The Reality of BYOD Security

It doesn’t matter if you’re the CEO, CFO, CIO or the CBP (Chief Button Pusher), every one in any business is capable of unintentionally compromising security. Every business now deals with Bring Your Own Device (BYOD) issues at some level and we’re all responsible – from the top on down. So how do you manage all that business data on everyone’s personal device and keep it safe?

You’ve got to walk the walk… It’s important for every employee to respect and be diligently mindful of the policies that are put in place. If you’re the one who dismissively downloads a seemingly harmless, un-authorized application on your phone, then you’re the one who could potentially lose your job if data is compromised. Policies are put in place to protect the company, but inevitably it protects the employee. How can we protect our vital work information while using the same device that we let our children borrow for long car rides?

Think about the other “secure” items in your life. If you have firearms in your home, you (hopefully) have them contained and locked. If you have cleaners, bug sprays or other contaminants, you have them contained in child-proof cabinets. If you have important legal papers, you most likely have them contained in a safe-deposit or firebox. But do you have important digital business documents, business applications or business designs on your device, mobile or other, and let anyone have access to the information that could potentially destroy or leak your work?

Why take the risk? There are various types Mobile Device Management (MDM) programs to compartmentalize, or contain, your work life from your home life. Keep your two lives separate on one device without fear of security issues if your phone is lost or stolen. At that point, all IT needs to do is shut that part off and wipe it clean. And if your 10 year old wants to play some games on your device, you and your work are secure.

MDM, now folded into overall Enterprise Mobility Management (EMM), need not only be developed and policies drawn up, but also needs to be updated annually. Whether you have MDM in place now or not, it should always be considered as part of an ongoing management system. Policies can’t be put in place and left alone. Technology changes rapidly and new malware is produced faster than the products themselves are being produced. Annual upgrades and policy changes are key.

There isn’t one application or one policy that fits all businesses so you need to do some research. The MDM platform that works best for your business to successfully manage BYOD is something that can’t be glossed over. All employees can be helpful in drawing up policies if included in the conversation with the IT department. Every department has a different function and the IT group needs to know what is going to work, all around, so information in separate containers can still be shared. There are some basic core functions to consider in MDM:

  • Define your inventory of devices being used
  • Choose a platform that can encompass all devices with remote capabilities
  • Define the software to be distributed which includes applications
  • Consider what kind of security management is needed
  • Include all levels of data protection
  • Have help and support for your users available

These are general categories to consider with a myriad of sub-categories and options that are determined by whatever MDM will suit your business.

Don’t ignore or dismiss all the dangers in our new Bring Your Own Device world. We’re all held accountable for making sure our devices are secure to protect our work and home. Critically analyze and determine what’s being used, how it’s being used, how it can be potentially be compromised and what’s needed to prevent security leaks and potential loss of data.

Posted in BYOD, Mobile, Security | Tagged , , , , , , | Leave a comment

SLAs – Who’s being served?

Life insurance, car insurance, homeowners insurance, business insurance, health insurance…Think there’s a pattern here? Let’s cut to the chase. A Service Level Agreement (SLA) is basically, insurance for your cloud data service. One would assume that your business data with a cloud service provider is at least as important as your home or car. Wouldn’t you feel better if you had some guarantees and parameters set that protect you? Of course, SLAs not only hold accountable, but also protect the service provider. When you and the provider are protected there’s no guesswork, no finger-pointing and no misunderstanding. So, if there should be a problem, the problem is readily solved. And yes, dealing with insurance companies can be a pain, but dealing with a service provider who is offering you the best deal they can, is completely different.

It’s true, not everyone has insurance and there are varying levels of insurance. You have to weigh the real need with your level and type of business. It’s not an all or nothing proposition. Every time we buy a big priced item from a couch to a washer to a mobile phone, you’re asked, ‘do you want a warranty with that?’ I bet, depending on what you’re buying and how it’s being used, you may mull over whether or not to get the warranty or to take your chances. Warranties and insurance policies essentially give you overall peace of mind just in case something should happen.

Do you really need that service agreement for your IT? Let’s address the realities of what SLAs mean to the provider and customer and how they address the most important component – uptime.

  •  SLAs are a two way street: Agreements, generally, protect both the customer and the service provider. After all, we’re both in business to make money and provide the best service and/or product to stay ahead in our industries. So, don’t expect a one-sided agreement that puts either customer or provider at zero risk.
  • SLAs have caveats: There are service interruptions that are the provider’s fault and the customer has to deal with the downtime, potential loss of revenue and the overall anxiety that we all feel when servers go down. The provider must assume responsibility and liability. Then there are service interruptions ‘outside of the provider’s reasonable control.’ Just make sure you read the fine print. It could mean natural disasters. In that case, no one, the customer, nor the provider has any control over interruptions when dealing with those circumstances. Finally, there’s everything in between. We know what we can and can’t handle and will have stipulations and disclaimers just like the customer has disclaimers, setting parameters on offers to the general public. Both the provider and customer have restrictions and the agreement should fit both parties the best it can.
  • SLA guarantees: The reality is, there are no guarantees. When a product touts a one hundred percent guarantee, there are still stipulations and disclaimers in the fine print. You may ask yourself, so why do businesses bother making that statement? Good businesses will always attempt a one hundred percent guarantee and satisfaction rate.

Uptime in the cloud cannot have a one hundred percent guarantee without some sort of fine print. Measure great service by the people and how they work with you, how they problem solve and how they continue to offer you the best. Remember, SLAs are an agreement between you and the provider and both parties need to take care of themselves so they can take care of one another.

Posted in Cloud Computing, Metrics, Service Level Agreements | Tagged , , , | Leave a comment

Reducing Risk in the Enterprise

At Datotel we routinely conduct risk assessments on our own operations, as well as assisting our clients to complete risk assessments on their environments.

Our objectives are generally to identify the risks in the environment; whether that be risks related to confidentiality, security, privacy, reliability or availability. From these identified risks, plans are then developed to address and mitigate those identified risks.

Whether you’re a financial institution, healthcare agency or a firm with no mandated regulations you should ensure you at least have some of the basic risks identified and covered. Continue reading

Posted in General, Security | Tagged , , , | Leave a comment

DCIM – Better Energy Management

In our data centers, we are under constant pressure to be more efficient, from shortening the new client onboard time to reducing power and cooling costs. Our Service Level Agreements (SLAs) are our number one priority and energy is obviously a very large expense for a data center. In fact, according to the Uptime Institute’s Annual Report: Data Center Density, the average kW consumption per data center rack rose from 2.1 kW in 2011 to 2.7 kW in 2012. The challenge becomes how we maintain our uptime and availability SLAs to our clients, while being as efficient as possible with energy, all the while making sure we are adequately managing our capacities and maximizing our resource utilization. Additionally, the level of complexity involved in building and managing the supporting power and cooling environments is ever increasing.

Data Center Infrastructure Management (DCIM) platforms enable organizations to take a more proactive and comprehensive approach to achieving the power and cooling goals through managing the attributes and the increasing complexities in the data center. This centralized information system allows a historic, real time and forecasted view of the facilities and how they are behaving allowing optimization of the assets and resources. Datotel, in partnership with CA Technologies (a provider of management solutions that help customers manage and secure complex IT environments), is now employing DCIM software to transform how we manage our data centers.

DCIM extends the more traditional systems and network management approaches to now include the physical and asset-level components .The true benefit of DCIM is really all about the data and having visibility to information we didn’t have before, providing us the ability to make more informed decisions in a faster time frame than we could have previously. This visibility helps us to be more efficient – both from a time and energy standpoint. In addition, DCIM helps to provide more in depth alerting capabilities; which in turn allows us to provide a higher level of service. This information access has helped us become more proactive in capacity planning both for ourselves and in projecting future growth and needs for our clients. For example, knowing exactly what capacity we have now and forecasted for the next six months, allow us to plan resources and capital allocation. This helps to decrease the time needed to deploy a new environment for a client – we can project what we need- when and where.

Another large benefit of DCIM is through what we call “a single plane of glass” view of our data center facilities, this means that we have one platform vs. multiple sources to get information on a very granular basis. This saves us time, resources and allows us to easily step back and look at the big picture. Within our DCIM platform, the operations team has a set of customized views into the data that represents their view of the world and information that is important to them allowing them to make key decisions quickly. This view is very different to the views at the executive level and the views our clients see for example. With more, accurate information presented in a timely fashion, we have the ability for better decisions, planning and ultimately, increased availability.

In our cloud computing model, our clients only pay for what they use; this same philosophy extends to the energy consumption within our data center. By utilizing the DCIM platform, Datotel is a unique position to enable our clients to pay for the actual amount of power consumed vs. the industry standard of paying a flat circuit fee- regardless of how much power is used. From our experience, this common industry practice of flat-rate energy billing is not favorable to the client. Knowing and paying for actual energy usage is not only a huge cost savings, but this knowledge allows companies to make smart business decisions and can become a sustainability effort as well.

Another priority for us is cooling. The data center environment is dynamic, making sure the temperature is regulated at the right place at the right time, and keeping on top of those changes, can be challenging. By utilizing DCIM, a centralized repository of power and cooling data allows us to establish thresholds and automatic triggers within the facility, devices and server racks so anomalies in power usage can be quickly and easily identified. So, for example, we will be notified immediately of changes in environment, such as humidity and temperature, which can indicate a wider problem.

We are now looking to extend DCIM beyond our four walls to those of our client locations. With visibility to our client’s entire energy consumption, we can help them make critical decisions on how they are using energy across their whole enterprise, not just the equipment within our data center. This optimization of the energy use can significantly impact the bottom line. But more on that next time…

@ddbrown

Reference: Uptime Institute Annual Report: Data Center Density, Preliminary Results, 2012

Posted in Cloud Computing, Colocation, Green Initiatives | Tagged , , , , , , , , , | Leave a comment
  • The Need for Mobile Device Management:

    Gone are the days of carrying two phones- one for work and one for personal. Users and employers are finding that it really is possible for employees to use one device for work and personal use. Studies have shown enhanced … Continue reading

    ...more
  • Admin Terms of Use Contact Us