BIG-IP Edge Client v1.0.6 for iOS 7
With all your other iOS 7 updates (if you've made the plunge), if you are running the BIG-IP Edge Client on your iPhone, iPod or iPad, you may have gotten an AppStore alert for an update. If not, I just wanted to let you know that version 1.0.6 of the iOS Edge Client is available at the AppStore with iOS 7 support. Customers who use UDID in their access policies should have users update to this version. The BIG-IP Edge Client application from F5 Networks secures and accelerates mobile device access to enterprise networks and applications using SSL VPN and optimization technologies. Access is provided as part of an enterprise deployment of F5 BIG-IP Access Policy Manager, Edge Gateway, or FirePass SSL-VPN solutions. BIG-IP Edge Client for iOS Features: Provides accelerated mobile access when used with F5 BIG-IP Edge Gateway. Automatically roams between networks to stay connected on the go. Full Layer 3 network access to all your enterprise applications and files. ps Related: Manual: BIG-IP Edge Apps Client Compatibility Matrix BIG-IP Edge Client and BIG-IP Edge Portal for Apple iOS and Android software support policy Release Note: BIG-IP Edge Client for iOS 1.0.6 Advanced Edge Client Installation for Windows–The Mysteries of Windows Installer Revealed F5 BIG-IP Edge Client F5 BIG-IP Edge Portal F5 BIG-IP Edge Client for Android Technorati Tags: f5,big-ip,edge client,ssl-vpn,mobile,smartphone,ios7,apple,iphone,ipad,silva,remote access,security,secure access,apm Connect with Peter: Connect with F5:BIG-IP Edge Client 2.0.2 for Android
Earlier this week F5 released our BIG-IP Edge Client for Android with support for the new Amazon Kindle Fire HD. You can grab it off Amazon instantly for your Android device. By supporting BIG-IP Edge Client on Kindle Fire products, F5 is helping businesses secure personal devices connecting to the corporate network, and helping end users be more productive so it’s perfect for BYOD deployments. The BIG-IP® Edge Client™ for all Android 4.x (Ice Cream Sandwich) or later devices secures and accelerates mobile device access to enterprise networks and applications using SSL VPN and optimization technologies. Access is provided as part of an enterprise deployment of F5 BIG-IP® Access Policy Manager™, Edge Gateway™, or FirePass™ SSL-VPN solutions. BIG-IP® Edge Client™ for all Android 4.x (Ice Cream Sandwich) Devices Features: Provides accelerated mobile access when used with F5 BIG-IP® Edge Gateway Automatically roams between networks to stay connected on the go Full Layer 3 network access to all your enterprise applications and files Supports multi-factor authentication with client certificate You can use a custom URL scheme to create Edge Client configurations, start and stop Edge Client BEFORE YOU DOWNLOAD OR USE THIS APPLICATION YOU MUST AGREE TO THE EULA HERE: http://www.f5.com/apps/android-help-portal/eula.html BEFORE YOU CONTACT F5 SUPPORT, PLEASE SEE: http://support.f5.com/kb/en-us/solutions/public/2000/600/sol2633.html If you have an iOS device, you can get the F5 BIG-IP Edge Client for Apple iOS which supports the iPhone, iPad and iPod Touch. We are also working on a Windows 8 client which will be ready for the Win8 general availability. ps Resources F5 BIG-IP Edge Client Samsung F5 BIG-IP Edge Client Rooted F5 BIG-IP Edge Client F5 BIG-IP Edge Portal for Apple iOS F5 BIG-IP Edge Client for Apple iOS F5 BIG-IP Edge apps for Android Securing iPhone and iPad Access to Corporate Web Applications – F5 Technical Brief Audio Tech Brief - Secure iPhone Access to Corporate Web Applications iDo Declare: iPhone with BIG-IP Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education,technology, application delivery, ipad, cloud, context-aware,infrastructure 2.0, iPhone, web, internet, security,hardware, audio, whitepaper, apple, iTunesFrom Car Jacking to Car Hacking
With the promise of self-driving cars just around the corner of the next decade and with researchers already able to remotely apply the brakes and listen to conversations, a new security threat vector is emerging. Computers in cars have been around for a while and today with as many as 50 microprocessors, it controls engine emissions, fuel injectors, spark plugs, anti-lock brakes, cruise control, idle speed, air bags and more recently, navigation systems, satellite radio, climate control, keyless entry, and much more. In 2010, a former employee of Texas Auto Center hacked into the dealer’s computer system and remotely activated the vehicle-immobilization system which engaged the horn and disabled the ignition system of around 100 cars. In many cases, the only way to stop the horns (going off in the middle of the night) was to disconnect the battery. Initially, the organization dismissed it as a mechanical failure but when they started getting calls from customers, they knew something was wrong. This particular web based system was used to get the attention of those who were late on payments but obviously, it was used for something completely different. After a quick investigation, police were able to arrest the man and charge him with unauthorized use of a computer system. University of California - San Diego researchers, in 2011, published a report (pdf) identifying numerous attack vectors like CD radios, Bluetooth (we already knew that) and cellular radio as potential targets. In addition, there are concerns that, in theory, a malicious individual could disable the vehicle or re-route GPS signals putting transportation (fleet, delivery, rental, law enforcement) employees and customers at risk. Many of these electronic control units (ECUs) can connect to each other and the internet and so they are vulnerable to the same internet dangers like malware, trojans and even DoS attacks. Those with physical access to your vehicle like mechanics, valets or others can access the On-Board Diagnostic System (OBD-II) usually located right under the dash. Plug in, and upload your favorite car virus. Tests have shown that if you can infect the diagnostics tools at a dealership, when cars were connected to the system, they were also infected. Once infected, the car would contact the researcher’s servers asking for more instructions. At that point, they could activate the brakes, disable the car and even listen to conversations in the car. Imagine driving down a highway, hearing a voice over the speakers and then someone remotely explodes your airbags. They’ve also been able to insert a CD with a malicious file to compromise a radio vulnerability. Most experts agree that right now, it is not something to overly worry about since many of the previously compromised systems are after-market equipment, it takes a lot of time/money and car manufactures are already looking into protection mechanisms. But as I’m thinking about current trends like BYOD, it is not far fetched to imagine a time when your car is VPN’d to the corporate network and you are able to access sensitive info right from the navigation/entertainment/climate control/etc screen. Many new cars today have USB ports that recognize your mobile device as an AUX and allow you to talk, play music and other mobile activities right through the car’s system. I’m sure within the next 5 years (or sooner), someone will distribute a malicious mobile app that will infect the vehicle as soon as you connect the USB. Suddenly, buying that ‘84 rust bucket of a Corvette that my neighbor is selling doesn’t seem like that bad of an idea even with all the C4 issues. psWill BYOL Cripple BYOD?
Don’t ya love all the acronyms we have? So by now, you’ve probably heard that BYOD means Bring Your Own Device – a topic that is getting lots of press these days. The concept of allowing employees to use their own personal device, often mobile, for work related tasks. This could reduce the overall expenditure for IT issued devices and many organizations feel users are happier and more productive when they are using the device of their desire. There could be a snag however when it comes to licensing. Does BYOD also require Bring Your Own License? In many instances, this is an area that IT needs to keep an eye on and often the answer is yes. Some of the most common enterprise software licensing agreements require licensing any device used "for the benefit of the company" under the terms of the enterprise agreement. That often means that all those BYO devices will require a license to access common corporate applications. This also means that even if the user already has a particular license, which they purchased on their own or it came with the device, the organization might still need to license that device under their enterprise software agreement. This could diminish any cost savings from the BYOD initiative. There are solutions to such as using alternative products that are not restricted by licensing but, those may not have the key features required by your workforce. Another idea is to move primarily to virtualization for provisioning apps with restrictive client access licenses. Some software licenses require one CAL per concurrent connection, some require one CAL for each unique client regardless of concurrency and some do not require CALs at all. IT needs to understand if their situation is per-user or per-device and what impact that may have on a BYOD policy. psFreedom vs. Control
No sooner had I posted BYOD–The Hottest Trend or Just the Hottest Term, last week than yet another BYOD survey hit the news. The full results will be released in a webinar tomorrow but SANS announced their First Annual Survey Results on Mobility Security. Last December, SANS launched its first ever mobility survey to discover if and how organizations are managing risk around their end user mobile devices. The survey of 500 IT pros found that a meager 9% of organizations felt they were fully aware of the devices accessing corporate resources, while 50% felt only vaguely or fairly aware of the mobile devices accessing their resources. In addition, more than 60 % of organizations allow staff to bring their own devices. With so many companies allowing BYOD, controls and policies are very important to securing business environments. Courtesy: SANS Mobility BYOD Security Survey Deb Radcliff, executive editor, SANS Analyst Program said, ‘Another interesting note is that organizations are reaching for everything at their disposal to manage this risk,…Among them are user education, MDM (mobile device management), logging and monitoring, NAC and guest networking, and configuration controls.’ Less than 20% are using end point security tools, and out of those, more are using agent-based tools rather than agent-less. According to the survey, 17% say they have stand-alone BYOD security and usage policies; 24% say they have BYOD policies added to their existing policies; 26% say they "sort of" have policies; 3% don't know; and 31% say they do not have any BYOD policies. Over 50% say employee education is one way they secure the devices, and 73% include user education with other security policies. The BYOD challenges, I think, falls under an age old dilemma: Freedom vs. Control. We see this clash in world politics, we’ve seen it pertaining to the internet itself, we may even experience it at home with our offspring. The freedom to select, use, work and play with the desired mobile device of our choosing bumping up against a company’s mandate to protect and secure access to sensitive corporate information. There can be tension between a free and open culture verses the benefits of control and information management. Sometimes people equate freedom with having control over things yet when it comes to controlling others, many of us feel slightly uncomfortable on either end of the leash. Sometimes oversight is necessary if someone does not have self-control. BYOD is a revolution, a drastic change in how organizations manage devices and manage access to information. If you look at revolutions through the years, often it’s about freedom vs. control. I’m certainly not suggesting an employee coup of the executive floor but remember there are two distinct and diverse powers at play here and successful BYOD deployments need to involve both people and technology. ps Resources SANS Mobility BYOD Security Survey Are your employees on a BYOD binge? SANS Survey: BYOD Widespread But Lacking Sufficient Oversight SANS First Annual Survey Results on Mobility Security: Lack of Awareness, Chaos Pervades with BYOD BYOD–The Hottest Trend or Just the Hottest Term Only 9 Percent of Organizations Are Aware of the Devices Accessing Their Corporate Data Evolving (or not) with Our Devices The New Wallet: Is it Dumb to Carry a Smartphone? Audio Tech Brief - Secure iPhone Access to Corporate Web Applications Freedom vs Control – important lessons to be learned New security flaws detected in mobile devices Freedom and Control | Psychology Today Devo - Freedom Of Choice (Video)
Identity Gone Wild! Cloud Edition
#IAM #cloud #infosec Identity lifecycle management is out of control in the cloud Remember the Liberty Alliance? Microsoft Passport? How about the spate of employee provisioning vendors snatched up by big names like Oracle, IBM, and CA? That was nearly ten years ago. That’s when everyone was talking about “Making ID Management Manageable” and leveraging automation to broker identity on the Internets. And now, thanks to the rapid adoption of SaaS driven, so say analysts, by mobile and remote user connectivity, we’re talking about it again. “Approximately 48 percent of the respondents said remote/mobile user connectivity is driving the enterprises to deploy software as a service (SaaS). This is significant as there is a 92 percent increase over 2010.” -- Enterprise SaaS Adoption Almost Doubles in 2011: Yankee Group Survey So what’s the problem? Same as it ever was, turns out. The lack of infrastructure integration available with SaaS models means double trouble: two sets of credentials to manage, synchronize, and track. IDENTITY GONE WILD Unlike Web 2.0 and its heavily OAuth-based federated identity model, enterprise-class SaaS lacks these capabilities. Users who use Salesforce.com for sales force automation or customer relationship management services have a separate set of credentials they use to access those services, giving rise to perhaps one of the few shared frustrations across IT and users – Yet Another Password. Worse, there’s less control over the strength (and conversely the weakness) of those credentials, and there’s no way to prevent a user from simply duplicating their corporate credentials in the cloud (a kind of manual single-sign on strategy users adopt to manage their lengthy identity lists). That’s a potential attack vector and one that IT is interested in cutting off sooner rather than later. The lack of integration forces IT to adopt manual synchronization processes that lag behind reality. Synchronization of accounts often requires manual processes that extract, zip and share corporate identity with SaaS operations as a means to level access on a daily basis. Inefficient at best, dangerous as worst, this process can easily lead to orphaned accounts – even if only for a few weeks – that remain active for the end-user even as they’ve been removed from corporate identity stores. “Orphan accounts refer to active accounts belonging to a user who is no longer involved with that organization. From a compliance standpoint, orphan accounts are a major concern since orphan accounts mean that ex-employees and former contractors or suppliers still have legitimate credentials and access to internal systems.” -- TEST ACCOUNTS: ANOTHER COMPLIANCE RISK What users – and IT – want is a more integrated system. For IT it’s about control and management, for end-users it’s about reducing the impact of credential management on their daily workflows and eliminating the need to remember so many darn passwords. IDENTITY GOVERNANCE: CLOUD STYLE From a technical perspective what’s necessary is a better method of integration that puts IT back in control of identity and, ultimately, access to corporate resources wherever they may be. It’s less a federated governance model and more a hierarchical trust-based governance model. Users still exist in both systems – corporate and cloud – but corporate systems act as a mediator between end-users and cloud resources to ensure timely authentication and authorization. End-users get the benefit of a safer single-sign on like experience, and IT sleeps better at night knowing corporate passwords aren’t being duplicated in systems over which they have no control and for which quantifying risk is difficult. Much like the Liberty Alliance’s federated model, end-users authenticate to corporate identity management services and then a corporate identity bridging (or brokering) solution asserts to the cloud resource the rights and role of that user. The corporate system trusts the end-user by virtue of compliance with its own authentication standards (certificates, credentials, etc…) while the SaaS trusts the corporate system. The user still exists in both identity stores – corporate and cloud – but identity and access is managed by corporate IT, not cloud IT. This problem, by the way, is not specific to SaaS. The nature of cloud is such that almost all models impose the need for a separate set of credentials in the cloud from that of corporate IT. This means an identity governance problem is being created every time a new cloud-based service is provisioned, which increases risks and the costs associated with managing those assets as they often require manual processes to synchronize. Identity bridging (or brokering) is one method of addressing these risks. By putting control over access back in the hands of corporate IT, much of the risk of orphan accounts is mitigated. Compliance with corporate credential policies (strength and length of passwords, for example) can be restored because authentication occurs in the data center rather than in the cloud. And perhaps most importantly, if corporate IT is properly set up, there is no lag between an account being disabled in the corporate identity store and access to cloud resources being denied. The account may still exist, but because access is governed by corporate IT, the risk is diminished to nearly nothing; the user cannot gain access to that resource without the permission of corporate IT, which is immediately denied. This is one of the reasons why identity and access management go hand in hand today. The distributed nature of cloud requires that IT be able to govern both identity and access, and a unified set of services enables IT to do just that.Complexity Drives Consolidation
The growing complexity of managing more users from more places using more devices will drive consolidation efforts – but maybe not in the way you think. Pop quiz time. Given three sets of three items each, how many possible combinations are there when choosing only one from each set? Ready? Go. If you said “27” give yourself a cookie. If you said “too [bleep] many”, give yourself two cookies because you recognize that at some point, the number of combinations is simply unmanageable and it really doesn’t matter, it’s too many no matter how you count it. This is not some random exercise, unfortunately, designed to simply flex your mathematical mental powers. It’s a serious question based on the need to manage an increasing number of variables to ensure secure access to corporate resources. There are currently (at least) three sets of three items that must be considered: User (employee, guest, contractor) Device (laptop, tablet, phone) Network (wired, wireless, mobile) Now, if you’re defining corporate policy based on these variables, and most organizations have – or would like to have - such a level of granularity in their access policies, this is going to grow unwieldy very quickly. These three sets of three quickly turn into 27 different policies. Initially this may not look so bad, until you realize that these 27 policies need to, at least in some part, be replicated across multiple solutions in the data center. There’s the remote access solution (VPN), access management (to control access to specific resources and application services), and network control. Complicating even further (if that was possible) the deployment of such policies is the possibility that multiple identity stores may be required, as well as the inclusion of mobile device management (MDM). On top of that, there may be a web application firewall (WAF) solution that might need user or network-specific policies that tighten (or loosen) security based on any one of those variables. We’ve got not only the original 27 policies, but a variable number of configurations that must codify those policies across a variable number of solutions. That’s not scalable; not from a management perspective and certainly not from an operational perspective. SCALING ACCESS MANAGEMENT One solution lies in consolidation. Not necessarily through scaling up individual components as a means to reduce the solution footprint and thus scale back the operational impact, but by consolidating services into an operationally unified tier by taking advantage of a holistic platform approach to (remote) access management. The application delivery tier is an increasingly key tier within the data center for enabling strategic control and flexibility over application delivery. This includes (secure) remote access and resource access management. Consolidating access management and secure remote access onto a unified application delivery platform not only mitigates the problem of replicating partial policies across multiple solutions, but it brings to bear the inherent scalability of the underlying platform, which is designed specifically to scale services – whether application or authentication or access management. This means dependent services can scale on-demand along with the applications and resources they support. A consolidated approach also adds value in its ability to preserve context across services, a key factor in effectively managing access for the volatile environment created by the introduction of multiple devices and connection media leveraged by users today. It is almost always the case in a highly available deployment that the first component to respond to a user request will be the application delivery controller, as these are tasked with high-availability and load balancing duties. When that request is passed on to the application or an access management service, pieces of the contextual puzzle are necessarily lost due because most protocols are not designed to carry such information forward. In cases where component-component integration is possible, this context can be maintained. But it is more often the case that such integration does not exist, or if it does, is not put to use. Thus context is lost and decisions made downstream of the application delivery controller are made based on increasingly fewer variables, many of which are necessary to enforce corporate access policies today. By consolidating these services at the application delivery tier, context is preserved and leveraged, providing not only more complete policy enforcement but simpler policy deployment. This is why it is imperative for application delivery systems to support not just specific applications or protocols, but all applications and protocols. It is also the driving reason why support for heterogeneous virtualization and VDI platforms is so important; consolidation cannot occur if X-specific delivery solutions are required. As the number of devices, users, and network medium continues to expand, it will put more pressure on all aspects of IT operations. That pressure can be alleviated by consolidating disparate but intimately related services into a unified application delivery tier and applying a more holistic, contextually aware solution that is not only ultimately more manageable and flexible, but more scalable as well.New iOS Edge Client
If you are running the BIG-IP Edge Client on your iPhone, iPod or iPad, you may have gotten an AppStore alert for an update. If not, I just wanted to let you know that version 1.0.3 of the iOS Edge Client is available at the AppStore. The main updates in v1.0.3: URI scheme enhancement allows passing configuration data to the client upon access. For example, you could have a link on the WebTop that invokes the client and forces web logon mode. Other Bug fixes. The BIG-IP Edge Client application from F5 Networks secures and accelerates mobile device access to enterprise networks and applications using SSL VPN and optimization technologies. Access is provided as part of an enterprise deployment of F5 BIG-IP Access Policy Manager, Edge Gateway, or FirePass SSL-VPN solutions. BIG-IP Edge Client for iOS Features: Provides accelerated mobile access when used with F5 BIG-IP Edge Gateway. Automatically roams between networks to stay connected on the go. Full Layer 3 network access to all your enterprise applications and files. I loaded it yesterday on my devices without a hitch. ps Related: iDo Declare: iPhone with BIG-IP F5 Announces Two BIG-IP Apps Now Available at the App Store F5 BIG-IP Edge Client App F5 BIG-IP Edge Portal App F5 BIG-IP Edge Client Users Guide iTunes App Store Securing iPhone and iPad Access to Corporate Web Applications – F5 Technical Brief Audio Tech Brief - Secure iPhone Access to Corporate Web Applications Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, ipad, cloud, context-aware, infrastructure 2.0, iPhone, web, internet, security, hardware, audio, whitepaper, apple, iTunesF5 Friday: Why SSL VPN Still Matters
#mobile #vdi #infosec Scale and flexibility make SSL VPN an important part of any corporate remote access strategy You might have noticed a couple of news items from F5 this week that appeared related. If you noticed you were right, they are. First, we were very excited to announce recognition of our hard work on our SSL VPN solutions: F5 Positioned in Leaders Quadrant of SSL VPN Magic Quadrant. Second, we were even more excited to announce adding industry-leading support for Android’s 4.x OS, enhancing its SSL VPN capabilities. Why would be excited about that? Because mobile devices and virtualization (desktop, a la VDI, and server, a la cloud) continue to drive the need for secure remote access at a scale never before experienced by most IT organizations. While web monsters and primarily web-focused organizations have long understand the critical nature of scalability to their business, IT shops for whom a web presence was only somewhat important have not necessarily invested in the infrastructure or architecture necessary to truly scale to meet the increasing demand. It is increasingly the case that IT orgs of all shapes, sizes, and concerns must look to the scalability of its infrastructure to ensure its ability to service users inside and outside the data center via an often times dizzying array of clients and technologies. SSL VPNs arose from similar needs many years ago, out of the overwhelming complexity associated with IPSEC and the inability to support every end-user from every platform available. An SSL VPN generally provides two things: secure remote access via a web-top portal and network-level access via an SSL secured tunnel between the client and the corporate network. By providing both modes of access via an established, ubiquitous protocol (SSL), such solutions are better able to provide end users with access to resources regardless of platform. By deploying such a solution on a proven, highly scalable platform (BIG-IP), such solutions are better able to provide IT with the means to scale not only the solution but its requisite infrastructure services. Enhanced Mobile Support BIG-IP ® Edge Client ™ is the industry’s first SSL VPN solution that provides comprehensive security and mobile access for all devices running Android 4.x (codenamed Ice Cream Sandwich). It’s free, and you can get it anytime you like. Right now, if you want – go ahead. Grab it, I’ll wait. Oh, you aren’t running Ice Cream Sandwich yet? If you’ve got a “rooted” device, we’ve got your back there, too, with our BIG-IP Edge Client for “rooted” devices. Additionally, F5 is introducing enhanced support for its BIG-IP Edge Portal™, which provides managed application access to enterprise web applications such as SharePoint, wikis, and Intranet sites. This is that web top access mentioned earlier – a secure means of providing access to resources from any device without giving away the keys to the kingdom via the more open corporate network access route. And ultimately, this two-pronged approach to secure remote access afforded by SSL VPN solutions like BIG-IP Edge Gateway will continue to be important to corporate remote access strategies precisely because of the need to differentiate levels of service and access based on location, device, and user – something only a context-aware solution can provide. This is why validation of external sources of our work in the SSL VPN arena is exciting – because SSL VPN continues to be a significantly more flexible option to traditional IPSEC VPN connectivity and with the continued growth of mobile devices and demand for technology like VDI, it will certainly only continue to expand its applicability in the enterprise as scale and flexibility become more and more necessary to meet the diverse, distributed demand of clients. F5 Positioned in Leaders Quadrant of SSL VPN Magic Quadrant F5 Keeps Android Users Connected and Productive with New Secure Access Solutions F5 SSL VPN Security Solutions – Overview Magic Quadrant for SSL VPNs – Gartner Report I Scream, You Scream, We all Scream for Ice Cream (Sandwich) Scaling VDI Architectures Strategic Trifecta: Access Management F5 Friday: The Mobile Road is Uphill. Both Ways. All F5 Friday Posts on DevCentralF5 Friday: Secure Remote Access versus En Masse Migration to the Cloud
Being too quick to shout “cloud” when the solution may be found elsewhere can lead to unintended consequences. As with all technology caught up in the hype cycle, cloud computing is often attributed with being “the solution” to problems irrespective of reality. Cloud is suddenly endowed with supernatural powers, able to solve every business and operational challenge merely by being what it is. Take, for example, the attribution of cloud as being “the solution” to the very real issue of severe snow in the UK. Cloud solutions can help businesses to overcome severe weather issues – with your business’ IT in the cloud, 100 percent of your staffs could work from home. Moreover, working in the cloud – anywhere, anytime – is good for your employees’ morale: 76 percent said that off-premise working is great. http://www.thecloudinfographic.com/2011/10/27/cloud-computing-solves-severe-snow-problem.html Now, the premise of this “solution” is that severe snow often prevents employees from working because they can’t get to work or because they lack the means to do so. Given. The claim is that putting IT in “the cloud” (narrowly defined as Software as a Service only) eliminates these issues because employees can access the cloud from anywhere, including their homes during periods of severe weather. One wonders why employees cannot simply access the same applications and resources at their corporate location. Has the business no Internet connectivity? Have they no web applications? Are they, perhaps, the last holdouts against the electronic age? The real solution here has nothing to do with cloud, it is enabling remote access. Cloud computing as part of the strategy to enable that solution is certainly valid, but it isn’t the solution, it’s part of a strategy – a remote access strategy. OPERATIONAL CONSISTENCY The reason touting “cloud” as a the “solution” to snow-bound employee access is somewhat misguided is twofold. First, it completely ignores the need for enterprise-grade security. Simply put “IT” (as if one can move an enterprise-grade data center wholesale) in the cloud and voila! Instant, ubiquitous, access. Granted, the purported solution is SaaS, which implies some level of credentials are required for access, but in doing so it completely ignores the second issue: it assumes all IT functions are commoditized to the point they are offered “as a service” in the first place, which is utterly untrue at this point in the evolution of any kind of cloud. This conflation further dismisses the costs and importance of integration to those systems being “moved” en masse to the cloud, and seems not at all concerned with the operational management costs of now needing to manage not one but perhaps multiple cloud environments. As my toddler would say, “Are you seriously?” Interestingly, before cloud computing came along and became the answer to life, the universe and everything, there was a less disruptive solution to the problem of remote access and business continuity: secure remote access. One of the foremost capabilities provided by secure remote access solutions, like BIG-IP Access Policy Manager (APM), is that of supporting telecommuting. Having been a telecommuter for over a decade now I’ve never had access to corporate resources without the assistance of some kind of remote access (VPN) solution. There are simply too many pieces and parts (resources and applications and services) that are too sensitive to leave unprotected “in the cloud.” Now that’s not saying a cloud isn’t secure, it’s saying that it’s not (currently) enabled with the same level of security and support for secure access best practices required by both operational and business stakeholders. I absolutely agree with the premise that severe weather and other mitigating factors that prevent employees from getting to work is costly to the business. But the solution is not likely to be a wholesale migration of its data center to a cloud, it’s to enable remote access without disrupting existing security and access policies. The bonus is that using BIG-IP APM can actually enable a migration of applications or services to a cloud environment without sacrificing the control necessary to consistently replicate and enforce access policies. CLOUD is FOR EVERYONE but NOT for EVERYTHING “Cloud is for everyone, but not for everything.” (Rackspace ) That is especially true in this case, but even more so when folks are conflating a solution with its model and location because it fails to address the root cause and instead tries to force fit “cloud” as being an integral part of every solution to every IT challenge. Cloud is not a solution, but a deployment option that has both advantages and disadvantages over traditional data center-based deployments. While the issue with severe weather is certainly real, claiming “cloud” is a solution is shortsighted and fails to recognize the difficulties inherent in such an “en masse” migration. Unfortunately the reply of “cloud” as though it’s answer D (all of the above) to every operational and business challenge we encounter will continue to be an issue until the hype cycle finally tires of hearing itself talk and we can get down to the real business of exploiting “the cloud” in ways that are not only meaningful but that do not introduce myriad other (costly and potentially risk inducing) challenges. In this case, a secure remote access solution – BIG-IP Access Policy Manager – is a much better option for folks who are annually plagued by productivity and cost woes due to severe weather. Rather than transplant applications from the data center to a cloud, and likely losing in the process the control and enforcement of security and access policies necessary to comply with regulations and business requirements, enable secure remote access. Keep the control, leverage the flexibility, maximize the benefits. Happy Working from Home!
