Controlling Enterprise Mobility in the Cloud

According to a recent Gartner survey, as reported by InfoWorld, Cloud Computing was mentioned as one of the top two technology priorities for CIOs in 2010. What’s also interesting is that on the Top 10 list is also security technologies.The concept of cloud computing is not new. The economic viability of this model is quite compelling for many enterprises, with the Gartner survey also mentioning cost reduction and improved workforce effectiveness as two of the top 10 CIO business priorities. However, concerns around security and relinquishing control over sensitive corporate data have been stalling the widespread adoption of cloud computing in the last couple of years. But, becoming clear is that the cloud computing era is approaching fast. And here’s why.Past experience has taught us that economic viability is a strong driver for innovation, and that drive will prevail over technical challenges. One example is the shift from mainframe computing paradigm, which dominated the marketplace in the 80s, to the client-server paradigm, which prevailed in the 90s. The mainframe generation was characterized by silos of data and voice communications. In this generation, dumb terminals used to connect to proprietary mainframes for specific yet limited computing applications, with voice, video and data running on completely segregated networks. The mainframe paradigm was simple and secure, with enterprises being fully in control of access privileges to data and applications.However, the economic benefits of unifying voice, video, and data applications on a single converged network became a stronger, more prevailing force. Continuing this example, the client-server paradigm galvanized the adoption of TCP/IP worldwide, which in turn spurred the development of the internet and unified communications.These same concepts are applicable to the cloud computing industry. The economic viability of pay-as-you-go for virtually unlimited elastic computing resources, required for fast and efficient implementation of IT projects, will overcome the security concerns. The fact that existing cloud computing vendors are prospering and that major new players are entering the cloud computing market, is yet another indication that this industry is beginning to emerge successfully across the chasm.This market growth is an indication that the adoption of the technology is shifting from the early adaptors, who are visionary in nature, to the pragmatic early majority. There is ample evidence that cloud computing is gaining momentum. Amazon is substantially growing their Elastic Compute Cloud and S3 services and a stock price appreciating over 175% from January 2009; Google Apps Engine is challenging the Microsoft domination of the office applications, and Salesforce-dot-com’s stock price is appreciating over 180% in the last year, There are also new major players who are entering this market, including IBM with Blue Cloud and AT&T with Synaptic Hosting, and the expectation is that other major Service Providers will be adding cloud services to their portfolio in 2010.Independent of whether your corporation is an early adaptor or an early majority company, if you will be adopting cloud computing technologies in the foreseeable future, then an interesting question to ponder would be: “How would the adoption of cloud computing and SaaS applications impact the enforcement of corporate security policies for mobile users?”The traditional approach to enforcing corporate access security is to require mobile users accessing the corporate LAN to launch either SSL VPN or IPSec VPN clients. With these technologies, tunnels are established at the application or network layer respectively to ensure confidentiality of data traversing these VPNs. The challenge of this approach is that mobile workers who use their corporate remote access devices to access the internet either don’t launch their VPN clients, or their sessions are routed directly to internet through a split tunnel connection provisioned on access routers.When remote users are accessing the corporate LAN through VPN, they are protected by firewalls with UTM (Unified Threat Management) functionality. This is not the case, however, when the users connect directly to the Internet. In this case, they are exposed to a multitude of risks, including viruses, phishing, and spyware.A practical example of this risk would be the following scenario. Consider that you are using your corporate laptop to log from your home into the Dolphin Stadium and the Miami Dolphins team website to purchase tickets for the 2010 Super Bowl football game. What you don’t know is that this web site has been hacked into (based on a real scenario*), and it downloads and installs a malicious code on your laptop. This code acts as Trojan and can install a keylogger code and disable the anti-virus application on your laptop. After purchasing your tickets to the Super Bowl, you decide it’s time to get some work done and log into your Google Apps. Unfortunately, your password to Google Apps is captured by the keylogger and compromised at that time. This scenario could have been avoided with a mobile connection manager blocking the remote access to Google Apps after detecting that the Antivirus application is disabled.As the control point in the cloud computing era is shifting from VPN to internet connection, the connection manager will be required to enforce corporate policies for endpoint security. The recently announced iPass Open Mobile Platform has been designed with this paradigm shift in mind. The Open Mobile Client is always running on the mobile device, which enables it to become the ultimate control point for all mobility purposes, regardless of whether the accessed applications reside in the cloud or on the corporate LAN.The client in most cases is transparent to the end users, enforcing policies in the background. Policies may include optimal network selection, launching and passing on user credentials to VPN clients, and performing end-point integrity checks and remediation. The ECA (Event Condition Action) functionality on the Open Mobile Client empowers IT administrators to enforce corporate endpoint security policies. ECA is used to enforce both pre- and post-connect policies and spans across all integrated technologies (e.g. VPNs) and application (e.g. UTM apps running on the mobile device).*Based on a real hacking scenario, please refer to the PC World website for the article “Super Bowl Related Websites Hacked.” or

VPN Software Review!

enterprise mobility, cloud computing, VPN, mobile worker


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s