Report: Identity-based security and the cloud

Our library of 1700 research reports is available only to our subscribers. We occasionally release ones for our larger audience to benefit from. This is one such report. If you would like access to our entire library, please subscribe here. Subscribers will have access to our 2017 editorial calendar, archived reports and video coverage from our 2016 and 2017 events.
Cloud Security
Identity-based security and the cloud by David S. Linthicum:
The rise of cloud computing has led to the reassessment of how both cloud and non-cloud systems approach security. Considering the complex and distributed nature of cloud-based platforms, security approaches that leverage identity are the best fit. This will require a fundamental shift in thinking — and in technology.
In this report we’ll look at the concept of IAM, as related to the emerging use of cloud, and in the context of traditional enterprises that are adopting the cloud. We’ll consider changes that need to happen, best practices, new concepts (such as centralized trust), and solutions that IT buyers should consider right now.
To read the full report, click here.

With Android for Work, Google aims to secure 1+ billion BYOD devices

We’ve all been doing it, to the dismay to some of our bosses: Employees have long been bringing their own devices to work, reading corporate mail on the same phone that also is used to run their favorite games, snap their family photos and browse the web at large. Now, Google wants to legitimize BYOD, as the bring your own device is being called within the industry, by making Android more secure for work.

The company launched a new Android for Work program Wednesday that promises to not only make new and existing work devices more secure, but also bring enterprise-strength security to more than one billion Android handsets and tablets that consumers have acquired on their own. “Every employee should have a work-enabled mobile device in their hands,” said Android for Work Product Management Director Rajen Sheth during a press briefing in San Francisco Wednesday.

The basic idea behind Android for Work is to offer enterprises and their employees a secure area within their Android phones and tablets that can be managed by a company with dedicated policies and easily accessed by a user. For example, users can access a work-specific version of Google’s email client, and then simply switch back to their personal email client. Work apps are visually set apart from personal Android apps through a small suitcase icon.

This is how Android for Work looks like on a Lollipop device.

This is how Android for Work looks like on a Lollipop device.

On devices running Android Lollipop, this is done via dedicated profiles that are integrated on the operating system level. But Google also wanted to make Android for Work available to older handsets, which is why the company developed a dedicated Android for Work app that brings this kind of separation to non-Lollipop devices — an increasingly common tactic for Google, which has been fighting the often-decried Android fragmentation by adding key functionality updates to apps like Google Play services instead of Android itself.

Google is also launching a dedicated Google Play for Work store, which can be managed by each enterprise to deploy only whitelisted apps, or even purchase apps in bulk. Enterprises could decide to manage policies on their own, or work with third parties like VMWare or Citrix to handle these tasks.

Google Play for Work doesn’t really change anything for app developers, who only have to publish their app once to make it available to both consumers and enterprises, and are even able to add Work-specific security features to the same apps that are also installed by consumers. However, down the line, developers could expect new forms of monetization through Google Play for Work, which could include special bulk subscription tiers for enterprises. Sheth said that the company wants put a lot of focus on getting developers to build new apps as well as secure existing apps for Android for Work.

Google's new for Work productivity apps.

Google’s new for Work productivity apps.

Finally, Google is also making its own suite of productivity apps available as part of Android for Work. These are essentially customized versions of the existing Google apps. I got to see an email client that on the surface looked like Google’s Gmail app, but integrates with Exchange and Notes.

Google got a number of partners to launch Android for Work, including device manufacturers like LG, Sony and HTC, app and services businesses like Box, Salesforce and SAP as well as enterprise services companies like Citrix, VMWare and BlackBerry. Samsung, which at times has been a bit of a contentious partner for Google, got a special mention for its Knox security framework that integrates with Android for Work. The company also touted enterprise partners that have already been testing for Work, including Woolworth and Pearson.

However, the Google is also eyeing other industries, and looking to take Android even beyond BYOD, and to specialized single-purpose devices. One example mentioned by Sheth: Amusement parks, which could hand out a tablet or phone with some very specialized apps to each attendant. Restaurants could also benefit from dedicated Android apps that help staff to take and process orders, he said, adding: “That can open up an opportunity for many more devices that don’t exist today.”

The democratization of the enterprise

What do Egypt’s former president and Lotus Notes have in common? Middle East dictators and enterprise software solutions do not, on the surface, appear to have a lot of shared characteristics, but there is a connection. They are both victims of the will of the people.

CloudFlare gets $20M to make the web safe — and fast

Web security startup CloudFlare has raised $20 million in a series B funding round. The San Francisco-based company, which has seen impressive growth since its September 2010 launch, makes a cloud-based software program that purportedly helps protect websites while also making them faster.

Digital Ownership: The Last Great Hurdle for Distributed Workforces?

Once upon a time, companies refused to let employees take their work home and forbade the use of digital media transfer devices. All to preserve the company’s intellectual property, which, the prevailing thought was, would be put seriously at risk by going digital. That’s changing fast.

The Portable Risk of High Capacity USB Drives

t2-2gb_closed_130.jpgI was recently leading a session for the Panorama Capital CIO Council, a group of about 25 Fortune 500 CIOs with which we meet twice a year, when the topic of securing enterprise data arose. The CIOs were not, however, talking about data security that can be solved by using products like firewalls, spam filters, malware gateways or data loss prevention appliances.

Instead, the hot topic was the security risk of data leaving the enterprise via portable USB disk drives shoved into workers’ pants pockets. USB disk drives are a cheap and convenient way to move data off your computer — much easier than taking a laptop or hard disk drive. They are also the fastest and surest way to give a CIO a security headache. Read More about The Portable Risk of High Capacity USB Drives