Archive | October 2014

An update from our 2014 Associates

My name’s Andy Gibson and I am a Sales Associate aligned to the Financial Services and Retail Sector based out of Manchester. Last month Emma talked about her experience within the Networking Line of Business. In this post, I am going to discuss a few areas; the sales training we are currently going through which is based on a fiction case study of Tangerine Telecom, my Datacenter rotation and finally Neil Muller’s Manchester Branch Open Forum.

Tangerine Telecom is a key part of the Associate Programme that has run for many years. In the sales training we have been learning about the different processes of a sales cycle and how to approach customers; it’s fair to say it’s a lot more complicated than it looks! Having been through the third day of training (with two still to go) we are currently conducting a series of qualification calls with Computacenter employees acting as fictional customers. Something they all take very seriously! This became apparent when we called one individual their real name and he replied with “who is that”?! Although a little strange, this is great practice for future customer calls.

“Although a little strange, this is great practice for future customer calls.”

The sales training is based on the book written by Mahan Khalsa and Randy Illig’s “Let’s Get Real or Let’s Not Play”, which focuses on moving away from the solution and onto helping clients to succeed. The aim of the training is to develop sales techniques that will ultimately help in our future roles. This will be tested by presenting to John Beard and Pierre Hall (Financial Services and Retail Sector Director, and Workplace Line of Business Director) in December.

Before our presentation to John and Pierre, we also have an individual presentation to Mike Norris (Group CEO), where he will play CIO of Tangerine Telecoms. I think this is one of the most important parts of the programme, as getting individual time with the Group CEO would be unheard of at any other company of our size… Wish us luck!

“Although it’s arguably the most complex line of business, the team did a great job in helping us to understand it at a high level.”

We are also still going through our usual rotations. Following the networking rotation Emma discussed last month, we have moved into the Datacenter Line of Business. Although it’s arguably the most complex line of business, the team did a great job in helping us to understand it at a high level. Whilst on the rotation we worked on a project based on IT Operational Analytics (ITOA); something that I hadn’t heard of prior to the rotation. At a high level ITOA helps business to make IT decisions based off machine data. If like me you haven’t heard of this, I encourage you to Google it. This rotation was concluded with a test, individual presentation and group presentation; intense to say the least!

I write this blog following Neil Muller’s (UK MD) Manchester Branch Open Forum. With no set agenda, the audience asked questions that Neil seamlessly addressed. He went on to give an update around the UK business and covered numerous other topics including the Manchester branch…we look forward to the future improvements! This was an extremely insightful session in a relaxed environment and I would recommend it to you all.

Thank you very much for reading. Next month, we have a blog from Liam Meeson, our Networking Line of Business Associate.

Heading to the Clouds. Microsoft ups the ante with its “Cloud First, Mobile First” strategy

It is not like me to comment on vendor announcements in this blog, nor is it like me to post two blogs in a single week, but with Microsoft’s TechEd conference taking place this week, there’s been a couple of significant announcements I wanted to cover.

The first announcement on Monday was of Microsoft moving to offer Unlimited OneDrive storage for Office 365 subscribers, with rollout commencing this year and into next year. This is a major announcement in its own right, and having had opportunity to speak to a couple of customers this week already, is clearly being viewed very positively. We’ve seen a number of players in this market moving their pricing structures in recent months, in particular Dropbox, but it’s hard to imagine how they are going to compete with the “free” in the business market.

Cloud economics were always going to prevail, and we’ve seen similar pricing battles in the IaaS market place earlier in the year, but the speed at which this market has been driven to zero (Note: it’s not really zero as customers will still need an O365 subscription) has been surprising. In terms of widespread adoption, not only do Microsoft need to move customers into O365 subscriptions, which they are very active with and this announcement will help them achieve, but ultimately they will need to address some of the usability challenges of OneDrive. In the immediate aftermath of the announcement was the major comment from users of a need to make the system more intuitive and simpler – being a (personal) user of many of these technologies – not something I would disagree with at all!

The second significant announcement was the introduction of MDM features into Office 365 applications. As if in the aftermath of the OneDrive announcement you were struggling for a reason to investigate Office 365… perhaps this will push you over the edge?

From my previous blog posts you’ll see that the Mobility market is one which I’ve been observing closely through 2014, and while Microsoft missed out on entry to this years’ rounds of Gartner quadrants for EMM due to timing, it is clear that the “Cloud First, Mobile First” strategy is starting to mobilise at pace.

What this solution potentially offers is access to the native Office experience on the device platforms that people want to use, but with the management capability to ensure security and control. Until now these have been somewhat mutually exclusive, with limited ability to exploit the native Office experience on mobile devices in a truly secure manner. This announcement brings those two requirements together, and provides a stepping stone to wider enablement through the InTune and EMS platforms for more sophisticated application delivery and control.

I greet both of these announcements positively, and there’s certainly a degree of excitement in the way they have been received. At Microsoft’s Worldwide Partner Conference in July we were given insight into the future strategy, as they cater for a heterogeneous world of devices and platforms, and take up the role of challenger. These moves certainly challenge and disrupt the status quo.

We have seen a lot of interest in Microsoft across O365 and Mobility this year, I suspect we’ll be discussing it a whole lot more now.

Top 5 Trends of 2014 in Enterprise Mobility

In this blog, one of a series over the coming weeks, I’m going to run through some of the top trends we are seeing in the fast paced world of Enterprise Mobility. Starting with the Top 5 headline market trends:

1.      From MDM to EMM

We’ve seen over the past 12-18 months the Mobile Device Management (MDM) market evolve into what is now termed Enterprise Mobility Management (EMM). EMM encompasses three key facets to make mobile technology a truly viable platform for business productivity. EMM is comprised of:

  • Mobile Device Management (MDM)
  • Mobile Application Management (MAM)
  • Mobile Content Management (MCM)

We’ve seen all the key players evolve their proposition from MDM to EMM, and Gartner even declared “MDM is a feature not a product”, so the direction of travel towards integrated suites that deliver apps and content, while retaining the underlying device control is clear.

2.      BYOD, CYOD or COPE?

We have lots of discussions around modern device ownership models. Bring Your Own Device (BYOD), to Choose Your Own Device (CYOD) and Corporately Owned Personally Enabled (COPE) – which model should you choose?

It would be fair to say we’ve not really seen BYOD take off in our market (Europe) as much as it has particularly in North America, with the predominant model being Corporately Owned Personally Enabled (COPE). With the growth of smartphone/tablet adoption we are seeing a much greater acceptance of enterprise to accommodate Personal usage on corporate assets. In many instances this has resulted in fringe benefits such as a reduction in repairs/returns as an individual will often take better care of the device when it has more of a personal importance to them – I guess that’s just human nature!

3.      Work and Life Collide

Extending from trend 2, we are also starting to see users consolidate their devices. At the moment this is more from a personal/business life perspective as the “3 screen” principle of working still seems to be prevalent. However with pragmatism around COPE ownership models, the power and capability of “smart-tech” that we’re seeing deployed into enterprises, and good old user power many users are now blurring the lines between Personal and Work life. Just this week I read an interesting report that analysed this trend and showed the propensity for business/personal blending to be far more prominent across only certain type of user communities rather than all workers

4.      Mobile Applications

As early adopters embrace mobile technologies, we’re starting to see interest in development of Native and mobile aware (e.g. HTML5) applications, and also the emergence of Mobile Application Development Platforms (MADP). The latter is a relatively new area of the market proliferated with a number of different providers and approaches, however we’re seeing the development of modern mobile applications across a number of different industry verticals as enterprises move forwards on their mobile and digitisation strategy.  Exploiting mobile technologies for line of business use cases is clearly the forward direction, but is still an infant market waiting to grow as the hardware and software platforms mature.

This all ultimately relates to a “digitisation strategy” with mobility as a central pillar.  This is a journey, we think comprised of 3 key stages, but a number of our customers are already achieving competitive advantage and differentiation by exploiting mobility early to enhance customer engagement, open up new markets and enable their staff

5.      Pace of change

Working at the speed of mobile encompasses a number of things that are changing the classic paradigms for enterprise IT. The pace of change in the market, driven by new influencers such as consumerisation and user power, as well as new vendors who have fundamentally different approaches to their product strategies (Annual OS releases etc). Solution providers (EMM vendors) are increasingly embracing a “cloud first” SaaS delivery mechanism, in doing so introducing updates and releases to their platforms on anything up to a monthly basis.  This creates a rate of change we’ve never experienced before, and breeds diversity of a scale we probably couldn’t have imagined 10 years ago.  For example >18,000 Android variants, a new device released somewhere in the world every 6 days are just some of the stats I’ve heard recently that pay testament to that. Add to this a volatile wider market with Merger and Acquisitions, and partnership  agreements as each vendor tries to maximise their value and relevance across the full workplace and mobile spectrum

 

The above poses a complex challenge for organisations to navigate in this “mobile first” world, and is just my top 5. There are many others which I can’t cover here as I limited myself to just 5, but serves to demonstrate the challenges (and opportunities!) of embracing mobility – but there’s much to consider.

 

A shock to the system

Shellshock has been with us for a week now, and as the dust starts to settle I think it is time to take a look.

Shellshock refers to a set of problems in the open source command shell Bash, or the Bourne Again SHell.   There are many blogs and articles on Shellshock, so once again I’m not trying to tell you things that are widely covered elsewhere but there are some significant problems with the coverage and I want to take a look at them here. This is not a news service; if you want to track Shellshock information please try some of the links at the end of the article, and pretty much any other IT security page at the moment.

One of the less helpful parts of the reporting is the idea that somehow the Heartbleed SSL vulnerability and Shellshock are comparable. True, they both got media friendly names as soon as the news was released but heartbleed got the cool logo.

The superficial comparisons are that they are both open source issues, they are both potentially externally facing, network exploitable and don’t need to be authenticated. They also received a great deal of general publicity; finally they both produced a great deal of activity over a short period of time.

Now, considering the differences:

Heartbleed was only present in a small number of SSL installations that were running modern implementations; many systems were too old to be vulnerable to Heartbleed. There are no systems running the Bash shell that are too old, they are vulnerable unless patched in the last few days. The Bash shell may appear on any Linux, as well as most conventional Unix systems and some embedded devices.

Heartbleed (2011) is a fault, we know it is the coding error and it is fixed, the problems with Bash are decades old and may not really be a fault at all. Bash (1989) was written before the modern Internet and concepts such as ‘secure by design’ and it may well be that the code was always meant to work this way. So, Heartbleed may allow a backdoor, Shellshock is more like a front door.

Heartbleed is very hard to exploit, it might be necessary to run the attack thousands of time before valuable data is captured. It is possible to exploit vulnerable Bash code with a single attack string. Part of the same issue is that Heartbleed packets are pretty easy to detect using tools like network IDS, despite the fact they aren’t usually logged by the vulnerable asset itself. The strings used to exploit Shellshock are arguably valid code, and so creating a solid detection with a low false positive rate is much harder.

So, is Shellshock worse than Heartbleed, undoubtedly yes. The Bash shell was never created as a security system, just to be useful. It is as old as the 486 processor and the fall of the Berlin wall.

Bash trusts user inputs in a way that modern systems shouldn’t do. Attack code is already publically available and is in use, (see web links below.) Such code might be useful for compromise as well as denial of service. Where a system is vulnerable results can be expected immediately, not like Heartbleed.

The Bash code is simple; any attacker with even basic web and scripting skills can create a new attack and manipulate target systems in new ways. I expect more from Shellshock over the next few weeks and the discovery of more vulnerabilities in decade old code that we have very quietly all become dependent on.

The following external links are recommendations of the author. This is a fast moving situation, so it is important to keep up with the latest information from security professionals and vendors.

Heartbleed

https://computacenterblogs.com/2014/04/09/heartbleed-cve-2014-0160/

http://heartbleed.com/

Shellshock technical deep dives

http://www.fireeye.com/blog/technical/2014/09/shellshock-in-the-wild.html

http://www.secureworks.com/resources/blog/shellshock-bash-attacks-on-the-rise/

http://blog.cloudflare.com/inside-shellshock/

General news article

http://www.bbc.co.uk/news/technology-29375636

Tracking Shellshock

http://www.incapsula.com/blog/shellshock-bash-vulnerability-aftermath.html