Welcome!

Microservices Expo Authors: TJ Randall, Liz McMillan, Elizabeth White, Pat Romanski, AppDynamics Blog

Related Topics: Mobile IoT, Microservices Expo, Wearables, Cloud Security

Mobile IoT: Blog Post

The Challenge of BYOD

Managing security in a mobile universe

Don’t care how…I want it now!
-Veruca Salt (Willy Wonka and the Chocolate Factory)

We live and work in a world of immediate gratification. In the name of greater productivity if you need to check inventory from a supplier’s warehouse…click there it is. Share a file on Dropbox, no problem. Add detail about a meeting in the sales database… click! Update your Facebook or LinkedIn status. Email a white paper to a potential client...click, click. Want to see that flying pig meme…well, you get the picture.

Now that’s not necessarily a bad thing…unless you’re an IT professional and the those accessing and storing your network assets use unsecured/unauthorized devices while potentially bypassing security protocols. But unlike Veruca Salt quoted above, it isn’t the user who falls into the garbage chute—the risk is to the security of the network. And it's happening more often than you think.

Many organizations are now allowing employees to use their personally-owned devices for work purposes with the goal of achieving improved employee satisfaction and productivity. However, this comes at an IT price. Users love the mobility and the immediacy of smart phones and tablets, but forget these devices are just hand-held computers prone to the same intrusions, attacks, viruses and risks as the computers used in the office. The larger problem is many users don’t see that, so every time they sign on to your network or download an app, it creates a wider and wider vulnerability gap for the enterprise network.

This issue is not unique to a company of any particular size or one vertical market, however the solution, whereas not simple, is clear. There are several moving parts that require elements of identity management, access management, SIEM, WebSSO and SaaS SSO. It incorporates a suite of integrated answers that together can let you rest a little better at night. The idea that if you build a strong perimeter or have users install anti-virus on their devices, the problem goes away. It simply puts the finger in the dyke, and the overriding issue still exists. Your proprietary assets are still exposed.

First off, regardless of whether you approach the solution from the cloud or more terrestrial confines, you need to rethink the risk, revise the policy and enforce the rules. You have to consider how best to maintain compliance (PCI, HIPAA, and/or Sarbanes-Oxley), and you need to incorporate the answer holistically. To this end you need new protocols to authenticate and credential users, define authorization rules based on very specific rights and profiles and monitor traffic patterns to identify, alert and act on any unusual activity.

This takes time, money and manpower. All of which are typically in short supply for new IT initiatives. That is why I advocate security-as-a-service. BYOD is a threat that will only grow exponentially and the longer you wait to address the issue head on, the greater the vulnerability gap. However, by taking advantage of the integrated solutions managed from the cloud, organizations gain the benefit of cost-effective, seamless, on-demand, scalable coverage. If you already have a strong SSO, then you don’t add it. If all you require is additional resources to improve intrusion detection and/or password management, the cloud solution exists to leverage your existing architecture. Essentially cloud-based security fills the vulnerability gap with proven and tested solutions monitored 7/24/365.

Managing security in the cloud provides the resource bandwidth to create the rules, easily provision or deprovision devices, automate the alerts and incorporate a more comprehensive and layered protection strategy that includes the BYOD crowd.

But whatever your decision, you need to address the issue sooner than later, because if you don’t take charge, your employees will self-serve based on their own needs. There’s a prescient blog by Joe Onisick of Network Computing who said:

“If you don’t support a particular device, employees will begin to find ways to self-support it. They will bypass corporate IT and, with that, bypass security, compliance, change management and audit logging. It’s a problem that will continue to get worse, and, as with any problem, an ounce of prevention is worth a pound of cure.”

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

Microservices Articles
At its core DevOps is all about collaboration. The lines of communication must be opened and it takes some effort to ensure that they stay that way. It’s easy to pay lip service to trends and talk about implementing new methodologies, but without action, real benefits cannot be realized. Success requires planning, advocates empowered to effect change, and, of course, the right tooling. To bring about a cultural shift it’s important to share challenges. In simple terms, ensuring that everyone k...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and co...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, discussed why containers should be paired with new architectural practices such as microservices rathe...
With the rise of Docker, Kubernetes, and other container technologies, the growth of microservices has skyrocketed among dev teams looking to innovate on a faster release cycle. This has enabled teams to finally realize their DevOps goals to ship and iterate quickly in a continuous delivery model. Why containers are growing in popularity is no surprise — they’re extremely easy to spin up or down, but come with an unforeseen issue. However, without the right foresight, DevOps and IT teams may lo...
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, will discuss how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galer...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, will discuss how to use Kubernetes to setup a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace....
"There is a huge interest in Kubernetes. People are now starting to use Kubernetes and implement it," stated Sebastian Scheele, co-founder of Loodse, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...