Mobile app virtualization eases deployment headaches for IT

Once again, I am going to write this week about something that was moved to the forefront of my mind on the way to pick my daughter up from class a week or so ago, but something that not only do I see daily, but we all see daily.

I was on my way back to campus last week to pick my daughter up after class and as I set at stoplight after stoplight, I kind of smiled to myself as I realized that every person crossing the street in front of me, walking down the sidewalk, practically every person, everywhere we go, has a cell phone in their hand, either texting, talking, listening to their music, or who knows what else.  Just to think, when I was that age, cell phones weren't even a thought we had.  We were still having conversations on phones attached to walls.  We were just moving into the cordless phones with the pull up antennas, remember those?

So with that thought, came the thought that it seems to me that it won't be long before desktop systems are left along the wayside.  I remember thinking I never wanted a laptop, I would stick with my desktop.  What a workhorse.  There was no way they could get all that in a laptop.  Well, I now don't know what I would do without a laptop.  The ability to sit in bed and do homework.  Oh, heaven must be something like this.  LOL!

So with the proliferation of mobile devices into our lives, it only makes sense that the next frontier for takeover, if not already taken over, is the work environment.

So far organizations seem to be handling it many ways.  There are organizations that distribute mobile devices to employees, there are organizations that are allowing employees to bring their own devices to work, and there are organizations that are combining these camps.

However, it is handled, it is imperative for organizations to jump on the mobile band wagon one way or another.  I ran across this article, Mobile app virtualization eases deployment headaches for IT, and thought it would prove for a good discussion.

There are three stages for successful mobile deployment according to this piece.  The firs stage is the delivery of existing apps to mobile devices in a virtualized manner.  This step is a necessary bridge technology due an organization's investments in Windows 7 and applications that have not been built for mobile environments. 

The second stage is to take existing applications and turn them into cross-platform mobile apps.  The third and final step is to decouple the data from the application and choose the appropriate application for the platform or devices being utilized.  When all these stages are completed, IT can then pipe the data from the data center directly into the application.

As we know, mobile devices have proliferated our society and it has also forced organizations to rethink their information systems.  While organizations do not have to make a total move to mobility, it is going to become a huge consideration for organizations as their employees increasingly demand the ability to become mobile.  Mobility has become a catalyst for change, not only at home, but also in business.

Furbush, J. (2012, October 24). SearchConsumerization. Retrieved from techtarget.com: http://searchconsumerization.techtarget.com/news/2240169175/Mobile-app-virtualization-eases-deployment-headaches-for-IT

Information Security Risk Analysis

Our chapter this week discussed risk analysis, asset valuation, and other topics associated with risk analysis.  I found an article discussing a hybrid of qualitative and quantitative risk analysis.

Threat can be defined as the result of an Actor, a Motivation and an exploitable Vulnerability. Risk can be defined as the product of a Threat, Probability and Business Impact.

NIST SP800-30 discusses a series of steps that should be carried out during a Risk Analysis, or Risk Assessment. The steps as noted below, are a hybrid of quantitative and qualitative analysis. When a quantity is known, that quantity should be included, when threats, risks, or assets are subjective, scenarios should be developed. ‘High / Med / Low’ can be substituted for figures in both likelihood and impact assessments.

The object of a Risk Analysis is to rate the current exposure of the organization and a resulting plan to institute controls to mitigate some or all of that risk.

Loss expectancy is calculated for each asset vulnerability during a Quantitative Risk Analysis. Each asset must be valued (AV), and the exposure (as a %) of that asset, as related to each particular vulnerability in question, must also be calculated.   Said formula is noted below:

Single Loss Expectancy (SLE) = Asset Value (AV) x Exposure Factor (EF)

The organization should then estimate the number of occurrences, annually, of the particular loss. The resulting number can be a whole number or a fraction if the event occurs less than once per year. The Annual Rate of Occurrence (ARO) can be predicted based on historical figures. It is essentially the balance of the adversary capability against the countermeasures (controls) put in place by the Security Manager.


Referencing our earlier noted flow chart, the Asset and Vulnerability are used to calculate the Single Loss Expectancy (SLE) and the Threat, Threat Actor, Controls and Security Manager are used to estimate the Annual Rate of Occurrence (ARO).


The final calculation – Annual Loss Expectancy (ALE) – is a numeric approximation of risk. The resulting percentage can be utilized to help the business decide whether the risk should be:

➢ avoided – through changing business process
➢ mitigated – through introduction of countermeasures
➢ accepted – because the cost of avoidance or mitigation outweighs the ALE

Annual Loss Expectancy (ALE) = Single Loss Expectancy (SLE) x Annual Rate of Occurrence (ARO)

When the cost of adoption is less than Annual Loss Expectancy for any single threat, countermeasures or risk avoidance measures should be discussed.  Countermeasures or Risk Avoidance measures should only be considered if the cost of adoption is less than the Annual Loss Expectancy for the particular threat.


REFERENCES

Maniscalchi. (2010, May 17). Digital Threat - Information Security Analysis. Retrieved October 2012, from digitalthreat.net.  http://www.digitalthreat.net/2010/05/information-security-risk-analysis/#

Endangered IT Species

For this week's blog, I am going a little off kilter.  I have recently relocated and am having a difficult time finding work.  I know between the economy and my lack of experience, it is more difficult finding something, but it is very frustrating.  I have gone back to school, received my Bachelor's Degree, am working on my Graduate Degree, interned for a little over a year with TD Ameritrade, and still find myself on the "lack of experience" train.

It is frustrating.  How are we to get experience if we are not given the chance.  Yes, I have a year's worth of experience, but it is very difficult finding something with so little experience.  Another thing hampering my job search is the fact that although it has been said that IT security specialists will be in high demand in the near future, I am not seeing that yet.

I received an e-mail that discussed the 9 most endangered IT species in a whimsical manner that I found interesting and I will relay here.

The piece was entitled "The most 9 endangered species in IT.  The IT job landscape is evolving quickly.  Here's how to avoid IT extinction".  It discussed positions that IT Specialists see in jeopardy and how to adjust to keep from getting pushed out of the field.

The first endangered species is the brown-nosed naysayer which this piece describes as person who commanded all tech decisions with the simple word "no" in the name of security and/or budget concerns.  However, with the new "bring your own device" revolution hitting the business world, along with cloud services, this "species" is now harmless and will soon find itself phased out of the business environment.  In order to avoid extinction, it is recommended this species begin practicing the word "yes" and embrace this new revolution.  It is further recommended this species assist in developing a mobile device management strategy and policy for the enforcement of social media use.

The next endangered species is the data center dinosaur which is described as the person with an in-depth knowledge and understanding of particular types of software, coding language, or development methodologies.  These specialists are now becoming replaced by people who are flexible generalists that have a broader skill set.  In order to avoid extinction, it is recommended this species broaden and diversity their knowledge base.

Next is the red-bellied repair tech.  This species was once a common sight in offices making sure desktops were up and running.  However, with the decreasing costs of hardware and the gaining popularity of inexpensive mobile devices, they have become unneeded.  It is recommended this species consider server maintenance to stay vital to an Organization.  A person that has the ability to quickly diagnose hardware issues and errors in a server environment will have work for many upcoming years.

Next we have the lesser-spotted system administrator.  This one surprised me.  Systems Administrators have played an important role in the IT world by keeping the end user systems up-to-date and operable.    However, in recent years these roles have been outsourced, leaving the remaining numbers in peril.  With the increasing dependency on cloud computing, their presence will be needed even less.  Small and mid-size organizations will be the first to cut this species in an attempt to shore up budget constraints.  This species may not disappear entirely, as these tasks will migrate to cloud companies where demand is higher and competition stiffer.  It is recommended that this species become security gurus or data analytics experts, as these are tow fields that are growing and will continue to do so for some time.

Next we have the pink-crested credentialist.  While the Credentialist is rare but can still be found in HR departments, it's duties have been reduced by IT pros with more skills and experience. It is recommended this species adapt to engineer/programmer type work or creating their own intellectual property in order to stay relevant.

Next is the common web designer.  In the not too distant past Organizations had web designers coming out their ears; those numbers are down to a handful of experts.  With the increased use of automated site-creation tools and sophisticated marketing, this species is quickly declining.  It is recommended this species focus on mobile devices.

Next is the woolly unix mammoth.  This species was once the dominant species but are quickly becoming replaced by faster and less expensive Linux boxes.  In order to avoid extinction, it is recommended this species become experts on applications that can migrate to Linux and know which ones need to remain on Sun in order to lead their Organizations during the migration.

Next is the purple-tufted programmer.  Programmers that have gained their experience in Cobol or Fortran are a dying breed, but they are not the only ones.  IT pros that are mainly code hackers will quickly find themselves unneeded.  If one would prefer to write code as a career should be ready to do it as a software engineer.  In order to survive, it is recommended this species expand their knowledge base and align their skills with the adjusting needs of business, which means finding themselves as integrators of business logic, cloud tools, and more or they may find themselves extinct.

Finally, we have the ridge-backed technocrat.  This species has relied on building technology silos and policies.  This territory has now become overrun with business managers that no longer require approval for technology purchases.  In order to remain relevant, it is suggested this species need to start working with other teams in order to make things more efficient and assist the application experts in saving money.

While this article took a whimsical look at the changing demands in IT, some of it was surprising.  I guess the biggest surprise was the System Admins.  When I interned, this department is pretty big.  It seems strange that these people would no longer be needed as they are the ones that keep the Organization running on a day-to-day basis.

However, it was nice to see that a recommendation of Information Security was offered.  So, I guess I'm on the right track, I just have to be patient, and hopefully I will find the right job.

Keep your fingers crossed for me, and if you have any hints or advice, please, let me know.  I am open for anything because right now I'm looking at a sales associate position with Sprint.  Argh!

Tynan, D. (2012, October 11). The 9 most endangered species in IT. The IT job landscape is evolving quickly. Here's how to avoid IT extinction. Inforworld .

http://www.infoworld.com/slideshow/68348/the-9-most-endangered-species-in-it-204556#slide1

Attempt to cut down on cell phone thefts

This week's discussion was brought to mind by some discussion on my weekly forum posting in my Management of Information Security Class.  During this discussion I was reminded of something I had just caught the tail end of on the news a month or so ago, or it seemed anyway.  Come to find out, it looks like it was back in April, but I still find it interesting.  I suppose it was probably brought to the forefront of my mind again as my daughter lost her phone about a week ago, we did find it, she left it on the roof of the car when I she got in after class one rainy day last week.  That phone stayed on top of the car for about five miles and three turns.  When we finally realized it was gone, we retraced our steps, and found it about a block from the end of our trip, of course we started at the beginning to retrace our steps.  Anyway, she has a Samsung Galaxy SII and has been singing its praises.  All the phone ended up with was a cracked glass.  It probably wouldn't have cracked had it not been laying on top of a rock and been run over at least once.  Other than that, it works great!  So, anyway, onto the discussion about cutting down on the thefts of cell phones.

Both the piece I read, "FCC, Cellphone Companies Work Together to deter Cellphone Theft" mentioned that cellphone theft has not only increased, but has become an increasingly violent crime.  The FCC and cellphone companies have now come together and began to work together to make it more difficult to use a stolen cellphone.

The parties have agreed to establish a database that will allow stolen phones to be shut off based on an IMEI number.  These numbes are unique to cellphones, much like automobile VIN numbers.  By using the database, carriers will have the ability to permanently block a cell phone that has been reported stolen from being activated on the network.

The goal of this agreement is to make a stolen cell phone worthless.  New York Senator Charles Schumer is also working on a bill that will make the tampering of an IMEI number a federal crime.

With the increased use of smart phones, there has been an increase in the number of thefts, with thefts occurring in schools, during rush hour, in broad daylight; thefts occurring outside the norm.

At this time it is fairly easy to use a stolen cell phone.  The SIM card is usually disabled in a stolen cell phone, but is simple enough to get a new SIM card and reactivate the stolen phone.  This ease has assisted the growth of a black market for stolen cell phones.

It is nice to see the Government and the providers working together to try to decrease these thefts.  I have had one cell phone stolen and lost another.  I don't know if anyone decided to try to use them, don't care.  The biggest thing was the disruption caused by not having the phone.  I think the more we rely on our smartphones, and the smarter they become, the more personal information they are going to have, so I don't know if targeting this one issue of the theft is the way to go about it, but at least it is a start.  I never realized, until I saw some of the recorded thefts on the news, how violent thieves have become when attempting to steal a cell phone, it would be nice to have some of that violence reduced as well.  If the phones cannot be utilized after they are stolen, there will be a decrease in the violent thefts.

Newsroom, W. (2012, April 10). FCC, Cellphone Companies Work Toether to Deter Cellphone Theft. WNYC News, pp. http://www.wnyc.org/articles/wnyc-news/2012/apr/10/fcc-cellphone-companies-work-together-stop-cellphone-theft/.