Jan 062011
 

What happens to your employees, 1099 contractors, partners, work at home employees, travelling users, remote sites, in which you don’t back haul internet users through corporate? What happens if these users leave the company and want to access applications that you have in the Cloud? How do you deprovision them from all the different Cloud touchpoints that exist? I realize you have a solution for some of them, but what about ALL of them? In this video, I review a few options that you have.

The CIO is in charge of SIP – Security Identity and Privacy Strategy….right? Well, someone is. Someone is taking on the responsibility. CIOs may not get into the nitty gritty technical minutia or product selection, but my point is that Cloud Access Control and security is about architecture and design. And for the most part, the points that I am making ,most serious SSL VPN vendors support, so we don’t need to go down the product path here.

Security Architecture and design matter first, no matter how close you may be to the board level meetings that we all aspire to.

A directory based approach is critical and I will make this point here and in future TV spots. And yes, I would agree that federation is the best approach overall, but I would prefer to discuss what is real and practical today for 100 % of the CIOs and this is why I want to review SSLVPNs and the power this gives you for access control into Cloud Services. I would like to emphasize these are YOUR Cloud services with capital letters. How can you manage risk that the cloud represents with simple access control?

I want you to be in a position of control. We are giving up enough control via Social Media infiltration into the enterprise. We have our hands full, but let’s take one concern off the plate. When you push apps into the cloud you now need to know who and what people have access to various services outside of your directory.

Jan 032011
 

This is a real life example that happened to me and a CIO last week that illustrates Twitter and customer service at its best.
Two things are needed. 1) An internet connection and 2) Tweetdeck

If anyone doubts the power of the Twitter-Verse, think again. I was Tweeting with one of my Tweeps (@sonny_h) about his not-so-great experience at Best Buy over the holiday break. We both used the hashtag #bestbuy in our Tweets and guess what? Best Buy responded quickly in an effort to provide customer service and of course, to protect their brand. Please follow the Twitter chain below.
#bestbuy experience is completely shambolic now. Complete #fail. They just lost out on a $600 sale because no one would bother to talk to me
@sonny_h Let’s see if they are watching this hashtag to see if they respond #cio #bestbuy Wednesday, December 29, 2010 5:40:15 PM via TweetDeck in reply to sonny_h
@CIOesTV we do :) 5:46 PM Dec 29th via web in reply to CIOesTV
@sonny_h I am disappointed to hear this & apologize for the experience – which location was this? Wednesday, December 29, 2010 5:46:16 PM via web in reply to sonny_h
@Coral_BestBuy thanks for listening. This was at the bailey’s cross roads location in #arlingtonva 7:23 PM Dec 29th via Twitter for iPhone in reply to Coral_BestBuy

@CIOesTV just got a tweet from @coral_bestbuy. Good to see they are at least listening. Hope it helps improve the shortcomings. 7:24 PM Dec 29th via Twitter for iPhone in reply to CIOesTV

@sonny_h Thank you – which department were you shopping in? or are there any other details you can share for me when I address this? 7:25 PM Dec 29th via web in reply to sonny_h

@Coral_BestBuy appliances. No sales agent on site. After tracking down another agent was informed he’s on lunch. Waited 30 minutes. No luck 7:28 PM Dec 29th via Twitter for iPhone in reply to Coral_BestBuy

Jan 032011
 

Video thumbnail. Click to play

There are 3 important items for determining what your client integrity strategy is. So how does a CIO bring the complexity of the many options down to a smaller decision path? It is not what you think. In this video I explain how inspecting the users, devices, and AD all fit together.
1. USERS: There are so many types of users trying to access your environment; from business partners, consultants, employees who are allowed access externally and those who are not, kiosks, hotel, conferences.
2. DEVICES: That are allowed access are as varied as the people: Smartphones like Droids, iPhones, Blackberrys, etc.
3. AD: The core of your security strategy is the core and not the edge.
Enjoy the video. I invite your comments. Bill