Enterprise IT Watch Blog


June 22, 2011  11:16 AM

Secure the intranet by working around user workarounds



Posted by: MelanieYarbrough
Enterprise 2.0, Harmon.ie, IT, Security, Sharepoint

In a session entitled “Real Time Collaboration Across the Firewall,” one member of the audience raised his hand to ask how to deal with end-users who don’t care that their company is deploying a huge system like Sharepoint. Once outside the firewall, he lamented, these users will use the simplest option, like Google Docs.

So how does IT keep from being seen merely for its costly deployments that nobody cares to use? Deploy another product that helps you use your major deployments more easily! Well, sort of.

I spoke with David Lavenda of Harmon.ie, who makes a product whose goal is to reduce the steps of utilizing Sharepoint’s central repository from about nine to one. It appears as a sidebar in your email client, allowing you to view the documents you’ve been working on. One Google-esque feature includes reminding a user who is trying to attach a document (old habits die hard) that they can send a link to where the document lives in Sharepoint. (Harmon.ie also offers a similar product that deals with documents in Google docs.) An upcoming announcement includes a view of a list of people you are currently collaborating with along with which documents they’ve edited.

Often products such as these flaunt the business benefits without ever exploring the effects, or obstacles, for IT. When I asked Lavenda about how a company’s IT department might feel about deploying it, he responded positively. “It’s centrally deployed by IT. We do not add another layer of security, and we don’t circumvent security. We allow users to continue using what they’re comfortable with,” he said. While it may seem silly to add a program to do what a major deployment such as Sharepoint should have the capability to do, there are benefits to showing the higher ups a growth in your adoption rate.

One of the inspirations for this tool was the array of digital distractions reported in the workplace, compounded by the inability for users to disconnect from work and work devices even when off-duty. A little bit of work here, and a little bit of email there, can sometimes mean that users employ solutions outside of the network with data that’s supposed to be secure within the network. How do you handle end-users deploying rogue solutions over big budget deployments such as Sharepoint?

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

June 21, 2011  1:18 PM

Is there a place for IT at Enterprise 2.0?



Posted by: MelanieYarbrough
Enterprise 2.0, IT policies, IT Security

Today’s my first day at the Enterprise 2.0 Conference in Boston. I’ve listened to a couple keynotes and attended a couple sessions. What struck me most was the hostility being paraded toward IT departments. I caught the first half of Kevin Jones’s Enterprise 2.0 Failures session, where he stressed that in order to learn, we must fail. More trust means more room to fail which means more learning, innovation, and progress. After twenty minutes of fluff, I decided to head to the panel discussion on realtime collaboration across the firewall.

After less than a minute of sitting in the session, Brandon Savage of Box.net was in the middle of addressing the point of “IT as a bottleneck.” IT causes reluctance to move despite the opportunity for improvement. A woman in the audience who works for a pharmaceutical company on the IT side, asked about building solutions rather than buying a massive, large-scale solution. Her company, she said, prefers to implement bit by bit, testing and measuring (and beating dead horses) along the way. The panel’s treatment of IT departments was suddenly proven correct.

But not all IT departments want to throw a wrench in the productivity wheel. Another man in the audience questioned what to do when faced with end users who couldn’t care less about major systems like SharePoint. “When they’re outside the firewall, they just want the simplest option,” he said. Google Docs was named as the main rogue weapon of choice for those in no-firewall’s-land, but Savage dropped DropBox’s name as another form of employees going rogue. Savage took his opportunity to explain how Box.net is a better option than DropBox, with its ability to track files once they’re out in the wild, whether it’s who’s looking at what, how many times, and from what IP address.

Is IT fighting a losing battle?

Capabilities such as Box.net’s tracking features provide some hope that IT isn’t on its own. The search for a simple, user- and IT-friendly solution isn’t completely in vain, as long as IT departments keep some tips in mind.

  • Don’t just say “no.” Just because you know all of the reasons that sending the clients’ account information via Google Docs doesn’t mean that Bill from sales will know. One of the audience’s voiced complaints about IT departments is that they’re not helpful enough. Explaining why the extra steps to access SharePoint instead can save you headaches now and later.
  • Be proactive. Savage says that the majority of sales leads at Box.net are incoming from IT departments. While it may be a thorn in your foot that consumer applications are shiny, attracting every Joe Schmo at your company, they are necessary for pushing enterprise vendors. Savage pointed out that as long as there are consumer application start-ups with fewer obstacles for their end-users, they will outpace enterprise solutions. “As consumer applications become more accessible and used, it opens the end users’ eyes to the ease that’s possible, but also opens IT’s eyes to the vulnerabilities.”

What are your concerns when it comes to outside perceptions of IT? How does your company keep communications open amongst departments?

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


June 20, 2011  2:56 PM

Community-endorsed: Tech Twitter and Blogs



Posted by: MelanieYarbrough
IT Blogs, IT Books, Twitter

We cast the net, asking where IT Knowledge Exchange members get their latest technology news. Whether you prefer Twitter updates or your RSS feed is packed with tech blog posts, we wanted to hear from you. Add your own picks in the discussion area here, or in the comments section below.

IceCubbe recommends keeping up with the Loaded daily video to keep “up to date with all the latest happenings in the IT world.”

Whether you’re looking for a top of the line security podcast, job listings, or opinions of like-minded tech folks, ErroneousGiant recommends you pay a visit to Risky Biz. With over 170 podcasts published since February 2007, Risky Business has quite the archive, as well as forums and a second podcast, RB2. Looking for some reading material? ErroneousGiant also keeps up with Sophos’s Naked Security blog, where you can find updates on the latest Facebook phishing scam (probably updated hourly) and hacking or security issues from courtrooms all over the world.

Carlosdl suggested a couple Twitter accounts whose shortened URLs it’s probably safe to click: @helpnetsecurity and @FSecure. Help Net Security’s Twitter stream is managed by Mirko Zorz, editor in chief of Help Net Security and (IN)SECURE Magazine. F-Secure’s Twitter stream highlights the latest headlines in security.

There is an impressive array of Twitter accounts and blogs to follow, no matter what area of IT your focus is.

Networking: Twitter & Blogs

Storage Virtualization: Twitter & Books

Desktop Virtualization: Twitter & Blogs

Windows 7: Blogs

Security: Twitter & Blogs

Of course, checking out the Enterprise IT Watch blog and @ITKE on Twitter is always a good place to start.

Did we miss anyone? Let us know in the comments section or in the forums.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


June 14, 2011  12:56 PM

IT security starts in your pocket



Posted by: MelanieYarbrough
iPhone, Passcodes, Passwords, Security

My friends sometimes tease me about having to enter a passcode just to play games on my iPhone. But the truth is, Angry Birds isn’t the only thing hanging out on my home screen, so I need to be extra careful with who can access that information. Granted, a measly little four-digit passcode won’t stop even most amateur hackers, but it can buy a little time for me to report my phone missing or to wipe the sensitive information from my phone.

I was vindicated yesterday when Daniel Amitay, an Apple iPhone developer, published his research into passcode security. Amitay pays homage to past articles about the most common passwords on the Internet, creating a list of the ten most common iPhone passcodes. Here they are, in all their glory, from Amitay’s blog:
Continued »


June 14, 2011  5:55 AM

Could you survive getting Palin’d?



Posted by: Michael Morisy
E-mail, Privacy

After years of waiting, the Associated Press (and other media outlets) finally received the results of their freedom of information request to the state of Alaska: A massive trove of former Governor and Vice Presidential Candidate Sarah Palin’s e-mails from when she was in office.

And so far, love her or hate her, the results are pretty tame: Mother Jones, which has had some of the most aggressive coverage of the e-mails, reported that she did, indeed, regularly use the folksisms she’s become famous for, from unflippinbelievable,” “what a goof”  and “holy flippin A“to “we love the mobster in ya.” Indeed.

Continued »


June 8, 2011  3:14 PM

From Google to SecurID to iCloud: Top Tech Stories



Posted by: MelanieYarbrough
Apple, Google, iCloud, RSA, SecurID, Security, Top Tech Stories

Here at the Enterprise IT Watch blog, we try to up with the latest news in enterprise IT to keep you updated on the goings-on in your neck of the woods. Usually our posts focus on our theme month topics, but not everything new in IT follows our schedule (despite our many efforts). To make up for that, I’m going to start compiling the top stories in enterprise tech, to make sure that you know what’s happening (and so that we know what’s happening as well). So even next month, when we’ll be tackling Cloud Storage, you can get a balanced dose of enterprise IT right here. Your one-stop shop, if you will.

So here goes:

Hey, Google! It’s rude to point.
Continued »


June 7, 2011  7:48 AM

From Dropbox to Apple’s iCloud: The Trend of Accessibility



Posted by: MelanieYarbrough
Cloud security, Cloud Storage, Security, Storage

It seems the latest trend of enterprise IT is to adopt whatever’s hot in consumer tech, although usually because of necessity and security rather than by choice. The latest spinoff of the should-we/shouldn’t-we debate over mobile gadgets is the question of online or cloud storage. Google made it a household name with Google Docs and its array of Office-like applications, and more recently pushing it further with Google Music. With similar offerings from Amazon and Apple, the idea of the public cloud is losing its mystery and gaining a more everyday reputation.

Companies such as Dropbox, Box.net, and Mozy are getting in on the online storage trend, gaining attention from the New York Times Technology section, highlighted for their successful foray into the storage industry. As Verne G. Kopytoff reports, “Aaron Levie, chief executive of Box.net, an early online storage company based in Palo Alto, Calif., said that the increased adoption of mobile devices and ubiquity of online connections had created a bigger need for companies like this.” The article cites the decrease in cost of hardware such as servers and data storage devices as one of the main benefits these companies have experienced in the past years. Box.net’s server space leasing cost has decreased about five to eight times since 2005 when the company started.

But these online storage companies are no strangers to the number one deterrent for all things “cloud”: Security concerns. Even casual consumers understand that their photos of last week’s BBQ are at risk, let alone images of their passport or social security card. With the recent horrible stretch for cloud computing, it’s not hard to see why experts urge users to only store non-sensitive information to these platforms. Newer companies are using this skepticism to their advantage. Chief executive of Cx.com Brad Richardson told the New York Times he “was not intimidated by all the competition. Focusing on security will help set his company apart from rivals.” Aside from being a thorn in the IT department’s side, consumer cloud services often serve as a catalyst for innovation in enterprise IT. With Amazon’s Cloud Drive and Apple’s iCloud (announced today and compared here), it definitely seems that further improvements could be headed for enterprise data storage.

The next step up from consumer acceptance? Small- and medium-sized businesses. And as Ron Miller points out, cloud storage seems the most obvious option for SMBs:

Small businesses today are being built for a fraction of the cost of even 5 years ago precisely because these businesses don’t have to make huge investments in hardware infrastructure. By passing off these costs to infrastructure providers, small businesses can concentrate on building the business and not worrying about keeping the Exchange server up and running or adding a new drive to the network to handle increased usage.

So it seems the dividing line between trusting your data to online storage and not falls right where most other IT concerns do: Budget. The bottom line for now seems to be, if you’re just starting your business, taking advantage of cloud storage can diminish your costs and keep you afloat. If you’re a company with enough to invest in the hardware (or something to hide) to host your own data storage, use that to your advantage and keep track of your most sensitive data that way. Unless you’re Sony, then you might just want to bury your head in the sand.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


May 31, 2011  8:27 AM

RSA Breach claims its first major victim in Lockheed Martin



Posted by: Michael Morisy
Authentication, Network security, RSA, Security

After the RSA breach, there was a fair amount of debate over how much security fallout there would be, if any. As one security analyst told SearchSecurity at the time, “Good crypto works even if an attacker knows how it works.”

Now, however, it looks like the breach has claimed its first major victim: Lockheed Martin, one of the largest defense contractors in America. As Reuters reported, the company “is grappling with ‘major internal computer network problems,’ said one of the sources who was not authorized to publicly discuss the matter.” While not explicitly stated, it sounds like normal e-mail access is restricted among other disruptions.

Robert X. Cringely reported on the attack early on, without naming the specific company, and wrote that countermeasures were taken, namely in requiring another level of authentication:

It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network.

The contractor’s data security folks saw this coming, though not well enough to stop it. Shortly after the RSA breach they began requiring a second password for remote logins. But that wouldn’t help against a key-logger attack.

The good news here is that the contractor was able to detect an intrusion then did the right things to deal with it.  A breach like this is very subtle and not easy to spot.  There will be many aftershocks in the IT world from this incident.

A month ago, as SearchSecurity’s Rob Westervelt reported, that added layer of security was already of renewed interest, despite being a traditionally hard sell to security-stingy executives. Now with Lockheed’s surprisingly public example, it might just be a much easier upgrade to get approved.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.


May 25, 2011  11:02 AM

The Macs ARE coming, and there might not be a lot you should do to stop them



Posted by: Michael Morisy
Apple, Cloud computing, iPhone, Mac OS, virtualization

When I first started out as a beat reporter covering mobile for SearchMobileComputing, it was an interesting time: The iPhone was relatively new, BlackBerry was the only true “corporate” phone, there were serious questions between whether Android or LiMo would win out, and Palm was still a decrepit if beloved classic OS.

I even wrote a gem called Six simple steps to killing the iPhone (ignore reg link and keep scrolling down), advice that’s not too embarrassing until the last one:

Step 6: Take a deep breath

Others disagree, but both Hughes and Gold say the iPhone hysteria is no different in principle from other phone crazes before it — the Sidekick or the Motorola RAZR, which was at one point ranked #12 in the greatest gadgets of the past 50 years but is now regarded as a mid-tier feature phone at best.

“Somebody needs to come up with something that’s really innovative, and then you’ll see loyalties switch in a second,” Gold said. “I think it’s probably going to be folks in the Far East: LG or Samsung, or maybe a Chinese company we don’t even know about yet.”

The point is, at the time, iPhones were just a flash in the pan. They’ve now thoroughly invaded the enterprise; early IT resistance has softened, to the point that it’s hard to find an IT vendor who doesn’t offer some sort of server management tools for the iPhone (I’ll give Gold some points for his “company we don’t even know about yet,” as Taiwan’s HTC has come from underground white labeled device maker to very public contender).

That’s the background I come from when I read Preston Gralla’s predictions that Apple’s enterprise growth isn’t sustainable, and why I think he looks at the right data, but draws all the wrong conclusions:

Continued »


May 25, 2011  8:07 AM

Networking Wrap-Up



Posted by: MelanieYarbrough
Cloud Storage, Networking, Wrap up

Our wrap-up is neater, promise.As you probably know, May was Networking Month at IT Knowledge Exchange. We’ve been busy covering Interop 2011 and all of the latest happenings in the networking world. So if you’ve found yourself as confused about your network as those wires over there, check out some of what we’ve been doing and what we think you shouldn’t miss compiled below for your easy digestion.
Continued »


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: