The 12th Idea

Showing all posts tagged "end user experience"

The Consumeration of Enterprise IT Part 2: Information Security

Protecting company information

With the ongoing consumerisation of Enterpise IT, increasingly users need to access corporate information systems from any device, anywhere. 

Traditionally, IT has used heavy-handed techniques that involve locking the information down in one form or another. This is difficult - and in some cases not possible - with the consumerisation of IT. This introduces a problem for many companies: how do you protect your information if you don't control the endpoint? While there is no ultimate solution, there are a number of ways that this can be achieved. 

Written policy


Rather than control and restrict access to information with technical measures, an alternative is to control information access with company policy. For example, allowing users access to company email on their personal phones, but mandating that they are responsible for ensuring their phone is secure. It's important to understand the criticality of the information that's being accessed. If using policy based controls, you should log access to ensure you have a record of what is being accessed, when and by whom. If information is sensitive, regularly review logs and deal with exceptions. 

Backups


With increasing use of Software as a Service (SaaS), company critical information can be stored in any location. No longer is all important company data stored in the datacentre. Company information can be stored in web applications like SalesForce and Highrise, tools like DropBox, on company laptops and on mobile devices. 

Work out the impact of data loss for each of the applications your business uses. If the cost of losing the data exceeds the cost of protecting it, then protect it. While many of these services back up your data, ultimately you are responsible for protecting your own information. An SLA cannot restore data that has been lost, and cannot ensure the continuity of your business if you lose business-critical information. Where the data cannot be automatically protected, use a manual procedure. 

The right security technology


Consumerising IT does not mean neglecting security. If third party devices are going to be introduced to a company network - whether wireless or wired - ensure that adequate protection measures are in place. Only allow untrusted devices onto untrusted network segments, and treat it like a DMZ. Use Network Access Control if you need extra security. Encrypt access to company information with SSL. Prevent key loggers from gaining logon credentials to your company systems by using two factor authentication.

Ultimately it is up to each business to decide on what level of information accessibility is appropriate. With the right measures in place, a balance between security and usability can be achieved. 
Posted by JAMES KAHN on Friday, 13 May 2011 at 3:45 PM
Tagged:end user experience

Configuring virtual desktops

Group policies or local settings?

Since the introduction of Windows 2000, IT departments have used group policies to control and configure workstations.

A corporate workstation build will typically contain the operating system, service packs and hotfixes and core applications common to all user groups - Microsoft Office, Adobe Reader, and the like. Whilst some configuration of the base build is common, the majority of the configuration is performed via group policy. Not only do group policies provide the flexibility to change configuration of a workstation after it has been deployed, filtering and loopback policies allow different configurations to be applied to different user groups or workstations. Reconfiguration of workstations can be achieved simply by changing a policy, adding the user to a different group or changing the OU the workstation computer account is in. Windows Server 2008 introduced group policy preferences, which further extended the configurational scope of group policies. Group policy preferences allow for registry values to be written, shortcuts created, network drives mapped and connections to network printers established.

The power and simplicity of group policies has made their use within the enterprise almost ubiquitous. But as enterprises move to streamed or virtual desktops, are group policies still the most efficient way to configure workstations?

Disk streaming allows a single virtual disk, containing the operating system and core applications, to be deployed to multiple workstations over the network in real time. A streamed disk, in read-only mode (often referred to as 'shared mode'), is not changed by the clients. All changes are stored in a temporary cache area and discarded when the workstation is rebooted. Essentially, each workstation is rapidly re-imaged every time it is rebooted.
When a normal desktop workstation boots up, and a user logs in, the workstation checks to see what policies should be applied. The workstation then checks the policy revision numbers to see if the policies have changed since the last time it downloaded them. If the policies are the same, the workstation skips them and moves on to loading the profile. If the policies have changed, the workstation downloads the policy settings, the policy ADM files, reapplies every setting and caches the policy to speed up boot times and user logins in future.

Where read-only hard disks are used, as is the case with streamed disks, the policy cache is discarded at each boot. Every time a workstation boots, all policies are downloaded and applied in full. In addition to increasing network traffic, the delay in boot and login times can be significant. Any negative impact on the user experience - no matter how small the effect might be - impacts on users' satisfaction with their desktop. When you're implementing new desktop technology, users' perception of the performance of the system is critical to receiving a positive reception from the business.

By making the configuration changes you would usually perform within group policy to the base build, boot and login delays can be reduced. Overall manageability of the environment is not significantly impacted. As there is just one disk image, making a change to the configuration is as simple as updating the disk image, making the change and getting the users to reboot. The new disk image, complete with all the changes, is distributed the next time the workstation starts.

Obviously, there are many instances where group policies are the only practical method of deploying configuration settings. However, for settings common to all users and to all classes of workstation, group policy is no longer the only manageable and practical method. Applying changes to the base build is almost as easy to manage and can result in noticeably better boot and login times.

And as we all know ... anything which can make users happier generally makes our lives easier.
Posted by DAN HALFORD on Monday, 18 April 2011 at 12:07 PM
Tagged:end user experience

The Consumerisation of Enterprise IT

New requirements, new challenges

Yesterday there was an article in the Australian about Suncorp allowing staff to BYO their own computers and tablets. This isn't an anomaly - it's part of a growing trend within corporate IT. There is more focus on end user experience and less on rigid control.

Enterprise IT is being consumerised. Executives are buying iPads and insisting that they be able to use them on the corporate network. Marketing people require access to Twitter and Facebook. Training is being delivered via web-based flash video. Web-based software is being used for critical line of business applications. If a user can't access YouTube on the corporate network, they will fire it up on their iPhone over 3G.

This is a reversal from the traditional model where IT mandated the devices, their configuration and the applications. Now, a new model is emerging where the requirements are being defined by the business, and IT is being asked to support them. IT are being asked to adapt to changing business needs.

This introduces a number of challenges for IT. For example:
  • How can we protect corporate data from data loss, theft or espionage in an uncontrolled environment?
  • How can information archiving/compliance mandates continue to be met when the application isn't hosted internally?
  • How can the corporate network continue to be protected from malware when the endpoint isn't controlled?
  • How do you ensure uptime of critical applications when the applications are hosted externally?
  • How are IT going to support a diverse range of devices?
These are emerging challenges that companies will continue to face in increasing number. Over the next few weeks, we will be writing some blog posts to help answer some of the above questions and suggest strategies that may help.
Posted by JAMES KAHN on Wednesday, 30 March 2011 at 7:27 PM
Tagged:end user experience