Consumerization | Bach Seat

Tag Archive for Consumerization

RB | April 16, 2013

Comments Off

Dropbox Adds AD for SSO

When people talk about the consumerization of IT, Dropbox is invariably part of the discussion. Dropbox, like Box, Google Drive, Microsoft SkyDrive, and others is a cloud-based storage system that enables users to sync and share files. This can and often is done without IT intervention, potentially putting sensitive data at risk or organizations out of compliance according to Debra Donston-Miller at InformationWeek.

Hoping to land some street cred with corporate IT, the consumer cloud file storage leader Dropbox, rolled out Dropbox for Teams, with security tweaks designed to give companies more control over what their users do with Dropbox, (which I covered here).

Now Dropbox has announced a rebranding, from “Dropbox for Teams” service to “Dropbox for Business” with an eye toward business and its IPO. So it is taking notice of existing enterprise authentication infrastructure to grow its customer base into authorized corporate use.

The InfofWeek article says Dropbox will now add single sign-on (SSO) capabilities to its Active Directory integration and is working with several partners to ease that integration. “Active Directory is really core to IT architectures, security and compliance strategies,” Kevin Egan, Dropbox VP of sales, told InformationWeek. “It lies at the heart of security, so we’re going to make it a lot easier for customers to plug into their existing Active Directory infrastructures, and leverage things like secure sign-on.”

Thomas “Tido” Carreiro, growth engineering lead for Dropbox, explained in an interview that the integration with Microsoft’s Active Directory will let companies use the work they have already done in setting security and authentication policy. This helps end-users and admins alike, he said. “It’s good for the end-user not to have another password to remember — they can just use what they’re familiar with”

Mr. Carriero also claims the new Dropbox for Business will be good for IT Pros. “Admins can set up security policies depending on the nature of the data being stored, and they can do things like set password requirements, reset passwords as often as they’d like, set up two-factor authentication, set up other kinds of authentication — whatever they have decided on for their business.”

According to Dropbox’s Egan and Carriero, the firm will provide SSO out of the box. Dropbox SSO uses the industry-standard Security Assertion Markup Language (SAML), so it will also integrate with any large identity provider companies are using or with companies’ own SAML-based federated authentication systems. DropBox SSO partners include Ping Identity, Okta, OneLogin, Centrify, and Symplified.

The author notes that Dropbox has some pretty stiff competition in the cloud-based storage space, including no less than Google (GOOG) Drive, SugarSync, Apple’s (AAPL) iCloud, Box,net, and Microsoft’s (MSFT) SkyDrive. But the SSO integration with Active Directory is an important step forward in making Dropbox a corporate tool, and not just a tool for consumers.

rb-

The producers of these consumer-targeted technologies need to recognize that for deals in tens of thousands of seats, firms like Dropbox, Box, and Evernote need to offer those of us charged with protecting the firm’s assets assurances about security, privacy, and integration with Microsoft Active Directory.

Despite that, Box Enterprise GM Whitney Bouck also told CITEworld, “The premise of Box is to make it super-easy to share, communicate, and collaborate … At its most open, there should be as few controls as possible.”

And then there are the security breaches. In 2011, Dropbox accidentally pushed a code update that introduced a bug into the company’s authentication mechanism, allowing third parties to log in to user accounts and access files. Last year, hacks at other Web sites allowed attackers to penetrate accounts used by Dropbox employees, including a document from which they may have been able to harvest email addresses. In August, those email addresses were apparently used to send Dropbox users spam.

Get 7GB of Free Cloud Storage from Microsoft (savings.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2013, Centrify, Cloud computing, Consumerization, Dropbox, GOOG, Google, Microsoft, MSFT, Okta, OneLogin, Ping Identity, SAML, Security Assertion Markup Language, Single sign-on, Symplified

RB | March 21, 2013

Comments Off

Tablet Info

Outside the office, workers turn to the tablet over the PC

Tablet computing is not overtaking smartphones or PCs in the enterprise, but they’re definitely carving a new business niche for themselves a survey conducted by cloud content management firm Alfresco shows. According to the data cited by GigaOM, tablets have replaced the PC as the go-to workstation for working at home and on the road.

The Alfresco study found that staff is using tablets:

48% of enterprise employees are using tablets after hours at home,
55% of respondents use tablets at business meetings (vs. 24% using PCs),
50% are turning first to slates at conferences, compared to 13% using their laptops.

Alfresco reported that employees prefer the smartphone at more informal business functions

57% using them at business lunches and
51% using them in coffee shops.

But the tablet is also starting to become commonplace even in those more casual settings: 34% of respondents said they would haul out their slate at a lunch meeting, while 43% would do the same in a coffee shop.

The Alfresco data indicates that the 3-screen reality is coming true. Tablets aren’t replacing either smartphones or laptops, but are instead creating a new space in-between. The vendor says it’s pretty clear that laptops are increasingly tethered to the desk or cube, while tablets are the tool of choice on the go.

RB- This has huge implications on the support side of the equations

Incorporating Tablets into Enterprise Security

Enterprise information security hasn’t caught up with the consumerization of IT according to Lenny Zeltser in a recent article on the Lenny Zeltser on Information Security blog. The author states that the urgency with which organizations need to account for consumerization is driven by modern mobile devices such as Apple iPhones and iPads.

Enterprises are coming to terms with the idea of employees connecting to the corporate network over a VPN. Be it from personal laptops and home workstations according to the article. However, most organizations haven’t looked at the effect that the proliferation of powerful mobile devices has on enterprise security architecture.

Mobile devices sometimes have VPN-like access to the corporate network. In most cases have access to the company’s email contents, calendar, and address book. The devices are as powerful as laptops were just a few years ago. Yet, their operating system’s security has not benefited from the test of time. Tablets and mobile devices lack most of the security controls we’d expect to find in a “legacy” workstation OS.

Mr. Zeltser argues we need to understand how to model the threat vectors related to mobile devices and how to adjust the security of the enterprise architecture accordingly. The measures will probably involve:

Greater segmentation of the company’s network,
Treating any device that users interact with, whether it’s a desktop or a mobile phone, as an untrusted node,
Standards and tools to lock down the configuration of mobile devices,
Practices and technologies for managing vulnerabilities in applications and the OS of mobile devices,
Incident response plans that incorporate both “legacy” IT infrastructure assets and mobile devices.

BYO tablet? Three ways business is getting it all wrong

Silicon.com had an article describing Three ways businesses are getting BYOD all wrong. The author claims the days of the standard work-issued laptop are numbered as businesses let staff use their own computers and gadgets in the workplace.

However, in the rush to adopt bring-your-own tech, businesses are placing too many restrictions on how personal devices can be used at work according to Anthony Vigneron, collaboration services global manager at global law firm Clifford Chance. He estimates that about 10 percent of firms’ 7,000 staff share the same device at home and work.

Mr. Vigneron described for silicon.com three ways businesses get it wrong when it comes to letting staff use personal devices at work.

Use sandboxing

Businesses are often advised to provide personal devices with secure access to corporate systems using sandboxed virtual machines. Sand-boxed machines allow remote access to corporate info via a virtual desktop that is run from the business’ data center.

He says it is better to let users access corporate data and apps from their device’s own OS. “Trying to deliver applications within a sandbox is not what users want. That’s not consumerization, that’s just another way of providing the same apps on different hardware,” he said.

“People want to use the native applications. They don’t want to have to log in through some other system.” He concludes “The business should be able to control some of the applications staff use but you don’t want all those things inside another application.”

Give them a choice

Mr. Vigneron argues that the line where work life ends and private life begins is becoming increasingly blurred. So it doesn’t make sense to treat them as two separate entities. By not allowing workers to merge their work and home calendars, contacts, and emails, businesses are imposing an artificial distinction on their staff. He explains, “You do want some separation … People want the choice of being able to work with the same interface.”

Costs matter

Letting staff use their personal smartphone while working may seem like a good idea. However, employees might be in for an unpleasant shock when they get their phone bill. Mr. Vigneron said “For companies to allow for consumerization, the price has to get to an equivalent of what we can get as a corporate. They’re not doing that at the moment.”

U.S. Tablet Ownership Doubled this Year (cio-today.com)
10 steps for writing a secure BYOD policy (zdnet.com)
Marc Andreessen: BYOD Isn’t Going Anywhere (ceo.com)

Category: Tablet computing | Tags: 2013, BYOD, Consumerization, Information security, iPad, iPhone, Laptop, Personal computer, Post PC era, Tablet computer, Virtual Machine, Virtual private network

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Bach Seat