Nov 152011
 

As I have been travelling and visiting various CIOs around the country I have been struck by the impact of mobile devices, primarily because 10 years ago I would have been laughed at by the CIOES group to suggest topics related to phones and smart computing devices. Right now I am seeing a thirst among CIOs to understand and navigate the vast confusion that mobility presents to an organization. The risks are too great to simply assign this to a tech to go research on their own. Mobility impacts corporate culture and is infiltrating from the top of the organization. A seemingly simple decision about allowing a tablet device like an iPad to access corporate resources triggers all sorts of questions.

I see fear as the underlying factor. The fear that corporate data will leak. The fear of buying products that do a little but not everything. The fear that the correct infrastructure platform needs to be chosen. Here are the choices that my CIOs are seeing: Android tablets and phones, ‘i’ products like iPhone and iPad, Symbian phones, Blackberry phones and playbook tablet, MAC laptops and Intel based laptops. Work at home PCs. Is the business giving you more people to chase down mobility security and manage non-Microsoft devices? What I have seen is that these waters can be navigated. Some of the following questions spawn the most vigorous and worthwhile debates that I have seen:

• What if you could stop caring about the end point and invest in DLP technologies to ensure your data and more importantly the correct data makes it to the endpoint?
• Are my remote users un-tethered or connected to persistent connections? What impact does this have on your decision making?
• What if you knew exactly who was entering your network?
• A strategy for Mobile Workspace Virtualization is needed. Untethered users are the bain of IT’s existence. How can you rein this in?
• What strategy for Mobile device backup is needed?
• What strategy for Firewalling outbound data is needed?
• How do you approach data at rest versus data that is moving? Enabling data at rest Data Loss Prevention is different than data in motion.
• Board packets can be accessed securely during meetings without needing to print out 5 inch thick board presentation packets.
• How can you turn iPads and tablet devices from consumption devices to devices that support creativity? What about being able to access Microsoft applications, and edit, share, and save documents on non-Microsoft operating systems?

Technologies that will be discussed in our upcoming educational session are:
SharePlus – to make SharePoint usable on tablets
Quick Office Pro to make Office docs usable on tablets
Code Green for DLP
Bluecoat Proxy SG – for DLP
MokaFive for Workspace Virtualization
VMWare Viewpoint – VDI
SonicWALL – Email Inspection and DLP Engine
ZIX – Email Encryption and DLP
Sonicwall NSA – SSL cracking

REGULAR AND NEW CIO EXECUTIVE SERIES MEMBERS ARE INVITED TO JOIN US ON DECEMBER 21st FOR AN IMPORTANT AND INTERESTING ROUNDTABLE DISCUSSION AND LUNCH. CHECK OUR EVENT REGISTRATION PAGE FOR THIS AND OTHER GREAT EVENTS!

Jul 012011
 

What is happening with smartphones, tablets, and other devices is that with having this equipment in the workplace, IT may now be required to provide access and support for the users.

It used to be that one could offer a Blackberry device and you’re done. Users are happy and you are safe and secure.  Now with proliferations of consumer devices like iPads, etc., offering only Blackberry as a solution is no longer an option.

A Whackamole situation is now emerging; where you attack the head that pops up with the mallet, hoping it will not reappear but it always does. How do you embrace these devices and have a security architecture and policy framework that accommodates these various devices?

Architecture decisions are at the core of this topic.  I really don’t care which Suite you chose (Vmware, Citrix, Microsoft, etc.) in the diagram below. What I do care about is can you answer and deploy your apps to BYOD gear in these 6 areas?

Also, can you confidently prove how you plan on granting access to your applications using various devices across your architecture?  You are responsible for granting ‘cross device access’.

How can ubiquitous access be granted with the fewest, fewest, simplest methods possible?  It all starts with architecture which you can see below.

Jan 282011
 

“There are no rules of architecture for a castle in the clouds.” ~G.K. Chesterton

I was reminded by this quote, as I compiled the best, best, best questions to ask regarding Intelligent Perimeters to follow Part 1, aren’t network perimeters of the future going to be the gateway to the Cloud? Look at the quote from G.K. Chesterton. Do you agree? From a security perspective, a CIO will need to understand even more clearly how security architecture and design integrate into building intelligent perimeters.

As I wrote the questions to part 2, I thought, “Oh no! More security information!” The quote from Eliot struck me as oddly correct. Use the information that you are gathering in these questions to feed the architecture. It is my intent to merge wisdom with knowledge.

“Where is the wisdom we have lost in knowledge?
Where is the knowledge we have lost in information?” ~
T.S. Eliot, Choruses from The Rock

11. (Numbers cont’d from Part 1)Do you have gateway protection at the network perimeter for?

  • Virus
  • Malware / Spyware
  • IPS
  • Content management?
    • Are you using the perimeter to enforce email policy for “outbound email hygene?
  • Anti-phishing

12. Is your mail relay?

  • In the Cloud
  • Internal Network
    • DMZ

13. Do you prefer your security systems?

  • Physical
  • Virtual appliances
  • Software on servers

14. Do you prefer appliance strategies or software with perimeter defenses?

15. Where do your organizational skills lie? Microsoft/ Linux/ Other?

16. Can the DMZ be replicated at the DR site? If not, what aspects of it are needed? How manual will it be?

17. What is the philosophy regarding a PC anti-spyware versus “in-line” approach to anti-spyware?

18. Do you outsource any aspects of perimeter defense (Firewalls, SPAM, AV, etc.)?

19. Is remote access remediation integrated into the help desk appropriately?

20. IDP/ IDS/ IPS – Are they deployed

  • Where? Inside the network? Outside the network?
  • Do you outsource these services?
  • Why? (Yes/No)
  • How are logging, monitoring, and forensics/reporting handled?

21. Centralized Management of security devices

  • Remote Sites Firewalls
  • VPN client end-points
  • SSL VPN clients