Sudah Saatnya Perusahaan Mengkaji Kembali Kebutuhan Sistem IT Agar Mampu Mengatasi Tantangan Bisnis Di Masa Depan
Please find the English language post from which this was adapted here. Pesatnya perkembangan teknologi digital di Indonesia saat ini, membuat pola konsumsi berubah-ubah; baik di level konsumen maupun enterprise. Perubahan ini berpengaruh besar terhadap bagaimana para eksekutif perusahaan mengkaji kebutuhan teknologi perusahaan mereka, karena kini untuk bisa mengakses informasi dari perangkat apapun, kapanpun, dan di manapun sudah menjadi kebutuhan yang semakin meningkat. Kebutuhan ini menimbulkan tantangan bagi perusahaan untuk mampu menyediakan lebih banyak layanan kepada karyawan dan konsumen mereka, dalam batasan infrastruktur yang sudah ada, ditambah lagi dengan budget anggaran belanja IT yang kian menyusut dari tahun-ke-tahun, namun tanpa mengorbankan keamanan dan kinerja sistem IT perusahaan. Tantangan lainnya yang juga dihadapi perusahaan adalah semakin berkurangnya anggaran IT, yang dikarenakan keputusan belanja IT tidak lagi berada di tangan pimpinan divisi IT melainkan di tangan pimpinan divisi bisnis. Hal ini lumrah dilakukan karena perusahaan mencari berbagai cara untuk meningkatkan daya saing mereka dalam menghadapi pasar bebas dan salah satu cara yang paling mudah dilakukan adalah efisiensi biaya. Agar perusahaan mampu menjaga efisensi biaya namun tetap dapat menyediakan berbagai inovasi ke pasar serta meningkatkan layanannya, maka perusahaan membutuhkan solusi yang memungkinkan mereka untuk menerapkan berbagai teknologi yang penting bagi perusahaan melalui software. Solusi ini merubah model pembelanjaan anggaran dari CapEx (biaya investasi) menjadi OpEx (biaya operasional), karena itu, di masa depan, IT akan dianggap sebagai utilitas. Keuntungan bagi perusahaan adalah mereka mendapatkan fleksibilitas untuk bisa mengembangkan layanan IT mereka, hanya dengan menambahkan software yang dibutuhkan ke dalam server tanpa perlu menanamkan investasi berupa hardware; bayangkan penghematan anggaran yang bisa dilakukan oleh perusahaan! Pada akhirnya layanan-layanan on-demand yang didapat model lisensi software akan banyak digunakan oleh perusahaan, karena mereka dapat menyediakan berbagai layanan dengan cepat tanpa harus mengeluarkan biaya investasi yang besar di awal. Dengan model lisensi, para eksekutif perusahaan akan mampu meningkatkan (atau menurunkan) skala layanan mereka kapanpun dibutuhkan dengan mudah dan biaya yang efektif. Tren lainnya, yang juga mendorong perkembangan teknologi enterprise, adalah tingkat adopsi smartphone, tablet, dan PC portabel yang bertumbuh dengan pesat, serta kemunculan teknologi-teknologi ‘baru’ sepeti teknologi sosial dan Internet of Things. Khususnya untuk smartphone, saat ini banyak smartphone murah yang harganya sekitar 500 ribu rupiah, dan harga ini akan mampu menjangkau lebih banyak konsumen di Indonesia. Memang tidak dapat dihindari lagi, perusahaan perlu mempertimbangkan berbagai cara yang lebih cerdas untuk mengakomodir dan melayani pelanggan dan karyawan mereka kapanpun dan di manapun secara online. Salah satu kebutuhan yang semakin meningkat di kalangan karyawan adalah BYOD, karena itu perusahaan harus siap mengamankan akses kedalam layanan perusahaan yang dilakukan dari berbagai macam perangkat, milik perusahaan maupun pribadi. Tren ini tentu saja tidak lepas dari ancaman keamanan, dimana serangan cyber menjadi semakin canggih dan masif, karena itu keamanan perlu menjadi prioritas bagi sebuah perusahaan. Pada akhirnya baik itu untuk keamanan, mobilitas, kinerja ataupun memastikan ketersediaan aplikasi untuk diakses, perusahaan harus mampu menyelaraskan infrastruktur IT mereka dengan permintaan atau kebutuhan pengguna (pelanggan dan karyawan) yang berubah dari waktu-ke-waktu. Perubahan yang dapat terlihat saat ini adalah kebutuhan Generasi Y dan Generasi Z, di mana lingkungan sosial menjadi hal yang penting bagi mereka. Kedua generasi ini mengaburkan batasan antara aplikasi yang digunakan untuk pribadi dengan aplikasi yang digunakan untuk operasional kantor; seperti contoh mereka menggunakan perangkat pribadi untuk mengakses email perusahaan atau menyimpan data-data perusahaan di cloud publik karena alasan kemudahan akses, dan di perangkat yang sama mereka juga melakukan banyak aktifitas pribadi seperti menjelajahi internet, chatting, hingga beraktifitas di sosial media. Berbagai ancaman bisa saja muncul karena ‘perilaku’ ini; seperti serangan malware hingga kebocoran data, karena itu mau tidak mau para eksekutif perusahaan juga perlu mengatur elemen-elemen sosial di perusahaan mereka. Mereka (para eksekutif perusahaan) perlu mulai berpikir tentang bagaimana menerapkan kebijakan dan infrastruktur yang mampu mengakomodir kebutuhan karyawan-karyawan generasi baru, agar menjadi tetap kompetitif di pasar. Terlepas dari perangkat yang digunakan karyawan mengakses data-data perusahaan melalui sebuah aplikasi, mereka berharap bisa mengakses apliaksi dan data perusahaan dengan kinerja yang sama atau bahkan lebih baik dari yang mereka dapatkan ketika menggunakan dekstop PC. Untuk memenuhi kebutuhan tersebut, perusahaan perlu memiliki infrastruktur backend yang mampu membantu mereka untuk mengirimkan berbagai konten yang terdapat banyak gambar, mampu mengatur prioritas dari trafik untuk mengatasi latensi jaringan mobile, dan menawarkan visibilitas ke dalam kinerja sebuah aplikasi. Seperti yang sudah disebutkan, ancaman keamanan di dunia saat ini telah berkembang menjadi semakin rumit, canggih dan masif, dari berbagai sumber di berbagai perangkat, yang membuat sistem keamanan tradisional tidak lagi mampu menghadapi gempuran dari penjahat cyber. Akibatnya, sistem keamanan tradisional akan semakin tergerus dengan sistem keamanan IT yang multi-fungsi. Konvergensi ini juga akan terjadi di dalam konteks kinerja sistem IT perusahaan, karena bisnis akan menuntut perusahaan untuk dapat menyediakan pengalaman pelanggan yang memuaskan di berbagai perangkat. Salah solusi yang dapat memberikan perusahaan adalah solusi Application Delivery Controller (ADC), seperti yang ditawarkan oleh F5 Networks. Solusi ADC memungkinkan perusahaan untuk meningkatkan tingkat ketersediaan akses ke aplikasi di dalam sebuah jaringan. Selain meningkatkan ketersediaan, solusi ADC juga mampu meningkatkan kinerja aplikasi dan jaringan perusahaan dengan sumber daya yang lebih sedikit dan efektif. Tidak luput, solusi ini juga mampu mengamankan trafik yang ingin mengakses aplikasi dan data sekaligus mengamankan aplikasi tersebut.Protecting against mobile and web security threats
Estimates indicate that 37.3 million Internet users worldwide experienced phishing attacks from May 1, 2012 to April 30, 2013 and 1 million U.S. computers were infected with banking malware in 2013. Security threats to organisations Organisations with public-facing web services — particularly banks and financial institutions, e-commerce companies, and social media sites — are increasingly vulnerable to malware and phishing attacks designed to steal identity, data, and money. Organisations are also facing an escalated vulnerability to web-based malware, which has arisen with the increased use of the corporate network to access web- and cloud-based tools, SaaS applications and social media sites. Both have been the cause of innumerable security breaches in recent history with organisations of all sizes. The recent Heartbleed attack exposed all businesses that were running vulnerable versionsof the OpenSSL protocol. A closer look at the reported attacks on organisations such as Apple Daily and Paypal explains the consequences and sophistication of these attacks. A distributed denial-of-service (DDoS) attack launched on the Apple Daily site saw 40 million enquiries being sent to the site every second, blocking the site’s daily readers for hours. In the case of Paypal, a sophisticated phishing attack was launched after hackers saw redirection vulnerability in the wake of the Heartbleed bug. Even though Paypal had switched to a new SSL certificate, it had not revoked the compromised pre-Heartbleed one. Other high profile attacks, such as the Adobe data breach, attack by The Messiah in Singapore, the recent multi-layer distributed DDoS attacks, SQL injection vulnerabilities, and JSON payload violations in AJAX widgets, pose increasing risks to interactive web applications, data, and the business. Organisations will find themselves, the consumers and employees at risk if they don’t adequately protect their networks, applications, and data. Therefore, these days, a key business challenge is to ensure: firstly, data protection and safety of customers while maintaining an unchanged user experience across web-based and mobile platforms, and secondly, the protection against websites laden with malware that threaten to infect the organisation’s network. Multiple consequences may arise if the necessary precautions are not taken. Asset loss Many organisations have lost assets amounting to millions of dollars per year. Some banks, which tried to push these costs onto customers, not only suffered financial losses but also public backlash. Repeated breaches have also led to retail brands losing customer confidence in online banking and e-commerce. Overworked anti-fraud teams The sheer volume of data and security breaches have also led to in-house anti-fraud teams to become increasingly overwhelmed trying to find a root cause. Most have adopted or are considering the adoption of a multi-layered strategy of deploying multiple technologies in order to plug the gaps. Infection from web-based threats Should malware get an opportunity to sneak in and infect systems the network, sensitive data and company trade secrets may be at risk. How can F5 help? F5’s Web Fraud Protection and Secure Web Gateway (SWG) solutions provide both the breadth and depth of coverage organisations need to gain a full defense against malware, phishing attacks, and asset loss due to fraud. Edwin Seo, Regional Security Architect, APJ, at F5 Networks says, “Sophisticated attacks like these increasingly cause serious disruptions for organisations. F5 is one of the few security companies worldwide that can offer a broad range of security solutions. This range of solutions provide holistic protection for today’s organisations ranging from security against fraud, web-based malware, DDoS attacks and other threats via web applications.” F5’s Web Fraud Protection reference architecture comprises F5 MobileSafe™ and F5 WebSafe™. While MobileSafe provides fraud protection for mobile devices and applications, WebSafe enables enterprises to protect their customers from online-based threats such as credentials theft, automated fraudulent transactions, and phishing attacks. This solution is distinct from competitors’ offerings because it is a clientless solution that can transparently inspect the endpoint, detect malware activity, and provide protection from it. It also features year round support provided by F5’s Security Operations Center (SOC). The SOC monitors attacks in real time, notifies customers of threats, and if necessary, can shut down phishing sites. F5’s SWG helps organisations in the region defend themselves against potential malware encountered by their employees as they access websites, web-based applications, SaaS applications and social media platforms. F5 Secure Web Gateway Services ensures employees access the Internet in ways that enhance their productivity and, at the same time, protects the enterprise from potential liability and web-based threats.
Evaluating Your Tech Needs
In our increasingly digitised world, consumption habits are changing – both at a consumer and enterprise level – which in turn will significantly impact the way the C-Suite assesses their company’s technology needs. Consumers and employees are demanding access to information from any device, anywhere, at any time. This places additional pressure on existing technology infrastructure to essentially deliver more with shrinking IT budgets, without compromising security or performance. What’s more, as businesses continue to recover in the aftermath of the Global Financial Crisis, many are still dealing with cutbacks in IT investment and a shift in purchasing decision makers from the IT manager to business division heads, and the C-suite. With the increasing ability to implement critical technology services via software, businesses will demand the flexibility to grow based on their requirements, simply by adding additional software resources on their servers. This shift from Capital Expenditure (CapEx) to Operational Expenditure (OpEx) will mean that IT is viewed more as a utility in the coming years, opening up huge cost saving opportunities for businesses. Ultimately, services available on-demand through flexible licensing models will become a well-trodden path – given the reported benefits are to address increasing demand on delivering services. By having access to flexible billing options, executives will be able to scale the services up (or down) as needed, without a major upfront investment. Another trend that set to cause a series of technology shifts for businesses is the proliferation of new device adoption such as mobile phones, tablets, and ultra-mobile PCs, along with social technologies and The Internet of Things. In fact, with the cost of smartphones predicted by Gartner to come down to below the US$50 mark, it will open up mobile technology to more people than ever before. Inevitably, businesses need to consider more intelligent ways to serve customers online and on-the-go. As consumer mobile devices become ‘corporatised’, end-users will expect secure access to services from any device, and with web applications under increasing attack, security will also need to be top of mind. Ultimately, whether it’s for security, mobility, performance or ensuring availability, IT infrastructure will need to align with new innovations and changing user demands. The velocity of non-traditional enterprise applications being used in business will open up risks and require organisations to consider the security implications. Gen Y and Z employees will continue to demand a socialised environment; blurring the lines between personal-social and business-social applications. From malware to data leakage, organisations will find themselves at risk if they don’t adequately manage the social element of their organisations. C-level executives will need to start thinking about introducing policies and ensuring their IT infrastructure is prepared to cater to this new breed of employees, in order to stay competitive. Regardless of how they access corporate information through applications, these users have come to expect equivalent or better performance on a mobile or tablet than that achieved on a typical desktop computer. What businesses need is a backend infrastructure that can help deliver image-heavy content, prioritise traffic to overcome mobile network latency, and offer visibility into application performance. Furthermore, as cyber crime becomes more complex, with attacks from multiple angles on different devices, single-purpose security machines will be phased out in favour of sophisticated multi-purpose machines. This convergence will also happen in the context of performance, as businesses come to expect fast, reliable user experience on any device.BYOD Policies – More than an IT Issue Part 3: Economics
#BYOD or Bring Your Own Device has moved from trend to an permanent fixture in today's corporate IT infrastructure. It is not strictly an IT issue however. Many groups within an organization need to be involved as they grapple with the risk of mixing personal devices with sensitive information. In my opinion, BYOD follows the classic Freedom vs. Control dilemma. The freedom for user to choose and use their desired device of choice verses an organization's responsibility to protect and control access to sensitive resources. While not having all the answers, this mini-series tries to ask many the questions that any organization needs to answer before embarking on a BYOD journey. Enterprises should plan for rather than inherit BYOD. BYOD policies must span the entire organization but serve two purposes - IT and the employees. The policy must serve IT to secure the corporate data and minimize the cost of implementation and enforcement. At the same time, the policy must serve the employees to preserve the native user experience, keep pace with innovation and respect the user's privacy. A sustainable policy should include a clear BOYD plan to employees including standards on the acceptable types and mobile operating systems along with a support policy showing the process of how the device is managed and operated. Some key policy issue areas include: Liability, Device Choice, Economics, User Experience & Privacy and a trust Model. Today we look at Economics. Many organizations look at BYOD as an opportunity to reduce some costs. Clearly, not having an equipment cost - $200-$600 per-device - can add up depending on the company's size. It might also make financial sense for a smaller company with few employees. Since the phone is owned by the employee, then they are probably responsible for the bill every month. Depending on their personal contract/plan, excessive charges could arise due to the extra minutes used for work related calls. Often, monthly charges are fairly consistent with established plans, and while there are times when the bill is higher due to an incidental charge to some other overage, many people fail to review their phone bill when it arrives. BYOD could force employees into a higher monthly service plan but it also gives users visibility into their usage, if for instance, the corporate BYOD policy allows for reimbursement. This can drive personal responsibility for how they use their minutes. While BYOD could reduce the overall expenditure for IT issued devices and many organizations report employees are happier and more productive when they are using the device of their desire (an enablement tool), there might be other areas that costs could increase. While the employee does spend their own money on the device, there are certainly enterprise costs to managing and securing that device. There could also be a snag however when it comes to licensing. Does BYOD also require Bring Your Own License? In many instances, this is an area that IT needs to keep an eye on and often the answer is yes. Some of the most common enterprise software licensing agreements require licensing any device used "for the benefit of the company" under the terms of the enterprise agreement. That often means that all those BYO devices might require a license to access common corporate applications. This also means that even if the user already has a particular license, which they purchased on their own or it came with the device, the organization might still need to license that device under their enterprise software agreement. This could diminish any cost savings from the BYOD initiative. There are solutions to such as using alternative products that are not restricted by licensing but, those may not have the key features required by the workforce. IT needs to understand if their license agreements are per-user or per-device and what impact that may have on a BYOD policy. A few questions that the Finance department should determine is: Should the company offer users a monthly stipend? How is productivity measured? Will the management and security cost more than IT (volume) procurement? What are the help desk expenses and policy about support calls. There certainly needs to be discussion around mobile app purchase and deployment for work use. Are there any compliance, additional audit costs or tax implications with a BYOD initiative? As part of the BYOD Policy the Economics Checklist, while not inclusive, should: · Investigate the effects of a BYOD reimbursement plan on your ability to negotiate with wireless carriers · Consider putting logging and reporting in place to monitor after-hours use · Incorporate a “help desk as a last resort” guideline into your employee BYOD social contract · Estimate costs for any increased need for compliance monitoring · Ask Finance about tax implications (cost or benefit) of a BYOD policy ps Related BYOD Policies – More than an IT Issue Part 1: Liability BYOD Policies – More than an IT Issue Part 2: Device Choice BYOD–The Hottest Trend or Just the Hottest Term FBI warns users of mobile malware Will BYOL Cripple BYOD? Freedom vs. Control What’s in Your Smartphone? Worldwide smartphone user base hits 1 billion SmartTV, Smartphones and Fill-in-the-Blank Employees Evolving (or not) with Our Devices The New Wallet: Is it Dumb to Carry a Smartphone? Bait Phone BIG-IP Edge Client 2.0.2 for Android BIG-IP Edge Client v1.0.4 for iOS New Security Threat at Work: Bring-Your-Own-Network Legal and Technical BYOD Pitfalls Highlighted at RSA
Virtualize This.
#ApplicationMobility holds a place in IT’s future. Check out this app virtualization and movement tool. We in IT have spent a ton of time, ink, and electrons discussing server virtualization, and with good reason. Server virtualization did wonders for IT as an industry, offering hardware independence for older applications – many an OS/2 app that was necessary but not “cool” ended up on VMware to relieve worries that the hardware it was running on might break, and a lot of poorly utilized servers were consolidated. Meanwhile, we greatly ignored all the other bits of virtualization while they were growing up. Application Virtualization has been around forever, and yet we don’t spill barrels of ink about it. Many organizations use app virtualization, yet it gets third rank, talked about when talking about overall virtualization strategy. That might just be about to end. I recently had the opportunity to chat with Greg O’Connor of AppZero about their solution to application virtualization. It’s not the application virtualization of a decade ago, that’s for certain. AppZero wraps up an application in a device-independent package. As long as you’re moving from like OS to like OS, you can move the application across the globe. This may sound like not a big deal in the age of virtualizing everything (did you see F5’s press release about virtualizing the network for VMware?), in practice what AppZero is doing certainly is the type of thing that IT admins need, even if they don’t yet know they need it. Consider moving an application from cloud A to cloud B. Do you copy the entire VM across the Internet? Do you reinstall everything and just copy the application bits across the Internet? Both are inefficient. Copying an entire VM – even with compression – can be expensive in terms of dollars because it is bits across your cloud, while both take an inordinate amount of time. In the case of installing everything and then just copying the app files, there’s the risk of human error also. But what if you could install the operating system on the target, and then simply say “move my app”? That’s what AppZero is building toward. And from what I’ve seen, they’re doing a good job of it. Moving only the application means that you’re moving less across the network, but they also compress, so you’re moving really very little. Depending on the app, the savings can be huge. While I no longer have the full-fledged test lab that we used to use to test out vendors’ claims, I did pop out to their “enterprise app store” and install OpenOffice directly. I also sat through a demo where an entire web application was shifted from Amazon to IBM clouds. The entire web app. While we were on the phone. For my part, I prefer to talk about the parts that I’ve touched more than the parts I’ve seen. I’ve been through enough dog-n-pony shows to know there are a million ways for marketing folks to show something that’s not there yet… Or not there at all. So what I can touch is a much better gauge of product readiness. The OpenOffice install was the fastest I have ever done. I’ve installed OpenOffice a few bazillion times, and this was the fastest. The amazing part about that statement is that all of my previous installs were from local disk (CD or hard disk, depending), this one was over a hotel network. I was attending meetings at corporate HQ, so sitting in my hotel room at night, I ran the installer over hotel wireless. Not the fastest environment in the world. Yet it was the fastest install I’ve done. So what use do we have for someone like AppZero? It is time to start asking those questions. The “limitations” that Greg admitted to are not, IMO, all that limiting. First is the “like to like” requirement. I was (and you will be) unsurprised to discover that you can’t move an app running on Windows to a Linux server. While I’d love to see the day when we have that level of portability, first you crawl, then you walk. Second, in the web app world, the “app” you are moving is the web server, and it takes the directory structure with it, so you might end up with several web apps moved when you only intended to move one. Knowing that one means you can plan around it. The mobility falls into two categories also. They wrap the application in a container for movement, and that container will run on your machine as-is. But it’s not running native, which causes some support staff to get touchy. So they provided a “dissolve” function that unwraps it and moves it to a 100% native install – registry modifications, copy to default directories, etc. The one issue I did have a bit of concern about was that you have to choose which services move with the app. When moving you are presented with a list of services and you have to pick which ones go along. Hopefully they’re working on making that more mobile. Again, that does not figure into their “Enterprise App Store”, where they have pre-packaged applications, only to moving a live app. Cloud mobility requires that you are able to bring up processing power on a new cloud to avoid lock-in. AppZero is young yet, but they show promise of filling in that gap by allowing you to package applications and move them along. Integration for large applications might well be problematic – if you move the web app, but not the database, or if you move the entire application and need to merge databases for example. But cloud mobility had to get started, and this is a start. AppZero is relatively new, as is the “application mobility” space that they’re placed in by analysts. Lori and I were discussing how cool technology like this would be to enable “I have application X, it can run in Amazon, IBM, Rackspace, or the datacenter… What are the costs, strengths, and weaknesses of each?” It’s going to be an interesting ride. We certainly need this market segment to grow and mature, will be fun seeing where it ends up. I’ll certainly be paying more attention. Of course, F5 gives me a lot of leeway about what I choose to cover in my blog, but in the end, pays me to consider things in light of our organization, so I can say unequivocally that it doesn’t hurt at all that you’ll need global DNS and global server load balancing (GSLB) to take advantage of moving applications around the globe. Particularly the GSLB part, where a wide IP can represent whatever you need it to, dynamically, without waiting for DNS propagation. But only for the server side. The desktop application side is very cool, and I’ll be watching both. Meanwhile, Greg tells me they are taking the Enterprise App Store into beta next month. If you have questions, you can contact him at go connor /at/ app zero /dot/ com. After you remove the spaces and s// the // .Will BYOL Cripple BYOD?
Don’t ya love all the acronyms we have? So by now, you’ve probably heard that BYOD means Bring Your Own Device – a topic that is getting lots of press these days. The concept of allowing employees to use their own personal device, often mobile, for work related tasks. This could reduce the overall expenditure for IT issued devices and many organizations feel users are happier and more productive when they are using the device of their desire. There could be a snag however when it comes to licensing. Does BYOD also require Bring Your Own License? In many instances, this is an area that IT needs to keep an eye on and often the answer is yes. Some of the most common enterprise software licensing agreements require licensing any device used "for the benefit of the company" under the terms of the enterprise agreement. That often means that all those BYO devices will require a license to access common corporate applications. This also means that even if the user already has a particular license, which they purchased on their own or it came with the device, the organization might still need to license that device under their enterprise software agreement. This could diminish any cost savings from the BYOD initiative. There are solutions to such as using alternative products that are not restricted by licensing but, those may not have the key features required by your workforce. Another idea is to move primarily to virtualization for provisioning apps with restrictive client access licenses. Some software licenses require one CAL per concurrent connection, some require one CAL for each unique client regardless of concurrency and some do not require CALs at all. IT needs to understand if their situation is per-user or per-device and what impact that may have on a BYOD policy. psWhat’s in Your Smartphone?
Typical smartphone owners have an average of 41 apps per device, 9 more than they had last year according to the recent Nielsen report, State of the Appnation – A Year of Change and Growth in U.S. Smartphones. Also last year, less than 40% of mobile subscribers in the U.S. had smartphones and this year, it’s at 50% and growing. Android and iOS users fuel the smartphone app drive with 88% downloading an app within the last month. They also found that as people download more apps, they are also spending more time with them (10% more), rather than using their mobile Web browsers for such activities. The Top Five Apps are Facebook, YouTube, Android Market, Google Search, and Gmail, no change from last year. More and more of our info is being saved on and collected by these smartphones and privacy is a big worry. Last year 70% and this year 73% expressed concern over personal data collection and 55% were cautious about sharing location info via smartphone apps. These concerns will only grow as more organizations adopt BYOD policies. While users are concerned for their security, according to Gartner, IT shops won't be able to provide the security necessary to protect company data. With so many entry points, data leakage outside the enterprise is a real risk. Gartner advises that IT shops managing mobile devices consider some mix of tiered support: Platform, Appliance and Concierge. With platform support, IT offers full PC-like support for a device and the device is chosen by IT, and will be used typically in vertical applications. With appliance-level support, IT supports a narrow set of applications on a mobile device, including server-based and Web-based application support on a wider set of pre-approved devices. Local applications are not supported. With concierge-level support, IT provides hands-on support, mainly to knowledge workers, for non-supported devices or non-supported apps on a supported device. The costs for support, which can be huge, are charged back to the users under this approach. ps References: State of the Appnation – A Year of Change and Growth in U.S. Smartphones Nielsen: 1 in 2 own a smartphone, average 41 apps Freedom vs. Control BYOD–The Hottest Trend or Just the Hottest Term Hey You, Get Off-ah My Cloud! Evolving (or not) with Our Devices The New Wallet: Is it Dumb to Carry a Smartphone? BYOD Is Driving IT ‘Crazy,’ Gartner Says Consumerization trend driving IT shops 'crazy,' Gartner analyst saysiDo Declare: iPhone with BIG-IP
Who would have imagined back in 1973 when Martin Cooper/Motorola dialed the first portable cellular phone call, that one day we'd be booking airline tickets, paying bills, taking pictures, watching movies, getting directions, emailing and getting work done on a little device the size of a deck of cards. As these 'cell-phones' have matured, they've also become an integral part of our lives on a daily basis. No longer are they strictly for emergency situations when you need to get help, now they are attached to our hip with an accompanying ear apparatus as if we've evolved with new bodily appendages. People have grown accustomed to being 'connected' everywhere. There have been mobile breakthroughs over the years, like having 3G/4G networks and Wi-Fi capability, but arguably one of the most talked about and coveted mobile devices in recent memory is the Apple iPhone. Ever since the launch of the iPhone in 2007, it has changed the way people perceive and use mobile devices. It's not just the tech-savvy that love the iPhone, it's Moms, Florists, Celebrities, Retailers and everyone in between that marvel at the useful ways iPhone can be used, and for their very own novel purpose. There are literally hundreds of thousands of apps available for iPhone, from the silly and mundane to banking and business. Browsing the web is a breeze with the iPhone with the ability to view apps in both portrait and landscape modes. The ability to zoom and 'pinch' with just your fingers made mobile browsing tolerable, even fun from an iPhone. Shopping from your cell phone is now as common as ordering a cup of coffee - often at the same time! iPhone developers are pushing the limits with augmented reality applications where you can point your iPhone into the sky and see the flight number, speed, destination and other such details as planes fly by. When the iPhone was first introduced and Apple started promoting it as a business capable device, it was missing a few important features. Many enterprises, and small businesses for that matter, use Microsoft products for their corporate software - Exchange for email, Word for documents, Excel for spreadsheets and PowerPoint for presentations. Those were, as expected, not available on the iPhone. As new generations of iPhones hit the market and iOS matured, things like iPhone Exchange ActiveSync became available and users could now configure their email to work with Exchange Server. Other office apps like Documents-to-Go make it possible for iPhone users to not only to view Microsoft Word and Excel documents, but they were able to create and edit them too. Today, there are business apps from Salesforce, SAP and Oracle along with business intelligence and HR apps. Companies can even lock down and locate a lost or stolen iPhone. Business users are increasingly looking to take advantage of Apple iOS devices in the corporate environment, and as such IT organizations are looking for ways to allow access without compromising security, or risking loss of endpoint control. IT departments who have been slow to accept the iPhone are now looking for a remote access solution to balance the need for mobile access and productivity with the ability to keep corporate resources secure. The F5 BIG-IP Edge Portal app for iOS devices streamlines secure mobile access to corporate web applications that reside behind BIG-IP Access Policy Manager, BIG-IP Edge Gateway and FirePass SSL VPN. Using the Edge Portal application, users can access internal web pages and web applications securely, while the new F5 BIG-IP Edge Client app offers complete network access connection to corporate resources from an iOS device; a complete VPN solution for both the iPhone and iPad. The BIG-IP Edge Portal App allows users to access internal web applications securely and offers the following features: User name/password authentication Client certificate support Saving credentials and sessions SSO capability with BIG-IP APM for various corporate web applications Saving local bookmarks and favorites Accessing bookmarks with keywords Embedded web viewer Display of all file types supported by native Mobile Safari Assuming an iPhone is a trusted device and/or network access from an iPhone/iPad is allowed, then the BIG-IP Edge Client app offers all the BIG-IP Edge Portal features listed above, plus the ability to create an encrypted, optimized SSL VPN tunnel to the corporate network. BIG-IP Edge Client offers a complete network access connection to corporate resources from an iOS device. With full VPN access, iPhone/iPad users can run applications such as RDP, SSH, Citrix, VMware View, VoIP/SIP, and other enterprise applications. The BIG-IP Edge Client app offers additional features such as Smart Reconnect, which enhances mobility when there are network outages, when users roaming from one network to another (like going from a mobile to Wi-Fi connection), or when a device comes out of hibernate/standby mode. Split tunneling mode is also supported, allowing users to access the Internet and internal resources simultaneously. BIG-IP Edge Client and Edge Portal work in tandem with BIG-IP Edge Gateway, BIG-IP APM and FirePass SSL VPN solutions to drive managed access to corporate resources and applications, and to centralize application access control for mobile users. Enabling access to corporate resources is key to user productivity, which is central to F5’s dynamic services model that delivers on-demand IT. ps Resources F5 Announces Two BIG-IP Apps Now Available at the App Store F5 BIG-IP Edge Client App F5 BIG-IP Edge Portal App F5 BIG-IP Edge Client Users Guide iTunes App Store Securing iPhone and iPad Access to Corporate Web Applications – F5 Technical Brief Audio Tech Brief - Secure iPhone Access to Corporate Web Applications Is the iPhone Finally Ready for Business Use? iPhone in Business The next IT challenge: Mobile device management Use Your iPhone to See Where Planes are HeadedDrive Identity Into Your Network with F5 Access Solutions
This webinar focuses on F5 Access solutions that provide high availability, acceleration and security benefits critical to your organization. Running time: 55:51 </p> <p>ps</p> <p>Technorati Tags: <a href="http://devcentral.f5.com/s/psilva/psilva/psilva/archive/2011/05/09/" _fcksavedurl="http://devcentral.f5.com/s/psilva/psilva/psilva/archive/2011/05/09/">F5</a>, <a href="http://technorati.com/tags/interop" _fcksavedurl="http://technorati.com/tags/interop">interop</a>, <a href="http://technorati.com/tags/Pete+Silva" _fcksavedurl="http://technorati.com/tags/Pete+Silva">Pete Silva</a>, <a href="http://technorati.com/tags/security" _fcksavedurl="http://technorati.com/tags/security">security</a>, <a href="http://technorati.com/tag/business" _fcksavedurl="http://technorati.com/tag/business">business</a>, <a href="http://technorati.com/tag/education" _fcksavedurl="http://technorati.com/tag/education">education</a>, <a href="http://technorati.com/tag/technology" _fcksavedurl="http://technorati.com/tag/technology">technology</a>, <a href="http://technorati.com/tags/internet" _fcksavedurl="http://technorati.com/tags/internet">internet, </a><a href="http://technorati.com/tags/big-ip" _fcksavedurl="http://technorati.com/tags/big-ip">big-ip</a>, <a href="http://technorati.com/tags/VIPRION" _fcksavedurl="http://technorati.com/tags/VIPRION">VIPRION</a>, <a href="http://technorati.com/tags/vCMP" _fcksavedurl="http://technorati.com/tags/vCMP">vCMP</a>, <a href="http://technorati.com/tags/ixia" _fcksavedurl="http://technorati.com/tags/ixia">ixia</a>, <a href="http://technorati.com/tags/performace" _fcksavedurl="http://technorati.com/tags/performace">performance</a>, <a href="http://technorati.com/tags/ssl%20tps" _fcksavedurl="http://technorati.com/tags/ssl%20tps">ssl tps</a>, <a href="http://technorati.com/tags/testing" _fcksavedurl="http://technorati.com/tags/testing">testing</a></p> <table border="0" cellspacing="0" cellpadding="2" width="365"><tbody> <tr> <td valign="top" width="200">Connect with Peter: </td> <td valign="top" width="163">Connect with F5: </td> </tr> <tr> <td valign="top" width="200"><a href="http://www.linkedin.com/pub/peter-silva/0/412/77a" _fcksavedurl="http://www.linkedin.com/pub/peter-silva/0/412/77a"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="o_linkedin[1]" border="0" alt="o_linkedin[1]" src="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_linkedin.png" _fcksavedurl="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_linkedin.png" width="24" height="24" /></a> <a href="http://devcentral.f5.com/s/weblogs/psilva/Rss.aspx" _fcksavedurl="http://devcentral.f5.com/s/weblogs/psilva/Rss.aspx"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="o_rss[1]" border="0" alt="o_rss[1]" src="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_rss.png" _fcksavedurl="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_rss.png" width="24" height="24" /></a> <a href="http://www.facebook.com/f5networksinc" _fcksavedurl="http://www.facebook.com/f5networksinc"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="o_facebook[1]" border="0" alt="o_facebook[1]" src="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png" _fcksavedurl="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png" width="24" height="24" /></a> <a href="http://twitter.com/psilvas" _fcksavedurl="http://twitter.com/psilvas"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="o_twitter[1]" border="0" alt="o_twitter[1]" src="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png" _fcksavedurl="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png" width="24" height="24" /></a> </td> <td valign="top" width="163"> <a href="http://www.facebook.com/f5networksinc" _fcksavedurl="http://www.facebook.com/f5networksinc"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="o_facebook[1]" border="0" alt="o_facebook[1]" src="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png" _fcksavedurl="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png" width="24" height="24" /></a> <a href="http://twitter.com/f5networks" _fcksavedurl="http://twitter.com/f5networks"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="o_twitter[1]" border="0" alt="o_twitter[1]" src="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png" _fcksavedurl="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png" width="24" height="24" /></a> <a href="http://www.slideshare.net/f5dotcom/" _fcksavedurl="http://www.slideshare.net/f5dotcom/"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="o_slideshare[1]" border="0" alt="o_slideshare[1]" src="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_slideshare.png" _fcksavedurl="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_slideshare.png" width="24" height="24" /></a> <a href="http://www.youtube.com/f5networksinc" _fcksavedurl="http://www.youtube.com/f5networksinc"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="o_youtube[1]" border="0" alt="o_youtube[1]" src="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_youtube.png" _fcksavedurl="http://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_youtube.png" width="24" height="24" /></a></td> </tr> </tbody></table></body></html> psDatabases in the Cloud Revisited
A few of us were talking on Facebook about high speed rail (HSR) and where/when it makes sense the other day, and I finally said that it almost never does. Trains lost out to automobiles precisely because they are rigid and inflexible, while population densities and travel requirements are highly flexible. That hasn’t changed since the early 1900s, and isn’t likely to in the future, so we should be looking at different technologies to answer the problems that HSR tries to address. And since everything in my universe is inspiration for either blogging or gaming, this lead me to reconsider the state of cloud and the state of cloud databases in light of synergistic technologies (did I just use “synergistic technologies in a blog? Arrrggghhh…). There are several reasons why your organization might be looking to move out of a physical datacenter, or to have a backup datacenter that is completely virtual. Think of the disaster in Japan or hurricane Katrina. In both cases, having even the mission critical portions of your datacenter replicated to the cloud would keep your organization online while you recovered from all of the other very real issues such a disaster creates. In other cases, if you are a global organization, the cost of maintaining your own global infrastructure might well be more than utilizing a global cloud provider for many services… Though I’ve not checked, if I were CIO of a global organization today, I would be looking into it pretty closely, particularly since this option should continue to get more appealing as technology continues to catch up with hype. Today though, I’m going to revisit databases, because like trains, they are in one place, and are rigid. If you’ve ever played with database Continuous Data Protection or near-real-time replication, you know this particular technology area has issues that are only now starting to see technological resolution. Over the last year, I have talked about cloud and remote databases a few times, talking about early options for cloud databases, and mentioning Oracle Goldengate – or praising Goldengate is probably more accurate. Going to the west in the US? HSR is not an option. The thing is that the options get a lot more interesting if you have Goldengate available. There are a ton of tools, both integral to database systems and third-party that allow you to encrypt data at rest these days, and while it is not the most efficient access method, it does make your data more protected. Add to this capability the functionality of Oracle Goldengate – or if you don’t need heterogeneous support, any of the various database replication technologies available from Oracle, Microsoft, and IBM, you can seamlessly move data to the cloud behind the scenes, without interfering with your existing database. Yes, initial configuration of database replication will generally require work on the database server, but once configured, most of them run without interfering with the functionality of the primary database in any way – though if it is one that runs inside the RDBMS, remember that it will use up CPU cycles at the least, and most will work inside of a transaction so that they can insure transaction integrity on the target database, so know your solution. Running inside the primary transaction is not necessary, and for many uses may not even be desirable, so if you want your commits to happen rapidly, something like Goldengate that spawns a separate transaction for the replica are a good option… Just remember that you then need to pay attention to alerts from the replication tool so that you don’t end up with successful transactions on the primary not getting replicated because something goes wrong with the transaction on the secondary. But for DBAs, this is just an extension of their daily work, as long as someone is watching the logs. With the advent of Goldengate, advanced database encryption technology, and products like our own BIG-IPWOM, you now have the ability to drive a replica of your database into the cloud. This is certainly a boon for backup purposes, but it also adds an interesting perspective to application mobility. You can turn on replication from your data center to the cloud or from cloud provider A to cloud provider B, then use VMotion to move your application VMS… And you’re off to a new location. If you think you’ll be moving frequently, this can all be configured ahead of time, so you can flick a switch and move applications at will. You will, of course, have to weigh the impact of complete or near-complete database encryption against the benefits of cloud usage. Even if you use the adaptability of the cloud to speed encryption and decryption operations by distributing them over several instances, you’ll still have to pay for that CPU time, so there is a balancing act that needs some exploration before you’ll be certain this solution is a fit for you. And at this juncture, I don’t believe putting unencrypted corporate data of any kind into the cloud is a good idea. Every time I say that, it angers some cloud providers, but frankly, cloud being new and by definition shared resources, it is up to the provider to prove it is safe, not up to us to take their word for it. Until then, encryption is your friend, both going to/from the cloud and at rest in the cloud. I say the same thing about Cloud Storage Gateways, it is just a function of the current state of cloud technology, not some kind of unreasoning bias. So the key then is to make sure your applications are ready to be moved. This is actually pretty easy in the world of portable VMs, since the entire VM will pick up and move. The only catch is that you need to make sure users can get to the application at the new location. There are a ton of Global DNS solutions like F5’s BIG-IP Global Traffic Manager that can get your users where they need to be, since your public-facing IPs will be changing when moving from organization to organization. Everything else should be set, since you can use internal IP addresses to communicate between your application VMs and database VMs. Utilizing a some form of in-flight encryption and some form of acceleration for your database replication will round out the solution architecture, and leave you with a road map that looks more like a highway map than an HSR map. More flexible, more pervasive.
