Tag Archives: cybersecurity

Disruptive Thinking

Posted on by
Reply

Traditional ways of doing business have changed. Or, to be rather brutally accurate, they have been disrupted.

Our world has been transformed with mobile, cloud, social, data, security, connected devices, to a technological paradigm that could not have been imagined prior to the introduction of the PC, which is not that many years ago.

The way we do things and the devices we use to get things done basically just got faster and smarter at Moore’s law speed. Powered by cloud computing and mobile broadband and fuelled by the individual’s desire to be online all the time, the impact on the world of work and commerce has been profound. What this means for enterprises is that it’s time to think differently; doing business in the digital age means dealing with digital customers, and this can mean a need to dramatically reshape the organisation’s operating model.

Changing technologies, changing philosophies

One of the most significant changes to enterprise IT procurement today has been the shift of the cost model. Organisations have gone from the traditional method of paying up front for technological tools, the CAPEX route, to the more agile, cost-effective OPEX model. This change in philosophy has been powered by pay-as-you-use technology services and is at the heart of how enterprises have to adapt and reinvent themselves.

The benefits that this brings to businesses are many. There is the immediate cost saving inherent to not having to pay set-up fees and to not actually having to buy the full technology kit in the first place. The on-demand usage model also lets companies operate in more flexible and agile ways, creating work/life balance advantages for their employees and enabling better interaction with customers.

When your customers are digitally savvy end-users themselves, they naturally expect the companies they buy from to be similarly engaged. That’s why progressive companies are now using social media tools to deliver customer service, or enhancing their overall value proposition with dedicated smartphone apps.

Fundamentally, enterprises now need to work smarter. Those companies that want to thrive and enjoy competitive advantage over rivals are those that embrace technology, harness its power and use it to improve their product and service offering.

The shift from digital enablement to digital dependency

Technology and in particular mobile devices and mobile Internet connectivity have become life essentials – to the point where some countries have even gone as far as making broadband an actual human right. So much of what we now do as individuals requires technology to make it happen and that we’ve become dependent on it.

Broadband is now faster than ever and pretty much ubiquitous, while cloud computing and the proliferation of smartphones and tablets has been extraordinary and pervasive. Wearable technology is set to go mainstream and the Internet of Things will see more connected devices in place around the planet than we can currently envisage.

Enterprises have no choice but to reinvent and change the ways in which they work and interact with customers. At operational level they need to change their structure and their value proposition needs to evolve.

The more demanding customer

There is a cyclical element to the changes the digital era has brought us; because technology has enabled organisations to work in whole new ways, customer expectation levels have risen. The smartphone connected customer is used to great service, direct to their mobile device wherever they are, so the enterprise is under increasing pressure to keep meeting and exceeding these expectations. It’s a whole new paradigm of customer expectation.

To take this a little further, the next batch of customers currently working their way through university are all Echo Boomers, or Generation Y. They are the most technologically advanced and expectant generation of individuals we’ve ever produced, and they literally do not know or remember a world without broadband, mobile devices, laptops and always-on connectivity. So enterprises need to plan ahead – customer expectation of your digital capabilities is only going to keep on rising.

But remember to keep the back door locked

All this increased mobility and device usage does of course carry a threat with it. While organisations can benefit hugely from reinventing themselves and carrying a digital offering, they must be mindful of the security challenges. Hackers and cyber criminals have also continued to evolve, so risks do remain and have multiplied.

Enterprise mobility management, a strong firewall on your network, in-depth mobile policy within the organisation and even secure corporate app stores are all ways that enterprises can enjoy the benefits of digital while minimising security risks.

Disruptive thinking

With so many technological advances, disruptive thinking is key to an enterprise reaping the benefits quickly. Organisations need to disrupt themselves before they are disrupted, they need to embrace new technologies and adapt them to their organisation’s operations as this is the only way ahead.

Companies that move first will enjoy greater success over the coming decade. Enterprises that delay and continue to operate in time-honoured, traditional ways, will find themselves losing customers, market share and ultimately profitability.

By embracing the digital era and reinventing themselves as a digital enterprise, organisations can truly thrive. Technology used to be a support function within a company, today it is an absolutely essential element of a business strategy. By utilising digital tools to integrate customer service channels, companies can deliver far better customer service and keep customers coming back. Giving your customers more added value with smartphone apps tailored to their needs, will see your customer satisfaction levels increase.

These are some of the ways to forge ahead in the age of the digital economy. Disruptive thinking needs to also be applied to cyber security and protection from unwanted cyber penetrations of your systems, data and sensitive intellectual property.

A simple and effective start, on the security front, is to have professional penetration testing conducted on your organisations systems before someone else does.

The workspace of the future is exciting – but?

Posted on by
Reply

The digital tsunami and the move to mobile have changed the way we work forever. It is not all that long ago that we accepted our jobs as being part mobile – or at least where you could get a signal – and part tied to a desk. But no more; mobile is the new normal, it is here to stay, and the ‘workplace’ has become something altogether new and different.

At the heart of this workplace transformation has been an ongoing cycle of technological evolution. As networks have become faster and faster and support more apps and more data, the cloud has come into play. Cloud computing is now second nature to most people, and processing data through or storing it in the cloud has grown exponentially.

This faster computing power married to mobility’s always-on-anywhere nature has in turn led to richer content and applications at end-user level, for which end-users want ever smarter mobile devices, hence the astonishing rise in smartphone and tablet proliferation. Then, having faster, smarter mobile devices and ever-faster mobile broadband, end-users consume more and more data and digital content, which in its own turn has the knock-on effect of needing faster networks. This is the mobility and virtualization lifecycle, and its impact on the workplace has been revolutionary.

The point is that the traditional way of working has changed, and with it the workplace itself. And this has been powered not just by technology, but by people themselves. Mobile technology has empowered people to shape their workplaces to their own demands. It is a brave new world all right, and a truly exciting one.

How workers and ways of working are changing

Mobile has changed so much of what we’re used to. The typical ‘office job’ has transformed into something which through mobile empowers the employee and benefits the employer, in the form of greater freedom and increased productivity respectively. The consumerization of IT led us to bring your own device (BYOD) policies, with research showing that 87 per cent of employees have used a personal device in the workplace. Sales of smartphones and tablets now outstrip all PCs put together, including notebooks. 79 per cent of IT decision-makers say virtual desktops are in their current or future plans, while enterprise social networking is also high on agendas. The world of work went and got mobile, and employers have had no choice but to embrace it.

Buildings, ways of working and ICT strategy

The new workplace has become a seamless environment, where personal and professional crossover and interchange. Even workplace buildings themselves have become part of the mix; intelligent building projects are in place now which differ hugely from offices and factories of days gone by. The need for intelligent buildings now informs a company’s ICT strategy, as the new, mobile first way of working requires this new workplace to make it a reality.

When previously kitting out an office building IT departments generally focused on wireless connection models and protocols, wired and wireless access points and so on. There were no interfaces in place for seamless integration of multiple mobile devices, networks and platforms were largely proprietary (and not very interoperable with multiple different devices and protocols) and legacy services were limited. In short, the workplace was a relatively dumb environment.

The shift to new ways of working has created the need for new, intelligent buildings to support progressive companies. New working environments are looking to the Internet of Things as a driver, with its need for embedded systems with local computing. Next generation communications systems like MiFi and Zigbee must be worked into the mix, as must multimodal interactive interfaces like NFC, digital signage and all the various smart devices that now enter the workplace.

Intelligent buildings can also have a positive environmental impact thanks to increased numbers of sensors, monitoring systems and controllability of systems making them greener places to work. All of these elements are now making their way into organisations’ real estate acquisition strategies, making them part of an overall business strategy. Including smart intelligence to the building itself’s design makes for a smarter workplace and happier employees. This means thinking about your ICT strategy can separate digital, Business Intelligence and legacy systems while still looking to generate interaction between unified communications and collaboration (UCC) tools, human resources, security and suppliers.

In short, companies must now think not just from their own perspective but also from what their employees want and expect from a workplace. Take a technology-agnostic approach, and think ahead – use your building systems to deliver open, integrated services to workers – not just to manage your building. That’s the way to moving to the cloud-enabled, flexible and any place, anywhere, anytime method of working.

The security imperative

The new way of working is exciting, progressive and more productive – but it of course remains vital not to ignore the potential security risks. BYOD and smart building initiatives have helped empower workers in unprecedented ways, but they do bring with them traditional worries. Company data now resides on more devices in more places than ever, and IT departments have no choice but to accept this and mitigate it.

Lost or stolen mobile devices naturally remain a key concern for IT professionals, while employees placing data in cloud-based file-hosting apps such as Dropbox is also a potential problem. Traditional security threats like hacking and DoS (denial of service) attacks are still present too of course. So the IT department must manage both the old threats and the new.

They can begin by implementing a mobility policy which lays out the rules and precautionary measures needed to keep sensitive corporate data and systems as safe as possible. Employees bringing own devices into the workplace have to play their part and commit to safeguarding data and not abusing their newfound flexibility. Device management systems married to good quality encryption tools can help guard against data loss via stolen or lost mobile devices, but with both mobility and new, intelligent building systems to manage, companies should think about both hardware and software encryption policies.

The new workplace is a thrilling prospect, taking our now second nature mobility, partnering it to intelligent building environments and using it to help us enjoy greater freedom and flexibility in our jobs than ever. It’s an exciting time – but nonetheless one that requires good planning and the factoring in of expansive security measures at each step on the journey.

Business Applications as a Service (BAaaS)

Posted on by
Reply

Moving business apps into the cloud carries big benefits

The rise and rise of the as-a-Service (XaaS) model continues. The various models based around the XaaS approach are all forecast to continue growing rapidly as organizations go on taking advantage of the increased flexibility, lower CAPEX and on-demand nature of the service. Gartner predicts that Infrastructure-as-a-Service (IaaS) will grow at a CAGR of 41.3 per cent through 2016, while Platform-as-a-Service (PaaS) will hit 27.7 per cent CAGR in the same period. The Software-as-a-Service (SaaS) market will grow at 19.5 per cent CAGR in that time too, demonstrating how significant the cloud delivery of IT services has become.

XaaS is about making life easier for the customer while giving the provider greater flexibility. Where previously software licenses were bought and long-term contracts entered into, today organizations want and need to be more agile. Utilizing IT services on-demand means that businesses can deploy services as needed, quickly, securely and cost-effectively, and the cloud has enabled this change in mentality. It has helped to create a more business-centric IT culture, where companies and organizations really do get to have IT on their own terms.

Beyond software and infrastructure

As every mobile user knows, this is the era of the app. Cloud delivery of our favourite films, music, games, magazines and books direct to our smartphones or tablets is now entirely second nature, and it has almost become hard to remember the world before it. So just as we source our personal apps on demand from the cloud, doesn’t it now make sense that we do the same thing with business applications?

Business Applications as a Service (BAaaS) is well set to become the next big thing in app delivery this year. As companies continue needing to cut costs wherever possible, shifting certain business applications into the cloud and utilizing them on an on-demand basis helps to remove the CAPEX typically involved in purchasing business services, and also reduces OPEX as you go along. Companies today often find that processes and requirements change on a continuous basis, meaning purchasing business applications outright can become a zero-sum game or even a loss-maker. Organization and end-user needs are always evolving, and new functionality is often required at short notice.

So just as Software as a Service began life delivering business applications like Enterprise Resource Planning (ERP), Customer Relationship Management (CRM) and Human Resource Management (HRM) tools on demand and via the cloud, so the BAaaS model will evolve to deliver other key applications like Business Intelligence (BI), security tools, plant control and business premises management apps – it’s the next logical step in this technology shift.

Why so popular?

In addition to the OPEX and CAPEX benefits, BAaaS tools can be used from any device, whenever and wherever the end-user wants. With so many personal apps delivered through the cloud to mobile devices today, end-users are perfectly familiar using the internet to get the apps they need. So there is no reason why this should not extend to the workplace. There’s also a shorter learning curve to be had because of this end-user familiarity.

Delivering business apps in this way also makes the upgrade process far easier. Organizations work with their BAaaS partner to establish the terms of engagement, the BAaaS partner then takes care of all updates and upgrades to apps. No additional hardware, software or capacity upgrades are required, even when scaling up the user base. It is a model of simplicity.

The changing nature of the CIO

The BAaaS shift also has major implications for the CIO and the IT department. With the role of the CIO changing into that of a business-critical one, the benefits of BAaaS can help make the transition simpler. With budgets remaining tight, the pressure is on the CIO to do more with less – their focus must become more strategic and they have to deliver commercially impactful initiatives – by being innovative, agile and prepared to adopt new technologies.

Every stakeholder today expects more. They expect more apps delivered more quickly and more reliably, wherever they are, while ensuring that the network remains more secure. This means customers, partners, employees, fellow C-level executives – the modern CIO now has a very different role. The IT department has become both the engine room of a company and also a business unit in itself which must innovate, think strategically and drive the organization forward. BAaaS is the latest cloud service which can help make the CIO’s mission easier and more relevant.

Gordon

Cyber threats makes it to number 4 on the Global WEF Agenda

Posted on by
Reply

A recent report released by the World Economic Forum (WEF) focused on the Global Agenda for 2014 and the top 10 trends facing the world. As one might expect, topping the list were globally pertinent and vital topics like; growing societal tensions in the Middle East and North Africa; income disparity around the world; and ongoing unemployment.

However in fourth place was “intensifying cyber threats”, which was considered a more significant issue than climate change and diminishing confidence in economic policies.

This is a truly insightful conclusion – such a global focused, facts-based organisation marking cyber threats at such a high threat level – shows how rapidly technological threats have evolved. It’s not that long ago that ‘being online’, whether as an organisation or as an individual, meant merely having your own server – relatively secure and simple to fireproof – against typical cyber-attacks and threats.

The evolution of IT into cloud computing, machine to machine (M2M) communications and the Internet of Things (IoT), presents a whole new generation of dangers – ones against which most industries, companies and end-users are not safe.

The cloud of course means more devices and machines than ever are connected through the same network, making it an even bigger target for cyber terrorists. Get one denial-of-service (DoS) attack through successfully and it can grow exponentially through the cloud to other domains, taking many other websites with it.

Similarly the IoT has presented cyber attackers with a particularly attractive playground – the network infrastructure and technological capabilities are really transforming at a rate that is too fast for cybersecurity to keep pace.

Many IoT machines and devices remain quite unsecured, with communications between them being unencrypted. This is clearly a major worry when so much private, personal and sensitive data is communicated via the internet.

Changing habits, changing threats

The nature of how we use IT has also helped form the evolution in cyber security threats. We love all the benefits that come with our increasingly mobile-powered lives; more flexible work practices, greater productivity, increased control and choice over our consumer habits, but we do need to be aware that these changes carry new threats too.

Through 2014 and beyond, it is highly likely that we will see cyber threats piggyback this trend to make attacks more personal. Where previously generic data was the target for cyber-attacks, they may now shift to specific, individual information. These attacks will target mobile operating systems, since thanks too trends like BYOD, mobile devices now very often carry both personal and corporate data on them. In 2013 there was 1000 per cent growth in malicious Android apps, demonstrating the shift in focus by cyber attackers. Factor in SMS floods, development of malicious apps and even fraudulent developer credentials appearing in app marketplaces and it becomes clear that mobile is a fertile hunting ground for the modern cyber criminal.

The growth in social media use presents another big target too. Social is a true modern-day technology success story, enabling people to keep in touch and share experiences in whole new ways, no matter where they are.

That ubiquity however does present new territory for cyber threats, with social attacks likely to increase massively in the near future. Social media utilises personal data, passwords, contacts, location-based activities and more – all of which is highly attractive bait to cyber criminals. So it is perhaps no surprise that earlier this year even President Obama was banned from using his smartphone due to security concerns.

Another modern day advancement that carries its own new threats is online currencies. Ransomware has been developed and targets currencies like Bitcoin, while online currencies also offer cyber criminals the opportunity for money laundering. Currency exchanges are also potential areas of attack. Traditional threats of course remain too – 2013 saw the biggest cyber fraud case in history, as 160 million credit cards were compromised in the US, to the tune of $300 million.

In short, new technologies and the growth of the cloud and increased mobility mean more targets for cybercriminals. Gartner suggests that by 2020 governments and enterprises will leave a massive 75 per cent of sensitive data unprotected – so organisations are going to need to think long and carefully about the security policies they implement to mitigate this threat and tighten up cybersecurity as much as possible.

Malware hasn’t gone away

Another threat which is not gone but merely evolving is malware. Previously the preserve of desktops and the enterprise environment, malware has transformed to take its dangers to the mobile landscape as well. Malware has adapted to target mobile authentication processes via fake SMS confirmations and other means. Android malware is also on the rapid rise.

This year will also likely see malware architects continue with covert command-and-control (CnC) attacks on networks. Encryption techniques go on getting smarter and stealthier and malware is now smarter than ever in evading traditional network defences.

Time to evolve thinking

The changing nature of technology in the mobile era – with disruptive solutions being developed all the time – means that the CSO has to always think one step ahead. As the WEF report indicates, cyber threats will continue to grow and evolve throughout 2014, with the only predictable thing about them being their unpredictability.

Traditional perimeter-based security solutions are today less effective than usual because of disruptors like cloud, mobile and social. M2M, the IoT, wearable technology in the workplace and more will continue to render the perimeter security model less powerful and the financial imperative of modern cyber threats is clear. Some estimates forecast that failure to implement sufficient cyber security solutions and capabilities quickly enough could mean a $3 trillion hit to the world economy by 2020.

Fourth on the Global WEF Agenda – cyber threats

Cyber threats is number 4 on the World Economic Forum of top 10 trends, so it is time to plan ahead and be proactive about new security threats. Allocate sufficient resources and people to head off cyber threats before they attack and organisations can still win the battle and the war.

The Cognitive era is here as Devices get Smarter

Posted on by
Reply

Devices are getting smarter, faster and increasingly cognitive. All around us we see the continuing rapid evolution of electronic devices, both mobile and fixed, into the next generation of tools that will help us live our lives differently.

As smart devices go on advancing in their capabilities, it’s fair to project that devices will eventually advise us on how we dress, what we eat for dietary requirements, our physical fitness and more – there is even a smart toothbrush available now which communicates with an app on your smartphone to advise you on optimum plaque removal when brushing.

We are now in the era of apps that think and interact with their users. Think of voice-activated apps like those which help us navigate our smartphones to which we give specific commands – and applications are only going to continue gaining intelligence. So as devices and apps evolve, so too the operating system needs to evolve with them. Which brings us to cognition-as-a-service (CaaS).

CaaS will be the platform that enables these increasingly intelligent apps. CaaS is effectively the next generation of the Semantic Web – an operating system which is capable of communicating with intelligent devices and apps on their terms.

Powered by the cloud

The truth is that within a couple of years we will probably no longer be talking about ‘the cloud’ as we currently understand it or as if it is something new or advanced. The cloud will simply be ‘IT’ – because so much of what we do will be hosted in and take place in the cloud.

An example of a cognitive app to come would be your daily calendar – your calendar which you use via your smartphone or tablet will effectively operate as your P.A. and will manage your time and activities like a secretary. However, the intelligence itself that powers this cognitive app will be provided by a cognitive platform which lives in the cloud.

These cloud-based cognitive platforms will be the true intelligence that fuels this next generation of apps. The cloud is where the Internet of Things (IoT) lives, and the IoT and its vast array of machine-to-machine (M2M) communication will also be powered by this intelligent platform.

Everything in your daily life is set to become smarter. Phones, TV, the connected car, the smart home, the networked fridge that restocks your groceries without you having to open its door – not to mention wearable technology like smart glasses, clothing and watches. All of these will be powered by intelligence delivered by APIs through the cloud as apps and everyday things grow to be cognitive.

Examples are already in place around the world. There is a new artificial intelligence which can read CAPTCHA images online, while e-health is being powered forward by projects which deliver virtual healthcare assistants through the cloud. These are just a couple of examples which predict the need for platforms that can support more intelligent apps and manage them automatically.

Yet another XaaS model

The growth in popularity of the as-a-Service (XaaS) model cannot be overstated. XaaS brings multiple benefits in both CAPEX and OPEX terms, since it carries with it far lower set-up costs than traditional IT product based solutions and its on-demand nature means that running costs are set on the user’s terms.

XaaS, and in time CaaS, will continue to deliver the same benefits. This continuing cost-control model delivers a more managed total cost of ownership (TCO) and reduces risk overall.

So why CaaS?

What CaaS delivers is that next step that the Semantic Web didn’t quite reach – it will enable APIs in the cloud to operate intelligently and empower developers to use quickly and easily. CaaS providers will be cheap, scalable and accessible, and what makes CaaS so different and powerful is that the cognitive qualities are ingrained in the operating system itself – meaning that so too are all the apps on it. The scope that CaaS presents is huge, bringing cognitive, highly intelligent and intuitive apps to users on a global scale.

The security implications

Because CaaS will be cloud-delivered, the nature of security threats surrounding it will continue to change too. Hackers and phishers, always looking for new ways to extract valuable data, remain creative and go on developing new angles and methods of attack.

So while the CaaS era will bring numerous benefits to mobile users, security professionals are going to need to be as mindful as ever of the threats to data breaches and data loss. API keys can of course be useful tools to the enterprising hacker, and denials of service and account hijacking are both hazards that exist via this route. By securing the platform and working as hard as possible to close potential loopholes, the era of the CaaS next generation operating system powering the apps, devices and habits of the future can be one that will create new industries and new digital giants that will grow from unexpected quarters.

Original Publication

Devices, Devices, Devices everywhere – it’s time for next generation “Mobile Device Management as a Service”

Posted on by
Reply

As mobile devices continue to increase in both variety and number, it seems to me it is a good time to revisit mobile device management (MDM) strategy. MDM has been around since mobile devices came to the fore, but because of the rapidly changing nature of the mobile landscape, it has had a hard time keeping pace.

A quick definition; MDM policy and tools secure, monitor and manage mobile devices throughout organizations and across various platforms, networks and operators. However as mobile devices have become ubiquitous, both at enterprise and consumer level, there has come a need for MDM to evolve too, to offer greater control and confidence to organizations without compromising all the benefits of the modern mobile user experience.

So what is it that has changed the landscape the most? Well, quite simply, it is the sheer number of devices. The mobile experience is no longer simply about a phone – it’s now smartphones of numerous types and operating systems, tabletsphabletsultrabooks, wearable technology and much more besides. This is the new ‘mobile’, this is now how big mobile is. Over two-thirds of people say they use personal mobile devices in the workplace today. This is what MDM has to cope with.

more devices, more data, more risks

So as mobility takes hold in the enterprise, and more and more critical or sensitive corporate data is at risk of being transported into the public domain by accident or design, the need for a comprehensive MDM approach becomes essential. Global companies want to design and implement global security policies that keep their data as free from threat as possible, but how do you achieve this in the face of such massive mobile device proliferation?

The threats are clear. While it is not really all that long ago that malware, Trojan horses and viruses were considered the chief menace to corporate data, mobility has today brought with it a whole raft of new, more subtle, dangers. Lost or stolen mobile devices and insecure communications now rank high on the list of information security professionals’ worries, and without the right tools and policies in place can be more damaging. Organizations can only realistically secure and control the threats that they know about – mobile devices in the workplace are more difficult to track and maintain in the enterprise environment than inward-bound attacks.

So the main threat is as simple as staff members using their personal devices to access corporate data – with or without their knowledge or intent – and then taking it outside the network. The traditional walled garden is now so compromised as to be obsolete. Nine out of ten executives recently confessed to accessing corporate data on their own mobiles – so how do organizations deal with this fast-growing problem?

everything needs to be managed

Everything is mobile and everything needs to be managed. This is the premise from which to start. Smartphones, tablets and phablets in the workplace, ultrabooks as replacements for traditional laptops, and while not so common just yet, smartwatches and other wearable technology like Google Glass will soon enter the workplace and fall under the remit of the IT department. So an organization’s MDM strategy needs to be robustwide-reaching and most of all progressive – it needs to be able to grow with the rapidly changing landscape.

Furthermore, the rise of the Internet of Things (IoT) and its accompanying machine-to-machine (M2M) communications will also play a part. The IoT means yet more mobile devices, all communicating over the network and all in need of management. The connected car is now a reality and gives mobile employees a new workplace, while other M2M devices that can also store data will need to be managed. So organizations need to address all of these developments, both cost-effectively and efficiently.

on-premise or in the cloud?

Traditionally, MDM policy forming and implementation would be done at ground level, on-premises, so that the IT department could be involved in each step of the process. However, a comprehensive MDM strategy has many bases to cover, and with more mobile devices than ever entering the corporate environment, even the most efficient IT department could find itself stretched too thin. There is basic encryption of devices required, protection against data breach should a device be stolen or lost. Corporate app stores are gaining popularity as a means of controlling the applications that users can install on devices, but more devices with more operating systems again means more complexity here.

So in the event that in-house resources are insufficient to cover MDM on premises, we turn again to the cloud. The benefits to enterprise of cloud-based solutions are well-documented, but when it comes to MDM, the cloud model brings with it the big benefit of lower set-up fees – CAPEX – but also lower ongoing OPEX as well. Cloud-based MDM – or in fact as it is becoming known, MDM as a Service – can give organizations scalable mobile device management on-demand, so they can use it as much or as little as they need to. As mobile devices continue to evolve and end-users continue to lap them up, the flexible MDM in the cloud solution, provided by a specialist partner, looks like offering a highly desirable way ahead.

Original Publication  

 

Private life in the Cloud

Posted on by
Reply

We live in a world of cyber security threats: hackers breaching organisational firewalls, Wikileaks publishing private state documents, and employers tracking cyber activity for productivity sakes.  Privacy, in relation to digital data, is a hazy topic.

The internet alone is increasingly being used as a medium to collect information for consumer profiling. According to Nielsen’s 2013 Australian Online Consumer report, 17.2 million Australians accessed the internet in the month of July and spent an average of 38 hours online across 60 sessions.

As more and more Australians surf the internet, check their mail, shop online, apply for jobs, or simply socialise with friends, they are leaving a trail of digital data that for some people is a gold mine. This includes email services like Gmail, file storage services like Dropbox, photo galleries like Flickr, and the list goes on. And this is not just on PC’s: laptops, smart phones, tablets, and televisions with internet capability all leave a cyber-trail.

When March 2014 hits, easy access to digital data will no longer be the case. Australia is about to get tougher on its privacy laws: effective March 2014, the 2012 Privacy Amendment Act will require that all Australian organisations, regardless of size and industry, implement open and transparent policies for managing personal data. This may seem simple, but it opens a crevasse of questions: how did you obtain this person’s contact details? Were you transparent in your original address? How are you storing these details? What is the purpose of collecting personal details? Are you sharing them amongst your organisation or more broadly?

These questions relate not only to your employees, but to everyone your organisation interacts with: stakeholders, customers, past employees, marketing databases….and the list goes on.

With the clock ticking, there is less than a year remaining until privacy is changed forever. Yet the implication of privacy is rarely discussed.  The question is: are businesses prepared? The answer is, more likely than not, no. If personal data is not adequately handled, organisations may be liable and can be imposed with fines of up to $1.7 million for an organisation and $ 370,000 for an individual.

As the generation of digital data continues to grow exponentially, it provides challenges for corporates to correctly manage, store and secure it. The pressure is on and the onus is on all companies to evaluate:
– Who ‘’owns’’ the privacy realm within their organisation?
– When was the last time an organisation reviewed their privacy policy?
– And if they have the necessary approvals to use third party data?

Achieving data privacy is a challenge for all organisations and the amount of work that needs to be done should not be underestimated. There is no time like the present to consider how to manage risk involved– what is lacking, what policies need to be put in place, and what needs to change.

1) Conduct a Privacy audit
Organisations need to implement a privacy audit which evaluates the type of sensitive information held by an organisation. This sensitive information can refer to employees’ personal details such as their tax file number or Medicare number and includes whether or not you have the rights to audit and access information, as well as the timely return of information when an agreement ends.  Analyse each aspect of this process which includes the collection, retention, use, and disclosure of personal information and determine risk levels. In cases where an organisation uses a cloud provider, it is important to understand who the stakeholders are, what their roles and responsibilities include, and where data is located and replicated.

Ask yourself: is third party data simply stored or is it being mined for advertising and marketing purposes?

2) Data protection and privacy impact strategy
Develop a comprehensive data protection and privacy strategy which focuses on integrating data protection and privacy processes while sustaining efficiency and long-term growth objectives. An organisation’s privacy strategy needs to be integrated with the overall risk and project management framework. It is also equally important for organisations to update their privacy policy regularly and seek input from legal advisors with specific knowledge regarding privacy laws where needed.

Ask yourself: what happens in the event of a data breach?

3) Create privacy policies and procedures 
Develop policies and procedures that clearly state the importance of protecting sensitive information stored in-house or in the cloud which complies with the requirements of the Australian Privacy Principles (APPs).  An organisation needs to take measureable steps to protect the personal information it holds from misuse. This includes mechanisms to protect and manage the information, including disaster recovery processes to protect against data loss. An organisation’s legal advisor needs to fully understand the nature of both the cloud and privacy requirements and should be able to tailor the legal protections in your agreement.

Ask yourself: what are the privacy policies that your organisation needs? Understand your key areas of weakness so you can develop a plan to protect data.

4) Ensure accuracy and transparency of all personal information held 
Personal information collected by an organisation needs to be accurate, complete, and up to date. Customers should have access to their information and make corrections if required. For instance, if an organisation holds a database which records the phone number and address of its customers, a process needs to be put in place which allows customers to change or update their details.

Ask yourself: when was the last time you updated your customer database?

5) Appoint a policy offer and train employees to mitigate security risks
Monitoring employees to ensure that privacy policies are applied will be very hard to manage on a daily basis. Transferring knowledge to your employees will identify weakness and help mitigate security risks. This is no simple task. Look at appointing a policy officer that trains employees and regularly monitors content and activity to prevent any violation.

Ask yourself: is it worthwhile hiring a policy officer to ensure that a breach does not occur?

But this is just the beginning. Let’s throw a spanner in the works.
Consider all of these advances in the context of data stored in cloud. The list of considerations and concerns gets infinitely bigger. There are different approaches to how privacy is interpreted when it comes to data stored in the cloud space. The following is a general starting point, but not specific advice, as individual circumstances vary and need to be looked at in more detail.

– The Infrastructure as a Service (IaaS) model, where the service provider is responsible for housing customer information and is not involved in any handling or processing of personal information. In this case all obligations to privacy are held with the customer.

– Software as a Service (SaaS) model, where the service provider is responsible and plays an active role in handling and managing customer’s personal information. In such cases, the service provider needs to obtain consent from the customer to hold and or use this information.

– Platform as a Service (PaaS) model, where the service provider delivers tools to enable customers to deploy applications. The service delivery model means that customers need to use best practices and privacy–friendly tools.

Privacy remains a critical component for Australians doing business or simply engaging online. We are entering a challenging new era as tougher privacy laws come into effect. While some Australian companies have already initiated the ground work, others have simply turned a blind eye.

Business owners who want to mitigate risks without sacrificing their ability to do business need to start addressing where they currently stand in relation to digital privacy. Assessing the business structure now will identify strengths and weaknesses, and set the wheels in motion for the new privacy approach.

Original Publication

 

Technology predictions for 2014 & beyond

Posted on by
Reply

predicting technology futures – what’s in store for 2014?

Original publication

2013 has seen a number of technologies enjoy varying levels of success and growth, with mobile devices, cloud computing and enterprise app stores all continuing to gain momentum. As I have written about throughout the year on this blog, these technologies have all had that disruptive business model impact which makes them popular and shakes up the existing landscape.

As we approach the end of 2013, I see no reason to expect 2014’s emerging technologies and trends to be any different. So what do we have to look forward to?

wearable technology and absolute mobility

Mobile everywhere and mobile for everything. 2014 will be the year that mobile is ubiquitous, smarter, faster and our reliance on mobile connectivity becomes absolute.

2013 saw the emergence of bring your own device (BYOD) as a mainstream concept, with end-users pretty much eschewing the notion of work/life balance and taking their smartphones and tablets into the workplace as a matter of course and taking their work on the move with them, presenting companies with new security challenges. But the trend will continue and 2014 will see users expecting to be online in more places than ever, at high speeds and with more robust security levels.

This increased mobility will continue to be driven forward by the latest advances in mobile devices, with wearable technology to the fore. The announcement that Burberry’s chief executive has just jumped ship to join Apple is a good indicator of how technology and fashion will merge over the coming year.Google glasssmartwatches and other wearable devices will all connect to the internet and each other through the Cloud like never before. And speaking of the connected planet. . .

the Internet of things goes mainstream

The internet is dead, long live the internet of things. There are now more networked devices and machines on the planet than there are people and 2014 will see still more devices, appliances and vehicles come online and begin communicating with each other.

The internet as we know it has already changed the world and many aspects of our daily lives. It has benefited businesses, individuals and nations, often helping to transform the way governments deliver education, health and social services and making information more democratically available. The internet of everything addresses the next generation of networked devices, with machine-to-machine (M2M) communications powering new ways of doing everything. Right now our phones and tablets are our most common networked devices, but the internet of things will see the networking of cars, homes, appliances, televisions, meters, indeed most electrical and electronic appliances and devices. There is even a company in the Netherlands that has helped a farmer to connect his cows.

Forecasts vary, but recent research projects that by 2020 there will be 75 billion ‘things’ connected to the internet and communicating with one another. 2014 will be the year that everything being networked goes mainstream.

hybrid cloud and XaaS model

2014 will see IT architectures continue to evolve and bring greater flexibility to companies and end-users. In previous blogs I have written about the future impact of cloud computing on various IT disciplines, notably procurementstorage and business continuity and even the role of the traditional CIO.

The cloud will continue to transform throughout the coming year, and the direction it will take will be that of hybrid cloud. Companies with private cloud architectures in place should be ready to embrace personal cloud and make the shift to the hybrid model. The hybrid approach gives organizations greater operational flexibility and optimized costs without compromising security. Network performance is improved too.

The ‘as a service’ (XaaS) model will continue to grow in popularity as well, as organizations adopt its agility and flexibility benefits while also recognizing that the OPEX model carries major advantages over the traditional CAPEX, investment-up-front approach.

software-defined architecture

Software-defined architecture will also come to the fore in 2014 – a practice whereby the software or the application defines the purpose of the device itself. This can be a storage device or a server, or a personal device such as the music boxes or wristband and apps that tracks how you sleep, move and eat—then helps you use that information to feel your best. The function defines the form.

The software-defined approach can help revolutionize the way we program, use and interact with devices because it makes them completely customizable. Devices of any kind will become defined by their apps, making them directly programmable, more agile, centrally managed and configurable and giving us greater control.

share, share and share again

End-users are now, thanks to the rise and rise of social media, so used to sharing that it is second nature. There are now 1.15 billion active Facebook users and over 288 million active Twitter users, all sharing thoughts, information, news, opinions and more, all the time. There have been more than 16 billion photos shared on Instagram. And this is just the beginning.

3-D printing is one area where the sharing of ideas and designs is going to take off in a big way in 2014 and beyond. Sales of 3-D printers are forecast to grow by 75 per cent in 2014, as the technology takes hold in the mainstream. 3-D printing could have a massive impact on many industries, not least the manufacturing sector. It represents a new way of sharing, with companies no longer needing to produce things the same way. For example one company or individual can come up with a design or bright idea one day and that design can be shared and copied tomorrow. Manufacturing, product development, design and prototypes – all of these disciplines could be hugely affected. This does of course present a challenge similar to that faced by the music and movie industries; when you have moved from the physical world to the virtual, and people are so used to sharing, how do you protect intellectual property? Innovative smart machines may be the solution to that. But that’s for another blog post.

Happy 2014.

Original Publication

Six tips for mobile device management security

Posted on by
Reply

There has been a lot of discussion this year about the increasing influx of consumer devices being used for both professional and personal purposes. Many organisations are feeling a little overwhelmed as they try to work out appropriate security levels and device management boundaries. When you take into consideration all the platform and application updates chewing through corporate bandwidth, plus the potential for rogue applications and malware to gain illicit access to company data, there are many headaches for security managers to deal with.

Here are six tips to help get the efficient and secure management of mobile devices under control:

1. Have a strong mobile policy

This may seem like an obvious tip, but there is often a clear disconnect between employees and employers’ expectations of how consumer devices will be used in the enterprise. Research from IDC found that not only were workers using their devices at twice the rate, they also tended to think employers were far more permissive of the use of consumer devices than they actually were. It is therefore very important to have a mobile use policy clearly defined to avoid these kinds of misunderstandings.

A mobile usage policy is a framework that defines who the users are and what devices, platforms and applications they can and can’t use. Enterprises must clearly define policies around reimbursement for services and what applications users can access via personal devices, along with clear guidance on who controls the data on devices.

2. Create an inventory of assets

How can you be assured of the security of employees’ mobile devices if you don’t know how many are out there and what they are? Implementing a robust and regularly updated inventory management system is a vital part of any mobile device management system. While many businesses do have an inventory of fixed and wireless assets, the majority of them are not updated and validated on a regular basis, leading to the potential for security issues to slip through the cracks via unknown devices or inappropriate usage. Businesses with accurate inventories have much clearer insight into their telecommunication environments and as such, more reliable information on which to base policy decisions.

3. Ensure proper configuration of devices

The sheer number of different devices and platforms out there can make the configuration of devices a challenging process. Factor in entry level handsets, smartphones, tablets with different operating systems and employees working in numerous different locations and the issue becomes even more complex. However, if a device is enrolled with a mobile device management server, a configuration profile defined and managed by IT admin can be implemented, enabling the device to interact with enterprise systems. An appropriate level of encryption can also be added to any commands coming from the server to ensure that settings cannot be altered without proper authorisation.

4. Implement appropriate security

Despite the influx of consumer devices into the workplace, many organisations haven’t implemented stronger security controls in response, leaving them at risk of security breaches or loss of sensitive data. Data encryption is a powerful piece of the mobile security puzzle and yet many businesses do not use it on a regular basis. In addition to implementing data encryption, enterprises need to inform workers about the risks of failing to comply with security protocols – there is a good chance that they are unaware of the risks associated with using their personal devices for professional purposes.

5. Regulate application protocols

Taking into consideration that there are thousands upon thousands of mobile applications out there, strong protocols need to be instituted for the deployment of any new applications and the management of existing applications. Malware is steadily creeping into the app world, so even applications from the app store need to be checked before they are allowed into the enterprise. Such malicious applications can take over the mobile device and operate in the background without the user knowing, searching for sensitive information such as passwords or banking details.

6. Provide training and end-user support

A relatively small percentage of the overall functionality of the average mobile device is used on a regular basis. With devices becoming more and more sophisticated, users could end up massively under-utilising all the functions that are at their disposal. As a result, most enterprises would benefit from providing user training, including how to set up email, device customisation, application selection and usage, understanding browser capabilities, using instant messaging, and mobile data services and understanding device functions and shortcuts. Support and training can increase worker efficiency and also reduce security risks, as employees better understand how their devices work.

Managing employee mobility doesn’t need to be a nightmare. With the right systems put into place, employees and employers alike can reap the benefits of mobility.

Original Publication

Unified Communications: Leading the Cloud revolution

Posted on by
Reply

Original Publication

The 101 of UC

The term unified communication (UC) is a popular subject that has been floating around the workplace for some time….but is it really an essential component for businesses today? Do employees, or businesses for that matter, really understand the pros and cons?

The problem with the current workforce is that it is dependent but scattered: 78 per cent of workers are part of global teams that can be scattered across the world.

Being part of the global workforce isn’t in itself a hindrance: technology allows communication. It is estimated that the average worker carries 2.9 devices, increasing their accessibility. While having multiple devices – from email, to mobile phones, to desk phones, to videoconference and beyond – should make getting in touch with someone easier, it can actually hinder the process.

A simple example is this: calling someone on their office phone could see you leaving a message at reception, to be emailed to their inbox with the request to call you back. Ultimately, the excess in opportunity to contact someone wastes time and resources.

Unified communications (UC) is a solution that streamlines this process, uniting full time employees, managers, top level staff and part time workers to communicate in a new way, across broad geographic space and time zones.

UC integrates a variety of communication tools, from the traditional non real- time to the advancing real- time. Simplified down, a unified communications system should have five core capabilities: email, telephony, real time communications, calendars and directory services.

Originally, UC was the natural progression for a world where multiple communications channels could be accessed all at once. Now, however, it is a strategic business choice which enables easier workflows and more efficient workplace operations. According to a report by Frost and Sullivan, globally, the UC market is expected to grow from US$1144.8 million to US$2287.6 million by 2019.

The network effect

Regardless of the catalyst, as an organisation moves to UC, a platform can be adopted to integrate with existing frameworks – be it emails with a particular provider or a cloud solution. The UC platform, Unified Communications as a Service (UCaaS), intrinsically changes processes within an organisation. As UCaaS takes hold, employees begin working more efficiently, adapting to the ease of communicating in real time via a single interface, but across multiple communication styles.

This hyper connectivity will benefit performance and capability but could also cause network performance issues. Things that need to be considered are:

– An increase in network traffic and applications and the need to address incidents
– Monitoring UC components to assess if they are working correctly across the network
– In-depth or packet level monitoring

With the growth of unified communications and additional new applications, the management of each new service is becoming far too complex for IT departments. Finding the right UCaaS provider can actually address all of these issues, by generating a customised and optimised solution strictly for your business.

If UCaaS is running optimally, the benefits to the end user and the broader business are extensive. Shorter time frames and less follow-ups results in increased productivity. The allowed interactivity can also increase decision making, reducing time lines, and increasing satisfaction and budget delivery.

Data, cloud and the security conundrum

These benefits are undeniable, which largely explains why 88% percent of enterprises have deployed or are planning UC deployment. Increasingly, UCaaS is deployed across a hybrid cloud scenario. In any business running UC, unstructured data is being created, and at a rapid pace. When UC is run either wholly or partially via the cloud, this data and the security risks alongside it increase.

The cornerstone of a successful UC implementation is having up-to-date accurate user information. This raises the question of security and privacy. Do I really want others to see my personal details?

The implementation of UC also changes business workflow and the need of a middle man to assign telephony UC. Some other core security threats include:

• Host and network-based intrusion – something that we have lived with since the dawn of computer technology.
• A VoIP-enabled form of phishing – basic phishing techniques are applied to the UC suite, meaning confidential information can be revealed over the phone by appearing to call from an official location, but actually infiltrating the organisation.
• Toll fraud – the incorrect lodging and pricing of media traffic (images, videos etc.) and voice and video calls. Toll fraud means that attackers can create a video call, but it appears as a telephone call. This misrepresentation means incorrect charging and scamming the system.

The top concern for organisations is the tapping of endpoint UC devices – laptops, smart phones etc. These breaches could infiltrate VoIP, IM or other traffic, potentially unleashing not only sensitive organisational information in the form of documents, but intercepting telephone calls, and sensitive emails. While this is the base level risk of unauthorised access, the next step is an organisation’s full network security being compromised. If a hacker infiltrates the network, there is the potential to not only access information but launch attacks and alter network settings – jeopardisinge the organisation on many levels.

These kinds of malicious attacks can come in many forms. Two common ones are denial of service attack and platform compromise. While different styles of attacks, both disrupt the communications infrastructure on different levels and in different manners.

Companies of all sizes are adopting unified communications and the collaboration capabilities it fosters to boost productivity and innovation, increase mobility and enhance flexibility. However the risks apparent in the cloud environment are also booming in.

UCaaS is the turning point for communications as we know it, and the way the cloud is utilised. At the beginning of this, the cloud revolution, we are looking to a more interactive, available yet accommodating time. To ensure that as UC takes hold of business it maintains the same robust nature and safety standards we are used to, the same considerations need to be at play. The same guidelines need to be put in place, including:

1. Develop a strong defence strategy
Assess the enterprise infrastructure and identify where vulnerabilities lie and how infiltrations could occur. Look at servers, endpoint UC devices and the actual network. Your security strategy should already address these core areas, but launching into the field of UC only enhances the demand.

2. Secure your infrastructure
As UCaaS becomes a reality, your organisation needs to build a secure infrastructure. This includes all aspects of ‘locking down’ your organisation, from data regulations, to securing PCs and tablets to the phone network and the protection, integrity and confidentiality of calls.

3. Check the legal side
The platform that you deploy UC on might be stock standard or could be strategically developed for your organisation. In any scenario, you need to ensure that the platform complies with all relevant laws and regulations of your region.