Networks Without Borders Raise Security, Management Issues
“Networks without Borders” are rapidly becoming the rule rather than the exception.
The demand for all access all the time, along with the rapid rise in remote, telecommuting, part time and transient workers, has rendered network borders obsolete and made networks extremely porous. Today’s 21st Century networks more closely resemble sieves than citadels.
Gone are the days when employees and data resided safely behind the secure confines of the firewall, clocked in promptly at 9:00 a.m., sat stationary in front of their computers, never accessed the Internet, and logged off at 6:00 p.m. and were offline until the next workday.
Today’s workers are extremely mobile, always connected and demand 24×7 access to the corporate network, applications and data via a variety of device types from desktops to smart phones irrespective of location. ITIC survey data indicates that workers at 67% of all businesses worldwide travel telecommute and log in remotely at least several days a month. At present, one-out-of-eight employees use their personal computers, notebooks and smart phones to access corporate data.
From an internal perspective, the ongoing economic downturn has resulted in layoffs, hiring freezes, budget cuts and less money and time available for IT training and certification. At the same time, the corporate enterprise network and applications have become more complex. IT departments face increasing pressure to provide more services with fewer resources. Another recent ITIC survey of 400 businesses found that almost 50% of all businesses have had budget cuts and 42% have had hiring freezes. An overwhelming 84% majority of IT departments just pick up the slack and work longer hours!
External pressures also abound. Many businesses also have business partners, suppliers and customers who similarly require access. Additionally, many organizations employ outside consultants, temporary and transient workers who need access to the corporate network from beyond the secure confines of the firewall.
This type of on demand, dynamic access is distinctly at odds with traditional security models. The conventional approach to security takes a moat and drawbridge approach: to contain and lock down data behind the safety of the firewall. IT managers have been trained to limit access, rights and privileges particularly with respect to transient workers, outside consultants and remote and telecommuting workers. And who can blame them? The more network access that is allowed, the greater the risk of litigation, non-compliance and compromising the integrity of the corporate network and data.
Providing secure, ubiquitous access to an array of mobile and home-based employees, business partners, suppliers, customers and consultants who need permanent or temporary access to the network is a tedious and time consuming process. It necessitates constant vigilance on the part of the IT department to monitor and provision the correct access rights and privileges.
The conundrum for IT departments is to easily, quickly and cost effectively provision user account access while preserving security and maintaining licensing compliance. The emerging Virtual Desktop Infrastructure (VDI) technology, where users control a desktop running on a server remotely, can address some of these issues, but VDI doesn’t solve all the problems.
An intriguing alternative to VDI is nascent software application from MokaFive, which is designed specifically to plug the holes in the so-called “Porous Enterprise.” MokaFive, based in Redwood City, California was founded in 2005 by a group of Stanford University engineers specifically to enable IT departments to swiftly provision network access without the cost and complexity of VDI solutions. MokaFive is not the only vendor exploring this market; its’ competitors include VMware (via the Thinstall acquisition); Microsoft (via the Kidaro acquisition), LANDesk and Provision Networks. However, the MokaFive offering is to date, the only “pure play” offering that enables organizations to provision a secure desktop environment on the fly to individual users rather than just an entire group.
The MokaFive Suite is actually a set of Desktop-as-a-Service facilities that are operating system, hardware and application agnostic. MokaFive’s desktop management features enable IT administrators to centrally create, deliver, secure and update a fully-contained virtual environment, called a LivePC, to thousands of users. Contract workers can log on via Guest Access; there is no need for the IT department to specially provision them. The MokaFive Suite facilitates ubiquitous access to Email, data and applications irrespective of location, device type (e.g., Windows, and Macintosh) or the availability of a hard wired network connection.
I discussed the product with several IT executives and administrators who immediately and enthusiastically grasped the concept.
“This a very cool idea,” says Andrew Baker, a 20 year veteran VP of IT and security who has held those positions at a variety of firms including Bear Stearns, Warner Media Group and The Princeton Review. “The most tedious aspect of configuring a worker’s experience is the desktop,” he says. Typically the IT manager must physically configure the machine, set up the access rights, privileges and security policies and deploy the correct applications. This is especially problematic and time consuming given the increasing number of mobile workers and transient workforces. The other issue is the constant need to re-provision the desktop configuration to keep it up to date, Baker says. The MokaFive Suite, he says, “saves precious time and it solves the issue of the disappearing network perimeter. I love the idea of being able to be secure, platform agnostic and being able to support multiple classes of workers from a central location.”
MokaFive’s LivePC images run locally, so end-users simply download their secure virtual desktop via a Web link, and run it on any computer (Macintosh or Windows). IT administrators apply updates and patches to a single golden image and MokaFive distributes the differentials to each LivePC. The entire process is completed in minutes by a single IT administrator. Once the MokaFive LivePC link is up and published, users are up and running regardless of whether it’s one person or 100 people. The traditional method of physically provisioning an asset can involve several IT managers and take anywhere from two days to a couple of weeks. It involves procurement, imaging, testing, certification and delivery of the device to remote workers. Baker estimates that MokaFive could cut administration and manpower time by 30% to 60% depending on the scope of the company’s network.
MokaFive also requires less of a monetary investment than rival VDI solutions and doesn’t require IT administrators to learn a new skill set, claims MokaFive VP of marketing, Purnima Padmanabhan.
“VDI does enable companies to ramp up and quickly provision and de-provision virtual machines (VMs); however, the IT department is still required to build out fixed server capacity for its transient workforce,” Padmanabhan says. Oftentimes, the additional capacity ends up going to waste. “The whole point of contractors is to dial in, dial up and dial down expenses, and that’s what MokaFive does,” she adds.
Steve Sommer, president of SLS Consulting in Westchester, New York agrees. Sommer spent 25 years simultaneously holding the positions of CIO and CTO at Hughes, Hubbard & Reed a NYC law firm with 1,200 end users – including 300 attorneys — in a dozen remote locations. Sommer observes that corporate politics frequently determine access policy at the expense of security. “A company’s knowledge workers – lawyers, doctors, software developers – who drive large portions of revenue will demand all-access, all the time and security be damned. In the past it was an either/or proposition,” Sommer says.
With the MokaFive desktop-as-a-service approach all the data is encapsulated, encrypted and controlled. Organizations now have the option to manage the permanent workforce as well as temporary contractors and consultants who use their own personal devices quickly and easily. IT managers can provision a virtual machine (VM) on top of MokaFive or give the remote user or contract worker an HTML link which contains the MokaFive LivePC. The end user clicks on the link to get a completely encapsulated VM environment, which is controlled through policies using MokaFive. It can be completely encrypted at the 256-bit AES encryption. The entire environment is managed, contained and is kept updated with the latest passwords, connections, application versions and patches. When the user or contractor worker leaves the company, the IT department issues a root kill signal and all the licenses are retrieved and called back, ensuring compliance.
“MokaFive is a boon for IT departments and end users alike; no more worrying about provisioning and version. I love the fact that it’s application, hardware and operating system agnostic,” Sommer says. “And it also has distinct time saving benefits for the end user, or transient workforce. They can take their work with them wherever they are and they don’t have to worry about borrowing a notebook or PDA and ensuring that it’s properly configured with the correct version.”
MokaFive already has several dozen customers and prospects and is gaining traction in a number of vertical markets including financial services, legal, healthcare, government and education. Given the burgeoning popularity and mainstream adoption of VDI, the MokaFive Suite represents a viable alternative to organizations that want a fast, cost effective and non-disruptive solution that lets IT departments give fast, efficient and secure network access. It’s definitely worth exploring and MokaFive offers free trials for interested parties from its website.
Networks Without Borders Raise Security, Management Issues Read More »