Thursday, March 30, 2017

The BYOD Problem


Everyone wants their device of choice right there next to them 24/7.  To an employer, however, that smart device is nothing more than a dagger posed to rip apart every shred of corporate security. This reality of modern business was highlighted by the Information Security Community on LinkedIn through their 2016 Spotlight Report on “Bring Your Own Device” (BYOD). The key trends influencing enterprise BYOD and mobile security line up as follows:
  • Increased employee mobility (63%), satisfaction (56%) and productivity (55%) dominate as the top drivers of BYOD. These employee related drivers are considered more important than reduced costs (47%).
  • Security (39%) and employee privacy (12%) are the biggest inhibitors of BYOD adoption.
  • 20% of surveyed organizations have suffered a mobile security breach, primarily driven by malware and malicious WiFi.
  • Security threats to BYOD impose heavy burdens on organizations’ IT resources (35%) and help desk workloads (27%).
  • Despite increasing mobile security threats, data breaches and new regulations, only 30% of organizations are increasing security budgets for BYOD in the next 12 months and 37% have no plans to change their security budgets.

These trends clearly highlight the need for enhanced data and application security in enterprise mobility and cloud computing. They also reinforce the burden of securing data, applications, and devices that is being placed on the employer. Looking solely from the employer’s point of view, the report also summarized the mobility security concerns as follows:
  • 72% – Data leakage/loss
  • 56% – Unauthorized access to company data and systems
  • 54% – Downloading of unsafe apps or content
  • 52% – Malware
  • 50% – Lost or stolen devices
  • 49% – Vulnerability exploitation
  •  48% – Lack of control on endpoint security
  • 39% – Infrequent software updates
  • 38% – Compliance

These findings indicate that enterprise mobility is a very dangerous threat vector that can be ruinous to any business. Unmanaged or ungoverned use of devices can lead to loss of customers, loss of sales, and costly legal and financial fines. This truth led IBM to offer the following Ten Rules for BYOD:


1. Create your policy before procuring technology: To effectively use mobile device management (MDM) technology for employee owned devices Policy must precede technology. Also note that these policies will have broad corporate-wide implications for IT, HR, legal, and security.

2. Find the devices that are accessing corporate resources: Companies must completely understand the current landscape of mobile device usage. Doing this will require using a tool that can communicate continuously with your network environment and detect all connected devices connected.

3. BYOD Enrollment for employees should be simple: Complexity tends to breed non-compliance. To address this issue, the BYOD program should use technology that allows for a simple, low touch way for users to enroll. The process should also concurrently configure the newly enrolled device.

4. Configure your devices over-the-air: To optimize efficiency for both IT and business users, devices should be configured over-the-air. Policies to restrict access to certain applications should also be in-place.
5. Help your users help themselves: A robust self-service platform that lets users perform the following functions should be made available:

·         PIN and password resets
·         Geo-locate a lost device from a web portal
·         Remote wiping of sensitive corporate data
      
      6. Keep personal information private: A well-crafted BYOD program keeps personal employee data away from others. Communicate the privacy policy to employees and make it clear what data cannot collect from their mobile devices

      7. Keep personal information separate from corporate data: Corporate apps, documents, and other materials must be protected if the employee decides to leave the organization. Personal email, apps, and photos, however, should be left untouched.

      8. Manage data usage: The organization should be able to track in network and roaming data usage on devices, generating warnings should a user goes over their data usage or stipend limit.

      9. Continually monitor devices for noncompliance: Devices should be continuously monitored for certain scenarios, and automated policies should be in place. A few common issues are:
·         “Jailbreaking” or “rooting” a phone
·         Use of unapproved applications (like Angry Birds) that don’t rise to the level that requires an automatic wipe of the device
·         Providing a simple way to be alerted when a new OS is ready for installation and making it a self-service function.
      
      10. Enjoy the return on investment (ROI) from BYOD: Although BYOD shifts responsibility for purchasing devices to employees, it’s worth considering the big picture and long-term costs for your organization.

BYOD is now a corporate fact of life. If your environment includes traditional desktops and mobile devices, your organization may also need to consider working with a partner that has the specialized IT skills to migrate, integrate and maintain all types of IT network endpoints. IBM Mobile Virtualization Services should be considered as that partner in order to ease mobile user and application migration issues. Available services include:


This post was brought to you by IBM Global Technology Services. For more content like this, visit ITBizAdvisor.com.



Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2017)



Wednesday, March 15, 2017

Both Sides of Enterprise Mobility


Photo credit: Shutterstock

Enterprise mobility has become table stakes in the world of business.  The ability to access current information at any time, from anywhere, on any device has really become a cliché. The familiarity we all have with smartphones and wireless access, actually obscures the true difficulty of developing and executing an effective corporate mobile strategy.  This reality is driven by the fact that companies must actually have two mobile strategies.

The first face of mobility is an inside strategy focused on supporting employees and business partners. From this viewpoint, mobility becomes the central point of access and the management tool for corporate information and intelligence. The organizational goal here is to introduce context to business processes in order to offer viable options and drive better decisions. An additional benefit of this capability is to create frictionless interactions with partners, employees and customers.

The second face of mobility is that of providing support to a company’s customers. This is an outside facing strategy that recognizes that mobile should not serve as merely a communications channel. Mobility, in this context, is a touchpoint through which customers can quickly interact with your company in a convenient and seamless way. The goal here is to serve as a support facility to your customer’s journey which are a discreet set of interactions a customer has with a brand to accomplish a task. Understanding and addressing what may be different journeys for different customer sets, creates real value for companies.


The values proposition for each of these two mobility strategic faces differ between industries and marketplaces. What’s clear, however, is that the convergence of the consumer market and the enterprise market is highlighting the importance of addressing this as an operational requirements. In 2017, the major trends affecting both of these major challenges include:
  • An accelerate use of mobile applications, especially by small businesses;
  • Advancements in the use and exploitation of location based services;
  • More blatant blending of Augmented Reality (AR) and Utility Applications in ways that can boost customer engagement;
  • The introduction of Android Instant Apps that can be used without first going through the download process;
  • Broader use of Artificial Intelligence (AI) that is seamlessly embedded into digital interactions;
  • The growing popularity of Internet of Things (IoT) Apps that enable more robust connectivity to more devices and more customers; and
  • Heightened awareness of the importance of mobile security and the protection of personal information.
This demands the establishment of a mobile technology framework and strategy that aligns mobility efforts with business goals. This is where industry leaders like IBM can help your organization deal with both aspects. Their mobile expertise can help address both of these faces of mobility by offering:
  • Speedy deployment of integrate mobile applications, devices, systems and user support in a security-rich environment;
  • Enhanced business value through enhanced connections among your employees, customers and suppliers;
  • Cost effective mobility operations support that accelerate implementation through a more scalable and cost-effective mobile infrastructure; and
  • Solutions that are personalized to fit both your customers and employees.
Although dealing with the two-faced challenges of a mobility strategy can be daunting, modern organizations cannot afford to shy away from the challenge. Serving as trusted advisors IBM Mobile Infrastructure Consulting Services is designed to establish a technology framework with a strategy that aligns mobility efforts with your business goals.



This post was brought to you by IBM Global Technology Services. For more content like this, visit ITBizAdvisor.com.



Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2017)



Wednesday, March 8, 2017

Cloud Computing Forensics Readiness

Photo credit: Shuterstock

In today’s globally connected world, data security breaches are bound to occur. This, in turn, increases the importance of digital forensic readiness, or the ability to access and trust computer log data in the identification of a breach and the determination of what datasets may have been compromised. As organizations rapidly move into the cloud, the complexities of this multi-jurisdictional and multi-tenancy environment has made the importance of cloud forensics even more pronounced. This reality has also drastically heightened the legal risk associated with information technology operations. Cloud and digital forensics readiness are therefore critical to business disaster recovery, continuity of business services and cloud ecosystem management.

  • Reducing the cost of cyber investigations;
  • Quick determination of relevant attack vector;
  • Reduction in the cost for data disclosure;
  • Faster restoration from damage; and
  • Cyber insurance discounts.


Forensic readiness will also help your organization regain control after any sort of data breach. It will help limit the damage and costs from just about any digital incident. When forensics readiness is taken into account, post breach digital investigation often become simpler in that retrieval of digital evidence can occur without running into some of the better known challenges. Even more important is when forensics is part of the business continuity plan, digital evidence is actually acquired and stored before an incident occurs without interrupting business operations.




Cloud and digital forensics should be looked at across three separate dimensions: technical, organizational, and legal. The technical dimension is mainly focused onL
  • Forensics data collection;
  • Elastic, static and live forensics;
  • Evidence segregation;
  • Investigations in virtualized environments; and
  • Pro-active preparations.

The organization dimension is strongly influenced by the roles played by the relevant cloud service provider and the cloud service consumer. To establish a forensic capability, these organizations must define a staffing structure that fulfills the following critical roles:

  •  Investigators: Responsible for collaborative investigation allegations of misconduct in the Cloud and working with external assistance or law enforcement when needed.
  • IT Professionals: System, network, and security administrators, ethical hackers, cloud security architect, and technical support staff in the cloud organization.
  • Incident Handlers: The team that responds to a variety of specific security incidents, such as unauthorized data access, accidental data leakage and data loss, breach of tenant confidentiality, inappropriate system usage, malicious code infections, malicious insider attack, (distributed) denial of service attacks, etc.
  • Legal Advisors: Staff familiar with multi-jurisdiction and multi-tenant issues in the Cloud that will ensure that any forensic activities will not violate regulations under respective jurisdiction(s) or confidentialities of other tenant(s) sharing the same resource(s).
  •  External Assistance: Typically, it is wise for the cloud organizations to rely on a combination of its own staff and external parties to perform forensic tasks such as e-discovery, investigations on civil cases, investigations on external chain of dependencies. The responsibility of any external party should be determined in advance and made clear relevant policies, guidelines and agreements.

The legal dimension primarily revolves around multi-jurisdiction and multi-tenancy challenges and the terms of use as specified in the CSP Service Level Agreement (SLA). Specific topics that should always be addressed within the SLA include:
·         Service provided, techniques supported and access granted by the CSP to the customer regarding forensic investigation;
·         Trust boundaries, roles and responsibilities between the CSP and the cloud customer regarding forensic investigation;
·         How forensic investigations are secured in a multi-jurisdictional environment in terms of legal regulations, confidentiality of customer data, and privacy policies; and
·         How forensic investigations are secured in a multi-tenant environment in terms of legal regulations, confidentiality of customer data and privacy policies

Experts recommend a focus in three primary aspects:

  • Preparation: Create and maintain the conditions that enable you to respond timely and effectively to any digital incident.
  • Partnering: Forge relations with and external specialists and stakeholders when it comes to dealing with digital incidents before a crisis occurs.
  • Evolving: Periodically rehearse, evaluate and update your response plan.


Forensics is a core requirement of good organizational hygiene, alongside business continuity and disaster recovery and should always be specified in standard contract clauses. Businesses without forensic readiness planning and testing in place are just as negligent as those that fail to plan for business continuity or disaster recovery. By implementing and testing their forensic readiness, a business can prepare itself to be in a much better position when – not if – a security incident occurs.

This post was brought to you by IBM Global Technology Services. For more content like this, visit ITBizAdvisor.com



Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2016)



Monday, March 6, 2017

Quantum Computing Delivered From The Cloud

Photo credit: Shutterstock

IBM Cloud is now providing developers with the infrastructure and portal to a 5 qubit quantum computer. This equips them with the ability to build interfaces between classic computers and IBM’s quantum platform.

Quantum computers make direct use of quantum-mechanical phenomena, such as superposition and entanglement to perform operations on data. Quantum computers are different from binary digital electronic computers based on transistors. Whereas common digital computing requires that the data be encoded into binary digits (bits), each of which is always in one of two definite states (0 or 1), quantum computation uses quantum bits, which can be in superpositions of states.


IBM also announced today:
  • The release of a new API (Application Program Interface) for the IBM Quantum Experience that enables developers and programmers to begin building interfaces between its existing five quantum bit (qubit) cloud-based quantum computer and classical computers, without needing a deep background in quantum physics.
  • The release of an upgraded simulator on the IBM Quantum Experience that can model circuits with up to 20 qubits. In the first half of 2017, IBM plans to release a full SDK (Software Development Kit) on the IBM Quantum Experience for users to build simple quantum applications and software programs.
The IBM Quantum Experience enables anyone to connect to IBM’s quantum processor via the IBM Cloud, to run algorithms and experiments, work with the individual quantum bits, and explore tutorials and simulations around what might be possible with quantum computing. Since its launch less than a year ago, about 40,000 users have run over 275,000 experiments on the IBM Quantum Experience. It has become an enablement tool for scientists in over 100 countries and, to date, 15 third-party research papers have been posted to arXiv with five published in leading journals based on experiments run on the Quantum Experience.

The broad availability of quantum computing capability could prove to be a significant blow to current data encryption practices. In 2015 the US National Security Agency actually advised US agencies and businesses to prepare for a time when the cryptography protecting virtually all e-mail, medical and financial records, and online transactions would be rendered obsolete by quantum computing. The US National Institute for Standards and Technology (NIST) is also running a competition to spur work on post-quantum algorithms.

IBM intends to build IBM Q systems to expand the application domain of quantum computing. A key metric will be the power of a quantum computer expressed by the “Quantum Volume”, which includes the number of qubits, quality of quantum operations, qubit connectivity and parallelism. As a first step to increase Quantum Volume, IBM aims at constructing commercial IBM Q systems with ~50 qubits in the next few years to demonstrate capabilities beyond today’s classical systems, and plans to collaborate with key industry partners to develop applications that exploit the quantum speedup of the systems.

Future applications of quantum computing could include:
  • Drug and Materials Discovery: Untangling the complexity of molecular and chemical interactions leading to the discovery of new medicines and materials;
  • Supply Chain & Logistics: Finding the optimal path across global systems of systems for ultra-efficient logistics and supply chains, such as optimizing fleet operations for deliveries during the holiday season;
  • Financial Services: Finding new ways to model financial data and isolating key global risk factors to make better investments;
  • Artificial Intelligence: Making facets of artificial intelligence such as machine learning much more powerful when data sets can be too big such as searching images or video; or
  • Cloud Security: Making cloud computing more secure by using the laws of quantum physics to enhance private data safety.



This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud Network Partners or any other corporation or organization.




Cloud Musings
( Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2017)