The Sony Hack: Harbinger of Things to Come?

Paula Musich

Paula Musich

Summary Bullets:

  • Although some forensics details point to North Korean government involvement in the Sony hack, it’s impossible to tell whether it was the government or another group mimicking the North Korean government.
  • The fallout from the hack suggests the start of a new era of cyber skirmishes between governments and groups, and private enterprises could become collateral damage in the escalating battles.

Following the ongoing story of the Sony hack has all the twists and turns of a good who-done-it novel. First, the FBI concluded that the North Korean government was responsible for it. More recently, bulletin board rumors, along with cybersecurity company Norse conducting its own research, concluded that it was not the work of North Korean hackers who infiltrated the Sony network, but rather a former Sony security employee who gave security credentials for Sony’s systems to the Guardians of Peace group that claimed responsibility for the hack. Read more of this post

Stop the Budgeting Madness

Steven Hill

Steven Hill

Summary Bullets:

  • It’s almost a universal tradition that at the end of every year, there’s a scramble to spend departmental budgets to ensure that the funds will be available for the following year.
  • Returning thoughtfully planned, but eventually unspent funds shouldn’t be punished by reducing budget requests for the following year.

One of the most wasteful practices that I recall from my corporate years was the rush spending that always occurred at the end of the year to ‘ensure’ our budget requests for the next year weren’t cut. It was the biggest and silliest non-secret that I had ever run into at the time, but the truth was always there: if you don’t use it, you lose it AND next year’s budget will be reduced. Everybody knew that this practice went on, year after year, because (for whatever reason) there was this basic presumption that if you could return money at the end of the year, then you just wouldn’t need it the following year. This was true of capital budgets, supply budgets, and perhaps most difficult of all, maintenance budgets. As a manager, I always worked towards a truthful representation of the financial needs of my department at budget time, but I was amazed to learn that it was just a given that you HAD to pad it out to cover unforeseen problems as well as ensure that there was room for some discretionary spending throughout the year. Read more of this post

Don’t Assume Your EMM Solution Includes All the Mobile Security Your Enterprise Needs

Paula Musich

Paula Musich

Summary Bullets:

  • Not all enterprise mobility management solutions provide a full set of security controls that also include anti-malware programs.
  • Enterprises looking to secure employee and corporate-owned smartphones and tablets should mandate the use of strong anti-malware programs as part of their in-depth defense strategy.

Unless you’re using an enterprise mobility management (EMM) solution from an anti-malware provider such as Symantec, McAfee or Sophos, your smartphones – corporate or employee-owned – aren’t completely defended against the latest threats designed specifically for smartphones. Many EMM vendors focus their security efforts on controls such as authentication, certificate-based access control, separating out personal from corporate data in containers, remote/selective wipe and securing devices and/or apps using VPNs. But, with the exponential rise of malware focused especially on Android smartphones and tablets, is that really enough? New findings from security researchers at Palo Alto Networks and others suggest it isn’t. Palo Alto Networks’ Unit 42 researchers recently discovered a backdoor placed deliberately by Chinese manufacturer Coolpad, one of the largest China-based smartphone manufacturers. The company estimates that 24 Android models produced by Coolpad, and potentially 10 million devices, have the backdoor, nicknamed ‘CoolReaper,’ installed. The company’s researchers also believe that Coolpad modified the Android OS running in those devices so that it’s harder for anti-virus programs installed on the devices to detect the backdoor. Read more of this post

Humans: Both the Problem and the Solution

Steven Hill

Steven Hill

Summary Bullets:

  • Increasing automation in the data center can be one of the best ways to reduce errors in a dynamic production environment.
  • Automation can also be a source for problems of a much greater scale because of the number of processes that can affected by errors within a large and complex environment.

It’s highly unlikely that American sociologist Robert Merton was thinking about cloud computing when he proposed his “Law of Unintended Consequences” in 1936, but it seems particularly apt in light of Microsoft’s revelations regarding the major Azure cloud storage outage of November 2014. Just this week, Microsoft released its root cause analysis that pointed to simple human error as the cause of the 11-hour storage outage that also took down any associated VMs, some of which took more than a day to get back online. Now I’m not here to pile on Microsoft; its response in fixing such a massive system crash can’t really be faulted. What does interest me is how vulnerable our complex and automated systems can still be after years of automation designed to remove human error from the equation. Read more of this post

End-of-Year Insights on Enterprise Mobility

Kathryn Weldon

Kathryn Weldon

Summary Bullets:

  • Services for enterprise mobility did not change greatly in scope in 2014, but operators and service providers are seeing some new trends in customer requirements and buying habits; many are adjusting their portfolios or positioning.
  • A number of different issues rose to the top of the list as trends in 2014: the slow consolidation of enterprise mobility and M2M ecosystems, new positioning for enterprise mobility in SP portfolios, new definitions of EMM, MEAP evolution, and new patterns in buying habits.

Slow Consolidation of M2M/IoT and Enterprise Mobility Ecosystems: While the companies providing service delivery, application enablement, security, and device management for M2M deployments remain distinct from those providing EMM, there are beginning to be some common elements. Some carriers even talk about managing connected devices under the same pane of glass as smartphones and tablets, and enterprise equipment vendors and EMM platform developers that play in enterprise mobility are expanding their product scope to encompass M2M and IoT. Read more of this post

Marking HTTP Sites as Insecure: The Emperor’s New Clothes Indeed!

Mike Fratto

Mike Fratto

Summary Bullets:

  • Users don’t have a way for readily knowing when a site should be protected using SSL/TLS or not, and Google engineers are proposing yet another indicator.
  • A better use of their time would be in working with existing standards efforts – or starting a new one – that let site owners indicate when a site should be protected.

Google is using its size in the web arena to affect changes in how users view the relative “security” of websites. I put security in scare quotes because that word has a dubious meaning at best and more likely doesn’t mean what the company intends. The short story is that Google wants a way to indicate to end users that a page which is not properly protected using TLS – the current, improved version of SSL – is not secure. Read more of this post

The ‘Enterprization’ of Consumer: A Much-Welcomed Third Phase in the Consumerization of IT (CoIT)

Tim Banting

Tim Banting

Summary Bullets:

  • We are in the third phase of the ‘consumerization of IT’ (CoIT), where vendors are mimicking the consumer world in terms of design, delivery, and simplicity.
  • The decentralization of IT budget and the democratization of buying decisions will further drive the proliferation of cloud-based services.

We are at a pivotal point in the collaboration and communication marketplace, driven by the continued trend of the consumerization of IT. Over the last five years, we have tracked specific phases associated with this trend. Prior to the proliferation of smartphones and tablets, IT departments were tasked with the selection and implementation of enterprise communication and collaboration solutions. The democratization of IT buying decisions started with the first phase of CoIT, which focused around the adoption of consumer tablets and smartphones as enterprise devices (commonly known as BYOD). This provided the potential for improved employee productivity, lower costs, and easier work/life integration. Read more of this post

KPN to Cut 380 Jobs – Then What?

Summary Bullets:

  • KPN’s retrenchments are a response to the shift from circuit to packet switching technologies, increased competition, and the lower margins available now.
  • KPN has got some fat in its balance sheet; its next move will be vital to its future.

The reorganisation of KPN’s staff, with the net loss of 380 jobs just before Christmas, is harsh for those who face a bleak winter, but it seems mild in comparison with what other operators have gone through moving from circuit switching to packet switching. But that’s not the only problem KPN faces. Read more of this post

RhoMobile Seeks Mind Share, Enterprise Developers Under New Parent Company

Charlotte Dunlap

Charlotte Dunlap

Summary Bullets:

• Motorola goes from internal MEAP focus to support external non-Motorola devices/solutions

• Backend integration and hosted cloud are at the core of its new strategy

After losing significant mind share in the MEAP market space due to an internal focus on core Motorola products, RhoMobile, now operating under the wing of Zebra Technologies, has a new go to market strategy. It plans to take on competitors through its mature platform with an emphasis on backend integration, IoT focus, and strong channel partnerships. Read more of this post

Effectively Incorporating Presence Management into Customer-Centric Strategies

Ken Landoline

Ken Landoline

Summary Bullets:

  • The advent of unified communications (UC) in telecommunications, coupled with the convergence of enterprise networks to IP-based infrastructure, introduced a great deal of promise for presence management in the contact center marketplace. But, it is obvious that most enterprises have yet to maximize the potential benefits of presence management in their contact centers.
  • Used properly, presence management can result in subject matter experts (SMEs) across the enterprise being effectively and efficiently converted into on-demand experts to assist customer service representatives in more quickly and accurately answering customers’ questions, improving the overall customer experience and enhancing corporate profitability.

In a unified communications system, a ‘presence’ feature indicates to a user whether or not another UC user on the network, or sometimes even outside the enterprise network, is available and able to communicate with colleagues, agents and customers. In the contact center, the initial manifestation of this UC capability is often the creation of a ‘buddy list’ which can be used by agents to reach another agent or other knowledge worker with a single click on the keyboard and little wasted time and effort because they know who is available and who is not. When customer service representatives (CSRs) working in a contact center need assistance, they often need to reach out to an SME for help. Traditionally, this help was limited to within the physical boundaries of the contact center and consisted of a simple glance around the room to see who might be available to help. Read more of this post