and services onto as many platforms as possible.

Nadella elaborated on that today, saying that the “cloud first, mobile first” strategy will “drive everything we talk about today, and going forward. We will empower people to be productive and do more on all their devices. We will provide the applications and services that empower every user — that’s Job One.”

Like Office Mobile on iOS and Android, Office for iPad was tied to Microsoft’s software-by-subscription Office 365.

Although the new Word, Excel and PowerPoint apps can be used free of charge to view documents and spreadsheets, and present PowerPoint slideshows, they allow document creation and editing only if the user has an active Office 365 subscription. Those subscriptions range from the consumer-grade $70-per-year Office 365 Personal to a blizzard of business plans starting at $150 per user per year and climbing to $264 per user per year.

Moorhead applauded the licensing model. “It’s very simple. Unlike pages of requirements that I’m used to seeing from Microsoft to use their products, if you have Office 365, you can use Office for iPad. That’s it,” Moorhead said.

He also thought that the freemium approach to Office for iPad is the right move. “They’ve just pretty much guaranteed that if you’re presenting on an iPad you will be using their apps,” said Moorhead of PowerPoint.

Moorhead cited the fidelity claims made by Julie White, a general manager for the Office technical marketing team, who spent about half the event’s time demonstrating Office for iPad and other software, as another huge advantage for Microsoft. “They’re saying 100% document compatibility [with Office on other platforms], so you won’t have to convert a presentation to a PDF,” Moorhead added.

Document fidelity issues have plagued Office competitors for decades, and even the best of today’s alternatives cannot always display the exact formatting of an Office-generated document, spreadsheet or presentation.

Both Milanesi and Moorhead were also impressed by the strategy that Nadella outlined, which went beyond the immediate launch of Office for iPad.

“I think [Satya Nadella] did a great job today,” said Milanesi. “For the first time I actually see a strategy [emphasis in original].

“Clearly there’s more to come,” Milanesi said. “It was almost as if Office on iPad was not really that important, but they just wanted to get [its release] out of way so they could show that there’s more they bring to the plate.”

That “more” Milanesi referred to included talk by Nadella and White of new enterprise-grade, multiple-device management software, the Microsoft Enterprise Mobility Suite (EMS).

“With the management suite and Office 365 and single sign-on for developers, Microsoft is really doing something that others cannot do,” Milanesi said. “They made it clear that Microsoft wants to be [enterprises’] key partner going forward.”

Moorhead strongly agreed. “The extension of the devices and services strategy to pull together these disparate technologies, including mobile, managing those devices, authenticating users for services, is something Microsoft can win with. It’s a good strategy,” Moorhead said.

“This was the proof point of delivering on the devices and services strategy,” Moorhead concluded. “And that strategy is definitely paying off.”

Office for iPad can be downloaded from Apple’s App Store. The three apps range in size from 215MB (for PowerPoint) to 259MB (for Word), and require iOS 7 or later.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com