Friday, June 10th, 2011
Jim Underwood, Chief Architect
I should correct something from my earlier post. I said sandboxing had come to iOS.
Some of you probably noticed that the subject of the sentence was Lion. And that is indeed the case – Lion has landed squarely in the sandbox.
Apple is dead serious about this business of protecting you from unruly or compromised apps. Beginning in November, if you want to distribute Mac apps on the App Store, they must be “sandboxed” and Apple has brought the concepts from iOS to OSX land.
This has undoubtedly done a lot to fuel the rampant speculation that OSX is soon for the scrap heap to be replaced by virtually weightless MacBooks with the A5 processor and a flash drive. Hmmm, sounds a lot like a …. Well the gent that did the presentation on the sandboxing technology did a great job advancing the vision and I came away impressed if still a bit skeptical.
Anyway, Apple would like you to break your big old monolithic app up into bits that (1) interface with the web, (2) process data locally and (3) read or write data from files outside the app’s “container”. To do that they announced a new set of technologies that “just work” of course but sound a lot like COM to me. Yikes. Well we’ll have to wait and see. A good thing we are not on the App Store with OM for Mac.
But a good sandboxing might make for a strong customer story, e.g. “iPass enthusiastically embraces Apple drive for App security”, etc. Sign me up. Still, I noticed that Apple had done a middle of the road compromise in the “entitlement” approach to security that certainly makes it easier for developers to characterize their apps but remains a simplified, and therefore less specific technology than the more fine-grained Android privilege profile approach.
But middle of the road may be good enough – I read that iOS +AppStore is now widely regarded as the most secure OS/App integrity technology on the planet. And that ladies and gentlemen is not just from the Steve’s mouth.
More on sandboxing at WWDC >>
Tuesday, March 22nd, 2011
Karen Ambrose Hickey, Editor
Our webcast with GigaOM Pro, “Examining the Post-PC Era: How Will Work and Enterprise IT Change in the New Era of Mobility” had valuable insights for Enterprise IT based on mobility and device trends. The Q&A was very interactive, covering many issues. Here’s the replay, slides and report, along with key takeaways:
- Cost shifting is moving to employees. When connectivity became used for personal and business, it became less clear who pays.
- Tolerance has decreased; device variability increased. Make it easy for the user.
- The first person coming to IT with an iPad2 will be a C-level exec.
- The iPad had less problems getting accepted because there was no incumbent. The iPhone had to displace the entrenched Blackberry.
More tidbits:
- IT needs to stay a step ahead and understand these devices
- CIOs need adaptability and a natural curiosity about ways to change the business
- Consistent with our Mobile Workforce Report, polls during the webcast showed that most respondents had between 2-3 devices for work and if they could only pick one device, first was a smartphone, followed by tablet
Download the slides
Download the Mobile Workforce Report
How work and enterprise IT will change in the new mobility era (Replay) >>
Tuesday, February 8th, 2011
Chris Witeck, Director Product Marketing
Yesterday, I talked about types of enterprise security and disruption due to remote access – using consumer-liable devices.
Now we come to the latest disruption, which is actually two disruptions I am merging into one. First is the surge of mobile devices. When I mentioned in the last disruption of the consumer-liable device, for the most part I was talking about a user’s home laptop or PC. So while it was not a device that matched a standard IT image, chances are there were plenty of similarities to that standard IT image.
Now, IT is faced with requests to allow access to numerous types of smartphones and tablets along with laptops and PCs. We’ve talked about the productivity benefits for allowing this type of access, and I don’t think that is in question. However, this is a pretty significant security disruption as organizations see the challenges of trying to centrally manage access when many of the edge security solutions have not kept up – firewalls and VPNs that don’t support the plethora of devices out there; meaning that IT is faced with the choice of blocking access from unfamiliar devices, or allowing access with less visibility than they are accustomed to.
Now, the second part of my two-part disruption: the applications themselves moving from the LAN to the cloud. While the cloud offers tremendous benefits in how organizations efficiently manage applications and costs, it does become a security disruption. Traditional edge devices can’t manage access when both the access point and the application themselves never send their traffic through the edge. Combine this with the fact that organizations are replacing LAN-based applications with centrally-managed access with multiple, cloud-based applications with individually-managed access. That can add complexity in how access is secured and managed, even while reducing complexity and costs in the organization’s IT infrastructure.
So what is an IT organization to do? Clamp down and restrict access?
That is really not an option to remain competitive today, most organizations are embracing the cloud; embracing mobile devices. However, is it efficient to embrace this new paradigm by trusting that these new devices are more secure, and trusting all of the different cloud-based applications themselves are secure? Going from managing access centrally to managing access by device type and application? Are we trading efficiency in managing our data centers to inefficiency in managing security? That is the question.
While I do think devices themselves are inherently more secure, and that the cloud offers certain standards in how you can manage the security of the connection, I do think we are facing a new wave of secure authorization that is not set in stone. Until then, what do you do? I think the best thing to do is ride the wave the best you can.
Train and trust your employees. Shift the control point to the Internet. While embracing all of the different types of devices, ensure those devices have a common base level for security; things like a common authentication format, data encryption, data wipe capabilities. Make sure that by embracing the cloud you are not weakening security. Many cloud applications allow methods to integrate with your authentication standard, so your employees are not faced with managing different password policies across all of the different cloud based applications.
That being said, this is easier said than done. I’d argue that most people reading this probably agree there are good ideas here, but have yet to implement many and have probably implemented a piece here and a piece there. There is still a lot of complexity. I think that complexity will breed innovation that we’ve started to see in pieces, but not in its entirety. I do think iPass has a role here, especially as we help manage access at the device and communication layer.
Ultimately, I think security will be similar to what we’ve always seen. Security managed at the application, edge and device with much of it centrally managed at the edge. It’s just that each of these three components in the future will look a lot different than they did 10 years ago.
Let me know what YOU think.
Security gets a makeover (part 2) >>
Monday, February 7th, 2011
Chris Witeck, Director Product Marketing
One of the trends we are talking about at iPass is the concept that “Security Gets a Makeover.” Are you embracing this trend or is it still in the clouds?
This trend portends that organizations will fundamentally change how they provide security due to the fact that there are:
1) More users working remotely,
2) More devices being used for access and
3) More applications moving beyond the traditional network perimeter.
The concept should not come as a surprise for most people. What’s probably unsettled is: What will an Enterprise’s security strategy look like going forward?
I’m sure that some people have ideas, but I don’t think that there is a dominant strategy that has emerged. The winds of change are pretty disruptive right now when it comes to Enterprise Mobility and I don’t think that it will settle down in the near future. However, we can always be free to speculate what we think things will look like. Before I offer an opinion on what I think security will look like going forward, let’s take a look back at how enterprise security has evolved since the Internet first really disrupted enterprise security.
I’ve heard Gartner refer to enterprise security categorized as follows: Security at the Device, Security at the Edge, and Security at the Application. A true Defense in Depth security strategy would include elements of all three. That make sense, but I think over the last 10 years most organizations have centered their security strategy at the edge.
Why is that? When the Internet provided the first major remote access disruption, allowing people to work beyond the traditionally LAN boundary for the first time, organizations had a choice of managing access across all of the disparate applications that they manage, or centrally at the edge. With this we saw a new class of edge gateways that allowed organizations to manage security from a single set of edge devices for all applications on the LAN.
This grew complicated with the next remote access disruption: as more and more people started to work remotely, IT started to see access requests beyond the centrally-managed IT managed devices as people started to work from consumer liable devices. That definitely started to promote complexity on how to manage security at the device layer, as there was no longer a single IT-managed device requesting access, so the edge gateway devices evolved to incorporate access from non-IT-managed devices.
You still had elements of security managed at the application, especially as applications started to adopt methods for accessing via the Web (like Outlook Web Access), but much of the permissions for how to access information and work remotely was still done at some sort of edge gateway device. Devices that controlled access at the edge increasingly evolved to authorize access not only based on the user’s credentials, but on the type of device used for access.
Next up: Further disruptions with the rise of smartphones and how IT can embrace the cloud, while not weakening security.
Security Gets a Makeover (part one) >>
