No Common Single Fix For SaaS Still

34751388_s

Software-as-a-Service (SaaS) is being embraced by organisations at fast pace, with 75% currently running SaaS.   As SaaS is looking to exceed traditional onpremise software, organisations need to ensure they have the correct tools and polices in place to manage the unique compliance challenges that they bring.

Recommendations:

IT managers need to monitor the use of software to ensure it remains within the agreed terms of service.  Some services will manage this for you, only enabling a user to download as many copies of software as the licence permits.  But this is not always the case, so specific services need auditing using an admin portal. Also, when employees leave an organisation, the associated services they’ve used will not only need to be removed from their devices, but their accounts removed from the service itself.

Data related with these services needs to be transferred, stored and used in accordance with regulations. Storage of data is not just dependent on your own infrastructure, as many services by default will store data on their own cloud.  The security around this storage and its geographical location needs to be in accordance with any sovereign regulatory requirements before onboarding takes place.

With onpremise software, licencing is counted via actual, concurrent users or the quantity of copies installed on machines. The management of these can be assisted with Software Access Management (SAM) software, giving you a clearer picture of what software and associated licencing you hold on your infrastructure.   There is not a wholesale support availability on SAM, but SAM is starting to catch up with SaaS and is slowly starting to build support for Software as a Service.

Another concern for managing SaaS is Bring Your Own Device (BYOD).  Here, the user may have their own software installed and wish to use it also at work, however the licencing should be checked as it may be for personal use only and not for business use.  

There is no single answer as to how to best manage SaaS within your organisation and the issues are multiplied the more services from different providers an organisation uses. However, having defined procedures for new starters, leavers and new service roll outs that embrace the service model including regular auditing, will allow you to overcome these obstacles and potentially reap cost savings, assure greater speed and flexibility that SaaS can provide.

Cyber Security – Top Tip Takeaways

Following our Cyber Security Round Table event chaired by Amicus ITS’ Head of Technology & Governance JP Norman, on Wednesday 24th June at IBM, delegates discussed the core issues affecting public and private sector organisations. The key takeaway points for all organisations is detailed below:

Top Tip Takeaways:

1.    The urgent need to raise awareness of the EU Data Directive,  its potential impact and 5%  TO financial penalties.
2.    To consider the impact and to plan ahead if we voted to opt out of the EU in the UK Referendum
3.    The need for organisations to educate staff on the issues and impact of cyber security, data and correct device use.
4.    To secure Board engagement on risk from cyber security breaches to recognise the resulting commercial fallout from loss of trust.
5.    Appoint a Data Controller and create core stakeholder engagement across departments.
6.    Organisations to implement and regularly review quality BYOD processes and manage web browsing and software applications.
7.    Organisations need to control data streaming and ensure it stays in the UK to remain compliant.
8.    Match security awareness by staff with maximising their productivity for the business.
9.    Ensuring your 3rd party supply chain have the same compliance checks, liabilities and recognised failure penalties to accompany your due diligence processes.
10.   To treat VOIP the same as any other form of data from cyber security POV and award it the same protections and covered by the same regulations as other data.
11.   Have an up to date digital policy and security measures within HR whatever the nature of the leaver to avoid data breach.

DSC_0083 JP Norman 10@300

This week’s technology news – 27th June 2014

Supreme Court ruling for mobile phone privacy does not answer Cloud issue
Forrester report an emphatic decision by the Supreme Court in the US this week, which has endorsed the fundamental right of the individual to safeguard the privacy of data held on a mobile phone and that the only way for 3rd party agencies to access this, would be to seek a warrant.

The sheer variety of applications now available on mobile phones (cameras, video players, Rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, newspapers, forums etc.) reveal much about its owner as well as what can be shown through the browsing history.  Consequently it was felt this would give 3rd parties too personal an insight about things we would prefer to keep private, even from our partners.  The crossover impact for this in business is in BYOD where corporate employers may not yet have taken steps to assess and implement data security policies to safeguard corporate privacy.

With the increase of devices and wearable technology, much of the content will inevitably be stored in the Cloud and what is not revealed through the phone as its conduit, will be accessible once it hits storage sites like Dropbox, Evernote etc.   So as soon as you have connected, you are no longer able to control that privacy, or that right.   This ruling is insufficient therefore in the wider context of cloud content and management of personal (and customer data), so expect more rulings in future as the further legal ramifications are reviewed.  As an MSP, it is your responsibility to be a privacy advocate.

Stop thief – you are turning me off!

Research by Glasgow Caledonian University into the way we hold and use smartphones, is leading to a new form of security being developed, to identify abnormal patterns which could trigger a “kill switch”. The software logs, monitors and profiles “normal” behaviour, carriage mannerisms, application access and timing, plus geolocation and browsing. Subtle changes to this information could indicate unauthorised use and prompt a shut down. The profiles take a few days of average use to build up a coherent picture and current versions of logging software are detecting illegal use within a couple of minutes which will no doubt get far quicker.

Lead scientist, Professor Lynn Baille notes that a further development of this software could be in authenticating identity. Research indicates users wiping or tapping in their pin up to 100 times a day to unlock their handset, which for some users is putting them off using security measures, if they have that choice. This new software could sanction access simply because the device is “in the right hands” and keeps a phone unlocked in normal use, except where a user needed to purchase something, or log in to a corporate network. Yet again, there are implications about privacy for such monitoring and whether this is managed centrally, or locally on the device.

Paperless NHS? A start to a small part of it

South Tyneside NHS Trust has begun its paperless journey by moving its board meetings to the cloud using Huddle for iPad as part of its digital business strategy.  This reduced paper output for just this management area by 100 reams a month, with the introduction of Apple iPads to the boardroom.   With creation and collaboration on documents up to 600 pages in length each month and an update and approval process only via email, confusion about changes and editorship were common.  Now documents are accessed via a secured cloud collaboration service through the tablet devices as part of the Trust’s BYOD scheme.  Huddle is part of the G-Cloud service agreement and fulfils the Trust’s requirements for data protection.    The company has come a long way since its start in 2006 and is making some competition for Microsoft – at least in the social collaboration market.

Mobile Device Managment and joined up thinking

Mobile Email Management responds to surge in world useage
Recent research estimates that there are 3.9 billion email accounts in use and this is expected to rise to 4.9 billion in 2014. 76% of these are for consumers, but the largest proportion of email traffic is business communications. 100 billion business emails were sent and received in 2013 each day. The increase in the mobile workforce is powerfully fed by retailers providing ready access to email through their range of devices, making this a clear contributor to the figures. Forrester assesses that by 2017, 78% of US email users will access emails through mobile devices. Employee freedom and flexibility is a must for profitability and business fluency. It is equally compelling that IT Directors and CISOs must engage with an MDM solution provider if organisations want data secured and properly protected (Airwatch, MobileIron and Citrix all feature in Gartner’s 2013 magic quadrant). Add to the rapid adoption of public cloud services, the arguments in favour of proactive management are overwhelming.

Are companies rethinking BYOD?
Interesting figures released for 2013 reveal that 73 million smartphones were purchased for business users in Q3 2013, a 34% increase in corporate purchasing over the same period in 2012. It begs the question whether Bring Your Own Device (BYOD) strategies are being re-thought by companies, let alone whether it is the right approach for business, or fair on employees. The fate of Blackberry could have distorted the figures as businesses sought to replace stock with new Apple and Android phones. However the challenges of adopting BYOD are maturing and in Gartner’s view, are 5-10% more expensive than the corporate option. Food for thought for CIOs.

HP seeks to bite greater market share through joined up technology
HP’s Discover event in Barcelona this week announced the arrival of their new workload optimised Converged System. A new engineered solution, it consolidates servers, storage, networking, software and services, through a single management tool and single point of accountability. With high performance virtualisation, faster data analytics of big data and a new hosted desktop experience based on the Moonshot server, they are hoping it will attract serious enterprise interest. If they deliver the promised increases in efficiency, speed, and always-on engineering HP will gain traction, which will become increasingly compelling, added to an order to operations timeframe of as little as 20 days.

Introducing the Cloud OS Network
In a move looking to strengthen their Cloud proposition, Microsoft has announced the Cloud OS Network. Made up of over 25 leading cloud service providers, the list includes business names such as Capita IT Services, Lenovo, Fujitsu Ltd and T-Systems. The providers operate in more than 90 markets, over 425 datacentres and serve over 3 million customers daily. This enables Microsoft to offer tailored infrastructure and application services from their new partners, whilst attracting new users to an all-powerful Azure cloud. Flexibility is the key here and Microsoft in opening up their Cloud proposition this way, could prove very compelling for businesses and enterprise.

Top Security Threats of 2013
As the end of the year approaches, it is time to look back over the top security threats that attacked in 2013. Distributed Denial of Service (DDoS) is still very fresh in our mind, after big attacks in recent weeks on RBS. DDoS attacks have been on the rise, taking advantage of greater available bandwidth. Mobile Applications threats have also been on the increase. With even more users downloading mobile apps, and the app stores themselves individually gaining more traction, larger numbers of people have fallen victim to data harvesting apps. Finally, with the focus on securing external attacks, ones from the inside are also on the increase. The average cost of internal breaches are also greater than external threats. With all this in mind the start of 2014 is certainly going to be an opportune time to review and implement security policy and defences.

This week’s technology news from Amicus ITS – Friday 3rd May 2013

Is your business and IT in alignment?
Despite years of trying to fix the relationship between the IT organisation and the rest of business, communication and understanding between the two remains patchy. IT doesn’t share the same priorities. IT alignment doesn’t just happen – you have to do something. Conversations we have with IT are very technical and business doesn’t understand server uptime, so the alignment is around communication too. Have you heard that “Our IT department has a reputation for saying no?”. People, process and technology are the three elements to any successful business and we believe that these all need to be aligned.

COPE-ing mechanisms
A recent report raised an interesting security issue in the MDM arena recently. The report analysed differences in consumer habits between BYOD (Bring Your Own Device) and COPE (Corporate Owned Personally Enabled) devices. 51% of tablet owners shared their device with at least one other person, but this was not necessarily the key issue where in the corporate world MDM solutions are more prevalent. More alarmingly, it was the revelation that 46% of tablet owners allow their children to use their company devices at home. The potential for accidental loss or modification of company sensitive data by those you DO know, is all too real. It is perhaps this more domestic perspective that needs review in the wider aspects of security and governance, as MDM rattles along at an ever increasing pace.

Microsoft working on Remote Desktop service?
Microsoft is working on a service called Mohoro, powered by its Azure platform which could provide Remote Desktop as a service. Mohoro should technically enable you to have a cheap thin-client, modest laptop or tablet – whilst still enjoying the huge processing and graphical power of a hi-grade desktop PC. Both consumer and business applications of Remote Desktop as a service from a giant like Microsoft, would shake up the market and affect market trends. However we will probably only know how, later in 2014.

Google Glass – future or fad?
Google has been flaunting its new wearable computer, Google Glass. Glass is praised for its simple and clear design, though battery life remains an issue. Like a smart phone, it can make phone calls, join video conferences, read and reply to SMS and E-mail, provide GPS navigation, web searching and more. Will wearable computers become the next big thing in technology (like the iPad did for tablets), or will Google Glass fade away as interesting but ultimately a fad?

Google_Glass

This week’s technology news from Amicus ITS – Friday 26th April 2013

On the beat – BYOD lawsuit to change commercial habits?
Lack of clear policy and forward-thinking governance for mobile devices will be the highlight of a court case reaching Chicago shortly. The case relates to 200 police officers filing a claim for overtime after being pressurised into answering work-related calls on department issued Blackberries. This should be of interest to MDM providers and all businesses. The flexibility of BYOD and the easy approach thus far to consumer technology at work, is increasingly a topic that needs addressing by business. Thoughts of cost savings and a casual approach to mobile device management may end up having a very costly sting in the tail which businesses must start to address, and soon.

Once more unto the breach
Verizon’s recent Data Breach Report identified hacking as the cause in 52% of breaches in 2012. 80% of these came from authentication-based attacks. Using the same password on different accounts is all too common, but getting people to change their habits has proven difficult and organisations are too slow to roll out more complex barriers to security breaches. Two-factor authentication is a good start (where a phone device delivers a unique password to accompany the primary access on a computer) and is available on Microsoft accounts. Sadly it seems that only large scale attacks felt personally are currently getting any habits changed. How important is your information to you and what extra measures are you taking to keep it secure?

Head technology
No longer limited to just science fiction, Samsung and other researchers at the University of Texas are creating the technology to control tablets with just your brain. Researchers are using an EEG cap to monitor brain waves which lets testers launch Apps, choose music and basic menu control by thinking of its name. The process sounds similar to how voice activation tasks are currently handled. However instead of saying the phrase aloud – you think it. So far the system is said to have an accuracy rate between 80 to 95% and is still quite slow to use. However, as tablets and other devices become more accessible, the benefits particularly to disabled users will be substantial once fully developed.

No longer taking the scenic route
Smartphone technology “Fit4KidsCare” has been used to great effect at the Miami Children’s hospital in the States. This has centred on using triangulated Wi-Fi signals (vs satellite GPS) to bounce off WiFi access points situated around the hospital. It has enabled patients and their families to navigate quickly to their destinations, even whilst using lifts. With delays in patients reaching their hospital appointments and unfamiliarity with hospital environments, it is an interesting development that could have useful ramifications for the healthcare industry in the UK.