Cloud Multi-Factor Authentication on the Rise as Organizations Embrace BYOD

Posted by: Admin  :  Category: Web Hosting News

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

Multi-factor authentication (MFA) is now used by the majority of employees at 37 percent of organizations, and that number will reach 56 percent by 2016, according to SafeNet’s 2014 Global Annual Authentication Survey released this week. Thirty-percent of organizations used multi-factor authentication in 2013.

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony


Web Hosting Talk News

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

Bring Your Own Device (BYOD): #8 Tips From the Field For a Successful BYOD Adoption

Posted by: Admin  :  Category: Web Hosting

Last week we have received a support request telling that a user is being locked from the Active Directory continuously. We turned to the user (who was very annoyed) and asked her about any mobile phone or tablet that she may be using that has the corporate email account defined. She told us that she used to be using a Nokia feature phone but she has switched to iPhone and not using the Nokia anymore. We kept that and began investigating the issue by the logs and saw that she was receiving “bad password” error in every five minutes with +/- 15 seconds of difference. Digging deeper, we saw that the bad password was coming from the Exchange Server, logs directing to the hardware load balancer. When we took a network capture from the load balancer. We have narrowed to log to the second that the account received a bad password error from the Active Directory to see the IP address that made the connection. And voila! The IP address that we found belonged to an IP from a mobile carrier. Once again we turned to the user and told that a device that belonged to her, connected to that mobile carrier is trying to connect with a wrong password. She told us that she had given her Nokia phone to the repair shop and most probably the shop is testing the phone. Ticket is closed.

The whole process showed us one thing: not having a Bring-Your-Own-Device is an invitation for a disaster and not taking the necessary steps is insisting on having a disaster. This support request could easily turn to be a crisis and even downtime. As I have discussed thoroughly in the article series, these disasters can be avoided.

Before rolling out the BYOD policies, make sure that you reevaluate your existing infrastructure. This includes password change policy, existing devices that will handle the additional load which will come from the employees’ devices, firewalls etc.. Consumer-grade devices will not be able to cope with the new devices’ loads: wireless access points will serve more devices, servers will answer more queries and switches, routers and firewalls will handle more traffic. Also the network bandwidth has to be upgraded.

Supported devices and the platforms and the level of support has to be clearly defined. At one point, you will inevitably find yourself trying to cope with various Windows and Mac OS releases, Linux Distributions, iOS, Android, BlackBerry versions, ChromeOS and God knows what else. Also you are not guaranteed that the users will be using the default applications; for example what will your answer be if a user opens a ticket that says he cannot sync his Google calendar with the company’s Exchange calendar using a third-party calendaring application on a supported Android release? Limit supported devices and supported applications. Or go mad.

Next on the list is employee training, which I have spoken extensively in my previous article. The training can turn out to be a “BYOD 101” class, but it is necessary. In terms of user/device security, keeping antimalware applications updated, keeping their data secure on untrusted networks and various other security issues should be clearly communicated. The users should be reminded that failing to comply with these could expose all the enterprise network to exploits. It is easy to train the users in advance rather than dealing with the aftermaths of a breach later.

Requiring device registration is a must. A simple registration form asking the device make, model, MAC address, mobile carrier and the user is enough. Considering the case above, with this information, we could easily figure out the device itself. Considering the overall infrastructure, this information would help us track the users who are bringing their devices, who are abusing the policy, block offending users and even block the devices.

As I have told in the second article in the series, BYOD is a swift revolution and it is not possible to stand against it. It is not time for the administrators to complain about the incoming devices and the anticipated headaches. It is time for the management to sit down, understand the BYOD trend and take the necessary steps to lessen the load both on the users and the IT personnel. With these tips, I cannot say that your company’s BYOD adoption will be painless, but I can guarantee that following these tips will lessen the pain.

Web Hosting Geeks’ Blog

Bring Your Own Device (BYOD): #7 BYOD Training

Posted by: Admin  :  Category: Web Hosting

When the company works out the policies and procedures to the BYOD initiative, the next step is to start the company-wide training. The training needs to communicate the way the company will handle the BYOD transition. There are two types of employees that will be partıcularly harder to manage: the senior management who thinks the rules don’t apply to them and the youngsters who think the rules are there just to be bypassed. The company has to communicate clearly that the breach of the policies will be “treated appropriately” during the training sessions.

The first element in the training session should be the BYOD initiative: how it started, how it happened and why it is important for the company. Then the company’s acknowledgement of the initiative and its way of managing it should be clearly communicated. This introduction to the training will help the employees understand the company’s decisions better.

The next thing is to discuss the BYOD initiative in terms of supported devices, supported mobile operating systems, supported access to the company’s network and supported applications on the employee devices. It is important to tell the employees why and how such supported platforms are decided; for example the newer version of the productivity application is not yet supported because it has incompatibilities with a certain plugin used throughout the company.

Since BYOD is about employees' own devices, training sessions are where the company has the chance to  communicate with the employees about the policies.

Since BYOD is about employees’ own devices, training sessions are where the company has the chance to communicate with the employees about the policies.

Reimbursements are better covered in the training sessions. Almost all employees will be questioning how the company-related expenses (call minutes, data use, SMSs) will be handled. It is better to talk about all the reimbursements in detail, including how the employees will apply for them (experience: a hands-on exercise on reimbursement application will calm everyone down and keep their focus on the training).

Corporate access, security, data ownership, and employee responsibility has to be covered in the training (experience: since the whole issue will be boring to the most of the employees, it is better to talk about the main points shortly and have a Q&A session in the remaining time). The corporate access and security part should cover how the employees access the corporate network from the corporate Wi-Fi and from the public/hotel Wi-Fi, device password and loss/theft of the device. (I also recommend to include the Virtual Private Network (VPN), access to Customer Relationship Management (CRM) and automation tools (if any, such as SalesForce) in the session. Users may already be familiar with these systems but putting them into training is what’s important.) The data ownership should cover the corporate/personal e-mail, social networks, corporate/personal contacts and the company data on the employee-owned device. The employee responsibility is the part where the technical details, such as logging in to the corporate network, receiving software, applications and updates, the responsibilities to comply with the policies and the results of breaching the policies should be clearly defined.

The employees should be aware of the Enterprise Mobility Management (EMM) application that the company uses. The main misconception with the EMM application is about having someone else – the corporate IT in this case – managing a personal device. During the training session, talking about the EMM application, why it is there, what it does, how it manages the devices and how will the BYOD user will benefit from the application will be wholesome to both the company and the employee in clearing out the misconceptions.

Finally, the training session should include how the corporate support will be provided to the BYOD users. The points that should be emphasized should be the level of support for everyday use for each device, the escalation paths and the support cases with lost/stolen devices. If a self-service portal is already available on the corporate Intranet, it is better to inform and point the users to the portal during the training.

As many things in the life, BYOD is not a destination, rather it is a gateway to many possibilities. Once the companies take solid steps to BYOD implementation, most probable next step will be the mobilization of the corporate data. By this, I do not mean mobile access to corporate resources, as I have covered through the BYOD series. Rather, I mean shaping the enterprises for the mobility – from in-house developed applications to the Big Data infrastructure. From today, it is important to have a solid understanding of the mobile future and plan for it.

References

Web Hosting Geeks’ Blog

Bring Your Own Device (BYOD): #6 BYOD Project Management

Posted by: Admin  :  Category: Web Hosting

When the company is done with setting up the BYOD path, the next thing is to get it going. To successfully implement the BYOD the transition, it is better to put it in a formal project context and form a cross-platform, cross-skill team to manage the technology, security, financial implications of the transition.

Although BYOD initiative looks basically an IT-related issue, access to the corporate resources via employee-owned devices complicates the project. Naturally, in order to form a successful BYOD transition project, the project team will need to be formed. I recommend the project team to be formed from various departments and from various skill levels. At the very least, the project team is better formed by a person from the management, one from the IT department, one from the accounting/finance department, one tech-savvy user (better if an early adopter) and one late adopter. Not only having different perspectives from different departments will address many issues before they happen, but also they will better enforce the project outcomes throughout the company.

The project team will answer the simple questions that I have discussed so far in the series:

  • What are the current policies with employee-owned devices?

  • What are the business goals in implementing BYOD?

  • How will the risks be managed?

  • Which devices/operating systems will be supported?

  • Will there be exceptions with certain departments/personnel? [warehouse, off-site, customer-facing personnel etc..]

Reimbursement is where you will need to spend some time to make it fair for both the company and the employee.

Reimbursement is where you will need to spend some time to make it fair for both the company and the employee.

The answers to these questions will form the outlines of the BYOD project. After the outline is defined, there will still be some more issues here and there that will need to be worked out. These issues are not less important but they need to be considered “inside the outlines” of the project. That means, if one issue contradicts one outline, it either needs to be rejected or the outline is to be reevaluated.

Data ownership, which can be considered inside the risk management is where the project team needs more support. Having corporate and proprietary data on employee owned devices is a nightmare that should be properly managed. I recommend adding someone from the legal department (or the company’s lawyer), a representative from the content owners and an employee from the information security team. From my personal experience, I would like to emphasize that the perspective of the team should be enabling the business, rather than restricting it, which is clearly the easier way (I have yet to see one company which that does not happen). If the company chooses to restrict, the employees will find a way to circumvent the restriction.

The outcomes from the policies should also be delivered to the help desk. The help desk policies and procedures need to be revised according to the BYOD policies. In addition, the procedures to support the BYOD users has to be defined and written. Again, from my experience, before handing things over to the help desk, I recommend publishing self-service guides on the company Intranet. At the very least, having corporate e-mail account setup guides that cover different devices [Android, iOS, Windows Mobile and BlackBerry] will cut the help desk calls almost in half.

Financial elements, especially the operating expenses is another issue. Think about the following: most probably the employee owned devices will have one SIM card. But the employee will use the same device for both personal and work related issues, meaning that the calls, data and messages will be under one invoice. Here, the BYOD project has to clearly define the reimbursements to the employee. The input from the accounting/finance department at this point will be crucial.

Once these issues are worked out, the next step is to document them clearly. Considering the very nature of the advancements in the consumer technologies, the documentation also needs to address the continuous evaluation and revisioning cycles. The evaluation has to start from the launch date and take both the feedback from the employees and reports from the Enterprise Mobility Management application into account. In a world where changes happen and adapted overnight the policies and documentation should be reviewed and updated frequently. I believe that in current business environment, quarterly evaluation and update of the policies will be enough for almost all companies.

References

Web Hosting Geeks’ Blog

Bring Your Own Device (BYOD): #5 More Than Just Security

Posted by: Admin  :  Category: Web Hosting

There are many companies which try to resist BYOD just because of the security implications. Although I see this resistance futile, it is there to stay for some time more (I have discussed this in the first two articles:  #1 Web of Things and #2 The Swift Revolution).

If you remember, in my article titled “The Corporate Face” I have taken the view from a Chief Technology Officer’s (CTO) perspective and asked the questions which the CTO will have to answer with her IT team. The questions that I asked in the article were mainly technical questions, which the majority of them that could be solved with simple procedures.

In this article, I will try to explore the gray areas of the BYOD initiative without touching security. I will try to see what additional topics should the IT departments be discussing to support the myriad of different devices which come with myriad of operating systems (and operating system versions). I will also keep the perspective of company-subsidized devices, together with the employees’ own devices.

The device is a whole discussion in itself. Which devices – the brands – will the company support. You may argue that in terms of support, it is the operating system that should be considered today, rather than the hardware vendor. Not completely true. The consumer-grade vendors act according to the consumer rather than the enterprise preferences. Consumers like to have the cutting-edge devices and can renew them yearly, even more frequent, depending on their budget. When thinking about their own budget, they do not think too much about servicing, maintenance and procurement. They also do not think about the lost/stolen devices, which they can easily cover with an insurance. These are some of the cases which the consumer and enterprise preferences do not align. In the case of company-subsidized devices, where the company has some control over the purchase of devices, the budget, lost/stolen device and the servicing issues has to be clearly discussed and laid down in procedures. Having an approved device manufacturer list is likely to assist both the corporate IT and the employees.

Shattered iPhone

Ruggedized devices may look ugly, but  surelyyou do not want to end up like this,

Of course the device selection is not constrained to what I have just talked about. If you are a company having operations outside the shiny business offices, then you need to think about ruggedized devices. iDevices, glaring notepads are simply too fragile for warehouses, construction sites, air-cooling rooms and any other places where the device will be subject to rough handling. In such areas, the company has to have thick borders with the choice of devices. If the employee drops the company-subsidized iDevice to the concrete in the warehouse, she has to bear the burden to fix it from her own budget.

There is of course the issue with the proper and professional use of the devices. In almost all companies without an exception, I have seen executives using company-issued devices personally. This includes having unsupported applications installed on notebooks, photos of family eating up  the phone’s storage and the like. Reasonably, I cannot say that the employees must have a separate device for business and another one for business. Nobody, including me, will prefer to carry two devices where both can do the same thing. But there are applications to overcome this problem, which allow you to separate your work and personal life on one device (one of them is Divide). The company can force the users to have such software installed on their  company-subsidized devices.

Think of these applications as virtual machines running on the devices. Business-related data – applications, user-created content, shared data – is completely isolated from the personal data (technically, such applications create an encrypted partition where the business-related data is stored and managed). They solve the problem of data ownership and application management.

Of course these discussions cannot be thought at the IT-level only. The discussions are far from the CIO level, encompassing the whole company overall, especially the B- and C-level executives. If the IT department does not have the agreement and support of these executives, then the company has more to think about than the BYOD. How will you enforce policies on your staff when your B- and C- level executives disregard them?

References

Web Hosting Geeks’ Blog

Bring Your Own Device (BYOD): #4 Managing the Revolution

Posted by: Admin  :  Category: Web Hosting

Quoting straight from Wikipedia, Enterprise Mobility Management (EMM) is “the set of people, processes and technology focused on managing the increasing array of mobile devices, wireless networks, and related services to enable broad use of mobile computing in a business context.” I will focus on the “technology” part in the definition and go a little bit deeper (for the process part, I recommend you to read the previous article in the series).

Enterprise Mobility Management brings a couple of questions that a company should evaluate before it chooses an EMM application. I call them “scopes” of the EMM concept, which I hope will help the IT decision makers analyze their prospective EMM application.

Security tops the list as one would expect. From an EMM perspective, security is about accessing the corporate resources on the mobile devices, whether through accessing corporate network via VPN or through cached data. Due to the very nature of the mobile devices, they can easily be stolen and once compromised can pose an immediate threat to the company. Considering a 360-degree security viewpoint, the EMM solution has to provide solutions to limit and revoke access to corporate systems, wipe data remotely, provide/enforce central security policies and encryption.

Enterprise Mobile Management

EMM Solution has to manage a broad range of devices. With BYOD, IT can never know which device it will have to manage.

Device management is one of the pillars of the EMM. Once devices are secured, they will be managed. Device management has to provide solutions to access to the device’s resources and audit them. This management should include the following:

  • accessing device use, such as status and usage at the very least,

  • location tracking, even if GPS is not present, coarse tracking with cell tower triangulation is acceptable,

  • hardware management, such as blocking camera use when or where necessary,

  • Active Directory integration, if Active Directory is used,

  • profiles for personal and corporate use (there is a demand for encrypting the corporate profile, which can be made possible by certain mobile applications in almost all platforms. However, in a solid EMM infrastructure, this has to be a part of the EMM platform, rather than an enforced application on the device.)

Application management is another pillar of the EMM infrastructure. Although application management is a complicated process, there is no reason why it cannot be divided into its parts and managed so. The must-have elements in the EMM solution is:

  • the ability to inventory the apps that the users have on their devices,

  • the ability to view the app permissions,

  • the ability to offer black, white and grey lists for the users,

  • monitor device use in terms of network activity.

The EMM solution has to be thought of carefully in terms of applications. There has to be clear procedures speed up application evaluations on the corporate side; if the application version is 4.0 and the latest approved version is 1.3, the corporate IT will clearly lose the game. What has happened with the BYOD revolution will happen again: the users will try to find a way to install the latest version. In this example, if the latest approved version is 3.8.5, then the majority of the users will follow the procedures. The EMM infrastructure has to allow this quick response to the users. Although too much to ask today, the corporations will be demanding their own “corporate app stores” from their EMM solutions tomorrow.

In terms of network activity, the EMM solution has to monitor the network use of the device from an intrusion detection perspective. Or rather, the solution has to work together with an intrusion detection/prevention application to detect suspicious activity from the devices, such as requests to access to corporate resources when the device’s status is idle.

Content management is another issue in the EMM infrastructure. More enterprises are deploying content management solutions such as Microsoft SharePoint to allow quick collaboration on the documents and displaying business intelligence results. The EMM solution must ensure that not only the corporate content is synced with the device but also is not accessible if compromised.

When the scope is defined clearly, then the stage is set for the EMM solution evaluation. As of the writing of this article, there are about 30 EMM applications in the market. The applications come from a variety of vendors, such as:

The BYOD revolution just happened. Now the IT decision makers need to find a way to manage the revolution. If the IT repeats its past mistakes, it is doomed to be taken down by the revolution. The IT decision makers must remember that the board of directors are also the users of the various systems and they are also a part of the revolutionists.

References

Related posts:

Web Hosting Geeks’ Blog