Cloud

Cloud SecurityCloud security is often as nebulous a term as the word ‘cloud’ suggests! We look into its various meanings and identify where it can add value to channel partners’ propositions.

Cloud security is one of those terms that has morphed rapidly to mean several different things in a very short time. Result? Confusion, more often than not.

Are we talking about security solutions delivered to users from the cloud? Or security around applications that live in the cloud (like Office 365)? Or security that’s targeted at businesses that make use of public cloud services like AWS?

You see the challenge. But actually, each of these is a valid scenario and a saleable cloud security solution. Here’s more info.

1. Security services delivered from the cloud

Your SME customer has few or no IT specialists in the organisation, no money to hire them, and nowhere to store servers. Where do they turn?

To the cloud, of course. Security products are delivered to them via the internet, as a service.

They can typically choose to pay only for what they use, on a monthly ‘rental’ (managed service, or MSP) model, so there are no prohibitive upfront costs.

Their security partner (you!) monitors their networks from a centralised console, makes technical adjustments, and implements patches and upgrades, but the user can retain some control over their security settings if they wish.

But what kind of security solutions can be delivered in this way? Many.

Hosted email security, for example, works with most hosted and on-premise email systems to protect what is stilll the primary route into organisations for most forms of malware and spam.

More comprehensive business security services solutions and cloud security solutions designed specifically for MSPs provide wider protection to end-users, and also enable partners to sell into organisations who have some on-premise systems, but don’t wish to overburden them by adding security software into them.

In this scenario, end-users can run everything else on-premise, but get their security from the cloud!

2. Security for applications that live in the cloud

Solutions like Office 365 have revolutionised office processes, with powerful tools delivered to end-users’ desktops straight from the cloud.

But although the delivery mechanisms for these applications are secure, the content delivered by the applications can still contain threats that the application’s own in-built security can’t detect, as we explored in this cloud apps post a while ago.

Plugging these holes is still a big opportunity for resellers and other security channel partners – and the cloud app security solutions that can help them deliver this critical service are already ‘out there’.

3. Security for public cloud services

SaaS, IaaS, PaaS – businesses’ ability to build their entire proposition on a public cloud provider is no longer the preserve of large enterprises.

In fact, Forbes has ascribed the growth of AWS, for example, to their “Reaching out to all kinds of customers – startups, SMEs and big companies”.

It is this that has driven, in turn, a new kind of security need amongst end-users, as we explained not so long ago in this post - namely, the ability to spin up an AWS virtual server and know that server will immediately be protected by security software that has been specifically designed from the ground up for virtual environments.

We had a bit of fun defining these virtualised must-haves in this security opinion paper recently, but the message is deadly serious: if end-users are building a business on public cloud, and relying on virtual servers, security partners need to be able to reassure them that they can secure it!

Cloud security – evolving meanings, evolving opportunities

As the cloud billows ever more energetically within businesses’ operations, it drives the security agenda in many different directions at once. Cloud security is coming at us from many different angles, and is morphing into multiple meanings.

It’s a wise security partner who has got a handle on them all – and knows the security solutions that play strongest to each definition.

virtual-cloud

Bitdefender have announced that its GravityZone solution is now certified by VMWare and has achieved the VMware Ready status.

What this means?

Organisations can now enable agentless scanning on guest virtual machines via NSX introspection, which eliminates the overheads that can be seen when running a separate instance of the agent in each VM.  It also offers increased resilience against APT's which target the security solution.

Enterprise Customers now have access to a new and proactive approach for securing Datacenters and their Network Virtualisation environments.

From Kirsten Edwards, Director, Technology Alliance Partner Program, VMware

“We are pleased that the Bitdefender GravityZone qualifies for the VMware Ready™ logo, signifying to customers that it has met specific VMware interoperability standards and works effectively with VMware cloud infrastructure. This signifies to customers that GravityZone can be deployed in production environments with confidence and can speed time to value within customer environments,”

Harish Agastya, Vice President, Enterprise Solutions, Bitdefender

“Data centers are the heart of the digital economy, and security is paramount for data center operators across the world. The VMware Ready certification marks another step in our commitment to provide security that is easy to deploy and scale, and meets the unique requirements of today’s highly virtualized environments. Our award-winning security solution leverages NSX capabilities in the software-defined data center to provide automated deployment and orchestration of security services,”

About VMware Ready

vmware_readyVMware Ready is a cobranding benefit of the Technology Alliance Partner (TAP) program which makes it easy for customers to identify partner products which have been certified to work within the VMware Cloud infrastructure.  With thousands of members worldwide, TAP includes best of breed technology partners who bring the highest expertise and business solutions for each individual customer.

About Bitdefender GravityZone SVE

Bitdefender GravityZone SVE provide security for virtual machines, virtualised Datacenters and cloud instances, through the GravityZone On Premise console.

  • Best protection for Windows and Linux virtual machines: enabling real time scanning for file systems, processes, memory and registry
  • Best proven performance in datacenters: up to 20% performance improvement compared to traditional security vendors
  • Works on any virtualization platform: VMware, Citrix, Microsoft Hyper-V, KVM, Oracle, and others on demand
  • Agentless security for VMware NSX

 

Bitdefender have updated their GravityZone cloud console with some new features over the weekend and here at Blue Solutions we are happy to guide you through these changes and how they will affect you and your customers.

Anti-Ransomware

The big news is that Bitdefender has now incorporated Anti Ransomware vaccine to all its cloud customers, and will be rolling this out through the on-premise version on Tuesday 27th Sep 2016.  This module is activated through the policy section  Antimalware --> On Access settings

Gravityzone Ransomware Vaccine Policy Setting
Gravityzone Ransomware Vaccine Policy Setting

By activating this module, machines will be protected from all currently known forms of Ransomware.

Other New Features

Update Rings - this feature allows Administrators of the program to  chose when in the validation cycle an update is received.

Anti-Exploit Techniques - a new set of powerful techniques which further enhances existing technologies to fight targeted attacks.  These are integrated into the existing Advanced Threat Control module.

Web Access Control Rules - The categories list has been updated with multiple new categories added.

Exchange Protection - This can now be enabled/disabled when editing a customer with a monthly license subscription.

 

The above features are now in place for all current users of Bitdefender Gravityzone in the cloud and will be rolled out to Bitdefender Gravityzone on-premise users from the 27th Sep 2016.

For more details on the above features and a look at the other features included please click here

logo     bs-logo

cloud-application-controlWhat customers' employees do within web, cloud and social apps can be a significant threat to their business. We look at how they can limit the risks.

We recently took a look at vendors’ web security offerings, and came to the conclusion, in this post, that much of this risk landscape is being driven by employees and their ceaseless interactions with the raft of web, cloud and social media applications on which so many agile business processes now depend.

As this excellent piece in ITPro explains, it is now imperative for businesses to “understand exactly how data is moving in, around and out of your organisation”, and to provide the “visibility and the ability to discover, analyse and control the information staff are accessing or sharing.”

Whether businesses are updating marketing posts on Facebook, drilling down into Salesforce, uploading price lists to Dropbox, liking comments on Twitter, or using cloud data storage applications (as some 52% of small and medium-sized businesses in the US alone seem now to be doing, according to this Cloudwards article), the potential for both intentional and unintentional data compromise or reputational damage is high.

So how do security vendors tackle this end-user challenge, and create cloud application control solutions that MSPs and other partners can sell and provision to customers profitably?

 Cloud application control: the all-seeing-eye?

The first thing to say here is that cloud application security is not simply about automatically blocking malware, or filtering out clicks on risky URLs, or scanning for abusive language.

Rather, it is about being able to visualise and analyse all users’ application activity simultaneously and in one place, make informed human business risk decisions on it, and, where necessary, change parameters and automated settings to suit.

So, for example, why is a user uploading or deleting a profile image? Are they trying to hide their identity?

Why is someone removing a public link – was something there that should not have been exposed to public view in the first place? If so, how do you address the process failure that allowed such a link to then be posted?

Why is someone permanently deleting files from a recycle bin – are they trying to cover their tracks? For what reason?

With or without malicious intent, these are potentially damaging behaviours – but it takes a human eye to assess them, and that can only happen if all relevant information and alerts are assembled in one dashboard, where they are easy to interpret, at minimum management overhead.

Cloud application control consoles are therefore critical, enabling end-user and MSP alike to monitor and manage both users’ behaviours and the service that is being delivered.

Cloud app control – it’s not everywhere

Yet take a look at the “Treacherous 12” top cloud computing threats recently listed by the Cloud Security Alliance at the recent RSA Cybersecurity Conference, as reported in this Infoworld article, and it hardly paints a picture of a cloud application risk landscape that has been comprehensively tamed.

On the one hand, this presents a healthy sales opportunity for MSPs, who can deliver cloud application control solutions as an inroad into new clients.

But it also provides MSPs with a means of protecting themselves against the ever more litigious risks associated with other cloud applications that they already deliver to their customers.

To give just one rather urgent example, according to this TechTarget article some 75% of all cloud apps used in European enterprises are out of compliance with the new EU data protection regulations that are set to take effect in less than two years – and any MSP providing or provisioning them will be liable, as the incumbent “data processor”, for any security breaches sustained.

Overlaying cloud application control on these existing apps could help to significantly reduce many MSPs’ exposure to this kind of risk, or at least expel any ambiguity as to what is a breach occasioned by vulnerabilities in the application itself, and what is a breach caused by risky operator interaction with the cloud application environment.

Who sells cloud application control solutions?

Unsurprisingly, these factors (and others) have encouraged industry analysts to comment enthusiastically on the projected rise of cloud application-specific security solutions. Channel Pro, for example, has cited Gartner’s statement that, in 2016, 25% of enterprises will use a cloud access security broker.

But this presents something of a difficulty, given that there are actually so few vendors producing solutions in this space.

One player that has broken the mould, however, is CensorNet, and for good reason. It has developed a cloud app control solution that hits on all the critical MSP hot buttons at once – it is white-labelled to boost the MSP’s brand profile, can be up and running without infrastructure costs, is deployable in minutes, and offers stellar system performance and scalability thanks to its proxy-less architecture.

Yet one swallow does not a summer make. Can MSPs take cloud application control mainstream with so few vendors in the frame?

Put it this way, they’re going to let down a lot of customers if they don’t. Consider this: the average employee already accesses seven different web applications at work, but according to one recent article, 58% of respondents had no training in how to use those apps safely, 39% were unaware of the risks associated with them, and 44% hadn’t been trained in how to transfer and store corporate data securely.

Add to that the revelation, in the same article, that 23% of respondents have already experienced cloud data losses or breaches, and 20% have reported unauthorised access to their data or services, and the need for organisations to understand who is doing what in the cloud, to what, and why, is no longer a nice-to-have – it’s a critical imperative.

Over to you, MSPs...

Cloud App SecurityOffice 365, Google Drive, Sharepoint: businesses love them, but we ask if security vendors do enough to help partners address their known vulnerabilities – profitably!

In a recent post, we looked at the known security limitations of cloud-delivered applications like Office 365, Google Drive, Sharepoint, and others.

As we pointed out, identifying security weaknesses in these platforms and providing cloud app customers with solutions to them can prove profitable, according to industry commentators – but are security vendors even addressing this space in the first place, let alone in a way that enables vendors to make viable margins out of it?

Cloud application security: how big is the pie?

The first point we need to make here is that the potential market for these kind of security solutions is big and growing. Since 2011, as this Worldwide Cloud Applications Market Forecast 2015 – 2019 shows, the Cloud applications market has more than doubled, and now accounts for 20% of the overall enterprise applications space.

By 2019, Cloud applications subscription revenues could make up 35% of the total addressable market opportunity.

Captured amongst all that, of course, are the very applications businesses most want MSPs and other partners to provide – hosted email, file sharing, collaboration, and so on.

And these are the very applications that, whilst delivered in a secure manner, are not fully able to secure the content that passes through them, making them vulnerable to risks like advanced and hidden malware, ransomware, phishing attacks, leaking of sensitive data, file sharing on unauthorised devices, and remote user network breaches.

In short, there’s plenty of pie available – and cloud application security is potentially the utensil that enables MSPs and other partners to carve themselves a sizeable slice of it!

Delivering security for cloud apps: how hard can it be?

But the second point we have to consider is that cloud applications need security that is built expressly for cloud computing conditions – and existing security techniques fall down badly in this respect, resulting in few solutions that are fit for purpose.

Just take a look at traditional web monitoring, for example – it funnels traffic out of the cloud and into a separate service, adding significant latency that negatively impacts both performance and capacity.

Only if pre-cloud approaches are consigned to the dustbin, and direct cloud-to-cloud API integration is offered in its stead, can vendors play strongly in this space, and partners reap the benefits.

In this scenario, a literally instant cloud app security deployment is possible, requiring nothing more than the submission of administrator credentials for the apps in question.

Bundling, licensing, pricing – can partners make money out of cloud app security?

Quite apart from the fact that very few vendors are actually active in the cloud app security space in any serious way, my third point is as much to do with the partner model as it is with the scarcity of those offerings.

Even if solutions were plentiful, reselling them in a subscription or perpetual licensing model produces the same challenges that any other reseller in any other IT market encounters – high upfront subscription costs, unpredictable income, lack of flexibility to scale services up and down (and missing out on the additional revenue that such upscaling generates).

The risks of this approach are well documented - but then if so few vendors are in this space in the first place, how many of them do we think are in a position to offer the potentially more profitable MSP alternative?

Then there’s the question of how vendors actually incorporate cloud app security offerings into their overall security portfolio – or don’t! Currently, the view from the bridge here is that one prominent vendor is now bundling cloud app security within its existing security services, in a cloud-based MSP model, at no extra licensing charge – but other vendors haven’t even started to play catch-up on this.

In conclusion: cloud app security vendors could do better

There it is, then: cloud app security solutions are rarer than hen’s teeth!

They demand an instantly deployable, cloud-centric architecture that most security vendors simply haven’t applied to this space, a margin-rich partner model that the vast majority of vendors seem unready to offer, and a “business as usual” attitude to bundling that, for many vendors, seems too radical a string to add to their bow.

That massive cloud app pie is there for the securing – but, as it stands, most vendors aren’t even making a dent in the crust, still less serving up anything that profit-hungry partners would find a tasty proposition.

manage-backup-banner

Here’s the terrifying truth: according to industry analysts Gartner Group, in this recent article, only 35% of small and medium businesses have data backup in place for disaster recovery (DR) - and 70% of them do not believe that their backup and DR operations are well planned!

So that’s 65% of SMBs just waiting, apparently, for IT channel partners to sweep in with a convincing new backup or DR solution, and swathes more of them looking to the channel to help them either replace or improve the solutions they are already using.

Only it’s not quite that simple. Firstly, there is a fast-changing regulatory environment, which is outpacing many of the DR and backup solutions available.

Secondly, end-users are clamouring for unprecedented ease of use. Forget complex on-premise applications that suck up admin resource; in Gartner’s words, today’s business users want one simple data backup solution that meets all their RPO (Recovery Point Objective) and RTO (Recovery Time Objective) requirements.

A big ask?

Backup and recovery challenges: is MSP the panacea?

On the face of it, backup and DR services delivered in an MSP model would seem to be a great fit for these eager but choosy end-users.

Rapid to set up (often within an hour or two), easily scalable (so the service builds margin and profitability for the channel partner as it grows), the MSP approach also removes complexity from the mix, smoothly delivering viable alternatives to partners whose long-standing offerings have too limited a scope for their business today.

And as the MSP model is naturally compatible with the cloud, it helps get the thorny mechanics of backup and recovery off hard-pressed IT managers’ desks, slashing on-premise risk and admin overheads.

But beware - there are dizzyingly stringent forces at work in the background, potentially challenging many MSP backup and DR solutions’ licence to operate. EU data protection directives are now being reworked and will become regulations – that is, they will assume uniform force of law across the 28 signatory countries – by 2017.

Make no mistake, for MSPs and other service providers, these changes are a big deal. They make MSPs, as data processors, explicitly responsible for breaches in any data they have “touched.”.

Fines may be as high as €100m or 5% of global revenue (whichever is higher), in stark contrast to the current UK limit of £500,000!

 

Backup & DR: the MSP proof points

Clearly, the data regulators are upping the ante, so here’s how to ask questions that will help to identify the MSP backup and DR solutions that can be profitably delivered in this newly draconian environment - without engendering insane levels of legal and reputational risk!

1) Data centre - citadel or sitting duck? Firstly, Is the data all in one centre, or is it mirrored between different sites so that data can instantly fail over to another centre in the case of an outage? Is the data centre elsewhere in the EU, or in the UK, where it’s ultimately more manageable?

At the very least, the data centre should be ISO 27001-certified. But additionally, consider what physical security there is on site, and how long the generator fuel will keep the centre online in the event of a power failure.

(If all this seems like nitpicking, remember that €100 million fine for the consequences of getting it wrong…)

2) Speed, frequency, and data volume – Some 80% of businesses experience a shutdown if they can’t get to their data.

 Yet the fact is that, often, when backup software is tested against large, complex data sets that emulate those of a real-world production system, the time it takes for the backup to complete  - despite even the most ample computing, I/O and bandwidth resources – does not fit within the required backup window.

And that window is shrinking. Indeed, as Information Age recently put it, “with today’s expectation that services will be available around the clock, every day of the week and with an increasing data volume, the back-up window is constantly being squeezed… more than ever before.”

This raises another pertinent point. When uploading of data is not an option, due to bandwidth constraints, can large data sets be “seeded” to the solution provider instead? And will this attract extra fees that will eat into partners’ margins?

Likewise, does the solution make it possible for the partner or end-user to instantly access large amounts of data without the prior need to download it in its entirety? The most powerful MSP backup solutions use clever technology to eliminate this latter bottleneck.

3) Security – In a multi-tenant cloud MSP environment, global encryption keys and space-saving deduplication (each of which can be used to unlock customer-confidential data) should frighten partners and their end-users alike!

 Partners need to be sure that their solution providers’ offerings use both source-side and global deduplication. This makes the data tamper-proof by ensuring that each customer’s unique encryption key remains valid only for their own data set, whilst intelligently managing the shared data pool as it changes.

Finally, solution providers should use the latest, government-standard 256-bit AES GCM encryption technology, both for data in transit and at rest.

Settle for nothing less!

4) Cost, effort, and complexity – Managing hundreds of DR and backup end-users manually does not scale, invites security errors and, ultimately destroys margins. Partners need to quiz solution providers about whether they offer integrations that simplify customer and technical management, including remote monitoring (RMM) and “single pane of glass” operating consoles.

Likewise, when things do go wrong, where is the support coming from? Chasing it down across continents and timezones is stressful, time-consuming, and, therefore, expensive. Prefer a service provider that offers UK-based support, 24/7.

 

The size of the MSP backup/DR opportunity

So with regulations stricter, but end-user expectations higher, than ever before, is there still money to be made from managing the provision of a MSP backup and DR service?

The answer seems to be a resounding “Yes”! Analyst MarketsandMarkets, for example, predicts global growth in the DR service market from $1.42 billion last year to $11.92 billion by 2020, a compound annual growth rate of 52.9%.

But, like everything else in business, it’s about backing the right horse - so choose your tipster wisely.

Brian-A-Jackson1

On a weekly basis there are now articles regarding a big brand company which has been hacked, these usually relate to what data has been lost, how they are notifying those affected and what they are going to be doing to prevent this from happening again.

So how do you prevent it from happening in the first place?

From experience I can see that if a hacker wants to get details from somewhere they will take the easiest target, the ‘Low Hanging Fruit’ as they say, in ensuring your company has some basic security principles in place can help mitigate this.

So how do you ensure you are not the ‘Low Hanging Fruit’

Simple measures can be taken within your environment to help secure it. As a basic level you should be meeting the following guide - CyberEssentials Requirements

This sets out some advice regarding Firewalls, User access control, Passwords, Malware protection and Patch management.

Once you have met the standards given within this document you should be looking to increase the security standards within your organisation. The most effective we have found is the use of education, once educated your staff will be able to react to the threats quicker and reduce the risks to your company.

McAfee Security

It’s getting to that time of year when thoughts turn to peace and goodwill, and we look to reward those who have worked hard and the customers who have stayed loyal.

Which is why the big bag of coal that McAfee has dropped in your Christmas stocking this year is an especially nasty surprise. For you and your customers alike.

McAfee – the situation

Here’s the Christmas story, McAfee-style.

Firstly, you buy MX Logic to strengthen your digital security portfolio. Then, you get bought by Intel. Then Intel drops your name. Then Intel says that it’s working on a comprehensive new security package, and promptly puts McAfee’s SaaS email security into end-of-life.

It’s the gift that keeps on giving. Because although the announcement was originally reported at the end of October, we’ve since learnt that many other security offerings (like Nuvotera, Spam Soap, Spambrella, etc.) were white-labelling McAfee’s service, so end-of-life becomes a potentially huge issue for all of them – and the end-users they serve.


“What does this mean for me and for my customers?”

In January 2016, Intel Security will stop selling McAfee SaaS Endpoint and SaaS Email Protection and Archiving, with the majority of subscriptions and support ending in 2017.  As this table shows, some limited support will continue for certain subscriptions until 2021.

Now, Christmas hangovers don’t usually come this early in the month, but rest assured that the decision to discontinue McAfee SaaS products represents one ho-ho-ho-hell of a headache for partners.

They must now identify new solutions and then go through entire deployment and provisioning processes all over again - just so their customers can keep the endpoint and email security that they’ve previously enjoyed.

They have to factor in the time it takes to learn new technology and user interfaces (this includes both internal and customer training), how pricing models will be affected, and what support they need to give and receive.


A frenetic festive season for McAfee users

Needless to say, all this is a massive annoyance to end-user customers, too.

Apart from all the usual pain associated with sudden business and technology platform change, across potentially hundreds or thousands of users, email security often gives rise to complex requirements around archiving - as explained in guides like this one – through which Intel has now successfully driven a sleigh and reindeers.

While customers’ email archiving will continue until their subscriptions’ expiry dates, new emails will no longer be archived after the subscription has expired.

Additionally, customers will only have six months to import their archived emails into their new platform, and any emails that have not been moved at that point will be permanently deleted.


What should partners do next?

If there’s a cheering undertone to this seasonal lament, it’s this: SaaS is an enduringly and increasingly popular delivery model for email, security, and archiving, and is not going away anytime soon.

Add to this the fact that there are other vendors that can provide similar security solutions, and my advice to partners seeking new solutions providers boils down to these basic points:

  • Security pedigree: How long has the solution provider been in business?  Are they security-focused (i.e. how much of their business does security represent? Do they seem distracted by other revenue streams?)
  • Reputation: Who do they partner with (e.g. software distributors) and what level of respect do those partners have in the security space? What do their partners say about them publicly? Will they let you speak with partner references privately? If not, why not?
  • Support: Can you access live customer support whenever needed, provided by employees of that company? If the support expertise is coming from somewhere else, is that support provider trained and qualified? Where’s the proof (certification)?
  • Commitment to the Channel: Does the vendor offer good margins, friendly terms, competitive pricing? Do they have proven relationships with distributors and other partners who can add value through automated management tools, MSP options, dedicated account managers?

Wanting to move quickly to transition your customers to viable alternatives, don’t end up choosing alternative vendors who aren’t truly viable.

(That would be turkeys voting for Christmas.)


“So where do I point my McAfee customers now?”

As a specialist security software distributor who’s been working with some of the world’s biggest security names for over 15 years - and some very agile newer ones, too - I’m ideally placed to consider the choices that your customers can make.

I’m not going to tell you that any one vendor is now the definitive star on the top of the Christmas tree. (Intel has hastily named Proofpoint as a quick fix for McAfee customers, and to me it smacks of expediency, rather than suitability).

But consider this: if a security vendor’s business was born in the cloud, and has been established almost as long as my own, I regard it as being worth a look.

If it offers 24/7 support, is capable of securing much more than just email, and has innovative pricing plans that means savings can be passed on to the end-users, it’s worth a look.

If it protects more than 8.5 million mailboxes for over 47,000 corporate clients worldwide, but is still prepared to give you and your customers a free trial to try it out for yourselves, it’s worth a look.

So do you want to keep the present under wraps until Christmas? Or do you want to be the one to bear early gifts to all those desperate McAfee customers? It’s your call, but ripping off the paper is as easy as this.

And the Three Wise Men? That’ll be the first three partners who click on the link above…

blue and comptia bannerAre you attending CompTIA EMEA Member and Partner Conference 20th October 2015?

If you haven't yet registered to the Comptia event at 155 Bishopsgate London please go to  https://www.comptia.org/emea/home it would be great to see you there.

Blue Solutions was founded in 2000 with a clear mission: to enable IT channel partners to sell managed services software that would boost recurring revenues, strengthen margins, and clearly differentiate their offerings in a crowded market. As key vendor partners like AppRiver, Bitdefender, Censornet, DataFortress, Malwarebytes, Microsoft, Phish5, Redstor, Symantec, TrendMicro, and many others will testify, we’ve been succeeding at it ever since.

The bottom line of it is we enable our partners to build profitable, regular revenues, by delivering what their competitors can’t – compelling, diverse, scalable managed services, at low cost, that delight their end-users. So if you’re serious about growing your business, don’t miss this opportunity to expand your knowledge and to hear from our vendor and industry experts please feel free to book a time with Barry Atkinson, Emma Wale, Lee Walker or Israel Azumara to discuss Blue Solutions our vendors in more detail.

If you have queries please call 0118 9898 222 and request to speak to any of the names above regarding the event.

trend-micro

 

Originally published on the Trend Micro Blog

A recent Trend Micro report carried out by the Ponemon Institute uncovered an interesting new dynamic in the workplace. Increasing numbers of U.S. consumers are bringing wearable technology into the office.

This raises a difficult problem for enterprise IT managers keen on keeping IoT devices from swamping the workplace as the influx of BYOD devices did a few years ago. So what’s the best way to move forward?

Growth and risks

Let’s be clear, the use of IoT devices and wearables in the workplace is by no means soaring. According to our study – Privacy and Security in a Connected Life – just 25 percent of U.S. consumers said they even plan to use a fitness tracker. For Google Glass, this figure was an even lower 16 percent. Yet adoption is increasing, and as it does, these devices will inevitably find their way into the corporate world, just as the smartphone and tablet did before them. From smart watches to activity trackers and smart glasses, there’s a growing feeling that these devices can help our productivity and well-being. Given we spend the majority of our lives at work, it’s a no-brainer that employees will want to wear them in the office.

While they may support productivity, connected devices present risks for the IT department, especially those that could auto-sync corporate data, making them a potential target for hackers and thieves. Even data tracking the movements of mobile sales staff could tip off competitors about new leads. Many IT leaders will want to manage this risk by ensuring any workplace IoT devices are controlled with MDM, security tools and policies. However, according to our research, 50 percent of U.S. consumers do not believe their employer has the right to access personal data on their smart device, despite connecting to the corporate Wi-Fi.

Staff versus employer

This dilemma brings the usual arguments raised by BYOD, namely that sensitive corporate or customer data could be at risk if accessed or stored on an employee-owned device. Now if IT managers try to shackle devices with MDM or security tools, they could risk the wrath of users.

A recent court case highlights that such problems are no longer theoretical. A U.S. District Court in Texas heard the case of a staff member who sued his employer for loss under the Computer Fraud and Abuse Act. The former employee was forced to use his own iPhone for accessing customer emails at work since one was not provided. When he resigned, the company’s network administrator remotely wiped his phone, deleting not just work information, but also his personal data. In the end, the employer won, but it won’t be the last case of this kind as staff and their employers increasingly clash over BYOD.#
Best practice BYOD

So what can the under fire IT manager do to walk this fine line, protecting both enterprise data and staff expectations of personal privacy, while enabling staff productivity? Here are a few tips for starters:

  • If you haven’t already, classify enterprise data and perform a risk assessment to better understand what is at stake if it ends up in a competitor’s hands.
  • Find out how many personal smart devices are already being used at work.
  • Familiarize yourself with the operating systems, devices and security shortcomings of these devices.
  • Consider enforcing remote lock/wipe and password protection for all devices allowed to connect to the corporate network.
  • Utilize a ‘containerized’ security approach which keeps corporate and personal data separate on devices.
  • Apply policies so that the most sensitive corporate data is encrypted.
  • Assess any new IoT devices before they are allowed to connect to the network.