I don't disagree that security is a very important consideration, but many of the people who fear the cloud or BYOD because of security aren't doing all that hot with the security they should have control over today.
Implementing buzzwords *is* bad. Failing to properly evaluate and implement technologies that can help your business, because they are associated with buzzwords, is also bad. Look at the vast majority of security breaches that have taken place in the past 3 years, and the attack vectors are often the supposedly tried and true areas of the network. Just because the security of a technology is better understood, that doesn't mean that people are actually implementing it. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Tue, Apr 16, 2013 at 7:36 AM, <[email protected]> wrote: > Don't implement a buzzword. Implement technology that has been tried and > tested. Security is still a major concern with the cloud and with BYOD. > There are definite gotchas that haven't been realized yet, but security is > the most glaring concern that is getting glazed over. The Apple/Google > generation of technology has zombified people over privacy and security. We > are in dangerous waters, so tread carefully and cautiously. Don't implement > something just because a case study somewhere said it worked for someone > else. Remember, an organization may look similar to an organization in a > case study, but as we all know, every environment is different and requires > careful planning and testing. > > BYOD and the cloud will be a good fit for a lot of companies once the > issues get worked out. To me, it seems like a game of Jenga. As we move > tech from one place to another, its that one piece that will cause the > whole stack to come crashing down. > > Sent from Microsoft Surface Pro > > *From:* Webster > *Sent:* Tuesday, April 16, 2013 7:27 AM > > *To:* NT System Admin Issues > > > Most of the projects I work on are in the financial and healthcare > sectors. 100% of them are doing BYOD. These are some of the largest > companies in their respective industries. One healthcare related company > just bought 40,000 iPads for their sales force. Where I am now they have > 30,000 people using Citrix XenApp and are scaling up a XenDesktop project > to 11,000 users. They are supporting almost every kind of device > imaginable: iPhone, iPad, Androids, Surface, Mac OSX, Win7, etc. > > > > Brian Madden is a recognized name and thought leader in this space. But > as a thought leader, his goal is to make you think. Think about the ways > users are getting around IT (I see it daily at my current project), think > about how IT really does not and cannot control every device. > > > > Back when Brian was in the trenches doing designs and installs, he > designed and built some of the world’s largest TS/RDS/XenApp environments. > He does know his stuff. I think he is trying to stretch IT’s way of > thinking and can be considered more of a provocateur now. What we did in > IT 5 or 10 years ago may not work with today’s users and how they work and > or want or need to access company data. > > > > Just my $0.02US worth > > > > Carl Webster > > Consultant and Citrix Technology Professional > > http://www.CarlWebster.com <http://www.carlwebster.com/> > > > > > > *From:* Jon Harris [mailto:[email protected]] > *Sent:* Monday, April 15, 2013 9:46 PM > > *To:* NT System Admin Issues > *Subject:* RE: Some interesting thoughts about network security > > > > One of the things I saw in the article was part of his reasoning on this > was the BYOD movement. I know a lot of places are looking at this and some > have even gone for it but if it was a financial firm or a health care > provider I don't know if I would want to do business with them. BYOD just > opens too many cans of worms for me to feel comfortable with those firms > doing that. IF they were using something like VDI or Citrix like work > interface I would only be marginally comfortable. I don't see that > happening unless a company really looks at where the data is stored and the > risk of that data getting "lost" to parties unknown. From all that I am > seeing it is more management wanting to push the cost of the workers > hardware to the worker and little else is taken into account until they get > bit hard and are faced with lawsuits due to their lack of use of their > brains. > > Jon > > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: Some interesting thoughts about network security > Date: Tue, 16 Apr 2013 00:33:16 +0000 > > My thoughts: > > > > a) “One size fits all” solutions simply don’t fit most > organisations. Some e.g.: > > a. (e.g. “you support users connecting from home today”, so > obviously you can obviously scale to support the entire organisation doing > the same at work, or > > b. “give each user their own VLAN” – yeah, we’ll create 100,000 > VLANs – imagine maintaining the FWs, routers, and how much more complex > user provisioning and de-provisioning is going to be. What happens when > users move between buildings? Telcos can make this happen, but telcos are > in the networking business. > > b) Treating wireless users as “external” and then making them VPN in > isn’t new – that’s been the thinking for 20 years. It was “start of the > art” maybe in 2000, but it’s not now > > c) I know Microsoft was arguing for the “hard core” and “soft > shell” since circa 2006 or so – so even that’s now new. However I disagree > that there should be one boundary (around the data centre) and we ignore > everything else. Obviously Brian doesn’t understand how large organisations > (and I’m guessing other sizes as well – I don’t have that much experience) > work. Most banks (for example) are stuffed full of “knowledge workers” that > depend on data being on their client PCs. For example I’ve seen > reconciliations in a large institutional bank being run on over 2,000 excel > spreadsheets due to lack of straight through processing between diverse > systems. You can treat them as being “on the internet”, but that’s too > difficult to do in practise with granularity. If you make them VPN in, you > end up giving them wide-open access anyway. So why not just use 802.1x to > guard your physical (including WiFi) access? Surely 802.1x is easier and > cheaper to deploy than catering for 100,000+ VPN connections? > > > > This looks like just another “magic bullet” – simple solution to a complex > problem that only works in simple (i.e. small) environments. > > > > Cheers > > Ken > > > > *From:* James Rankin [mailto:[email protected] <[email protected]>] > > *Sent:* Monday, 15 April 2013 10:24 PM > *To:* NT System Admin Issues > *Subject:* Some interesting thoughts about network security > > > > > http://www.brianmadden.com/blogs/brianmadden/archive/2013/04/15/rethinking-network-security-all-your-on-premises-wifi-users-are-actually-quot-remote-quot-users.aspx > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
