Thoughts from VMworld, Day Two

Day Two of VMworld is in the books, and here's what our team of analysts have to say:

Topics: Cloud Computing Storage End-User Computing VMware cloud security

Supporting Enterprise Mobility: An End-user’s View into the Workspace

From a user’s perspective, a workspace is a window into an environment that includes all the necessary tools and information for performing her job. In some sense, this is akin to the consumer view of an app store, but there is more to the story in a business setting. We covered the details of Supporting Enterprise Mobility: How to Create a Workspace in a previous blog and discussed the options IT has to create Supporting Enterprise Mobility: Cloud Assembled Workspaces. Let’s cover two of the key ingredients that a user should expect:

Topics: End-User Computing workspace

Yet Another Proof Point for Network and Endpoint Security Integration

As I’ve mentioned many times in my blog, there is a lot of evidence suggesting a trend toward the amalgamation of endpoint and network security.

Here’s another recent data point that supports this further. ESG recently published a new research report titled Network Security Trends in the Era of Cloud and Mobile Computing. The report is based upon a survey of security professionals working at enterprise organizations (i.e., more than 1,000 employees). ESG asked them: “Is your organization engaged in any type of project to integrate anti-malware and analytics technologies on networks and endpoints?” Nearly one-quarter (22%) said, “yes, extensively,” while another 39% responded, “yes, somewhat.”

Topics: Information Security End-User Computing IT Infrastructure network Networking Information and Risk Management endpoint Security and Privacy

Proofpoint Report Exposes Details about Cybercrime Division-of-Labor and Malware Architecture

One of the more vapid cybersecurity cliché statements goes something like this: “Hacking is no longer about alienated teenagers spending countless hours in the basement on their PCs. Rather, it is now the domain of organized crime and nation states.” While this is certainly true, it is also blatantly obvious. It is also nothing more than a meaningless platitude with no details about why this is true, how hackers operate differently than teenagers, or what the implications are.

If you want to understand these issues, I strongly suggest that you read a new threat report, Analysis of a Cybercrime Infrastructure, published this week by Proofpoint. The report follows the tactics and techniques used by a Russian organized crime group as it launched an attack on US- and European-based users aimed at stealing online banking credentials.

Topics: End-User Computing Information and Risk Management Security and Privacy

The Internet of Things (IoT)

I shall be expanding on this theme--the internet of things (IoT) over the next few years, as I find it to be the most interesting thing to happen not only in tech, but potentially in modern society, ever.

Topics: Cloud Computing Analytics End-User Computing Endpoint & Application Virtualization Internet of Things Data Management & Analytics IT Infrastructure IoT Enterprise Software mobile Compute Public Cloud Service

End-user Computing with EMC VSPEX, XtremIO, Brocade, and VMware

In my time with ESG Lab, I have seen and tested numerous virtual desktop solutions and reference architectures. It’s common knowledge that virtualizing end-user computing environments can present the most challenging workloads an infrastructure must support. Users have become accustomed to the performance of flash drives in their business and personal computers, making delivery of an exceptional user experience–essential to the success of desktop virtualization–even more challenging. If you can’t deliver performance equal to or better than what users already have, you’ve already lost.

Topics: End-User Computing Endpoint & Application Virtualization ESG Lab

Figuring Out FIDO (i.e., the Fast Identity Online Alliance and Standard)

No one hates passwords more than I do and it seems like I’m asked to register for a new site each day. For those of us in the know, this situation of “password sprawl” is even more frustrating because we really should have solved this problem years ago. After all, Whit Diffie, Marty Hellman, and the RSA guys first came up with PKI back in the 1970s so you’d think that passwords would be dead and strong authentication would be ubiquitous by now!

Thankfully, there may be hope on the horizon in the form of the FIDO alliance. The group, composed on a who’s who of industry big shots like ARM, Bank of America, Discover Card, Google, Lenovo, MasterCard, Microsoft, PayPal, RSA, Samsung, and VISA, is “developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance of passwords to authenticate users.” In other words, FIDO wants to introduce “trusted convenience” by making strong authentication easy to deploy and easy to use on the front-end (i.e., for users) and back-end (i.e., for IT).

Topics: End-User Computing Information and Risk Management mobile Security and Privacy

VMworld 2014: Top Questions ESG Analysts Hope to Have Answered

This will be my 9th year in a row attending VMworld! The event always proves to be a great display of end-user passion that is driving towards new innovation and IT vendors displaying their latest products, solutions, and services. I recently asked the ESG team attending the event if there was anything they planned to track closely or questions that they hoped to get the answers to and here is what they shared:

Topics: Cloud Computing Storage EMC End-User Computing IT Infrastructure Data Protection VMware Private Cloud Infrastructure Networking Information and Risk Management mobile VMworld software-defined data center software-defined storage Airwatch hybrid cloud SDDC NSX SDS Enterprise Mobility

BYOA: Bring Your Own Authentication

Most people who use IT or Internet applications would agree that the current username/password mode of authentication is cumbersome, ineffective, and obsolete. According to ESG research, 55% of information security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that username/password authentication should be completely eliminated or relegated to non-business critical applications only.

Topics: Cloud Computing Microsoft End-User Computing Private Cloud Infrastructure Information and Risk Management mobile Security and Privacy google Lenovo multi-factor authentication ARM RSA Security Public Cloud Service

End-users must be Part of Cybersecurity Solutions

As the old infosec adage goes, “people are the weakest link in the cybersecurity chain.” Clearly enterprise security professionals agree with this statement. In a recent ESG research survey, enterprise security professionals were asked to identify the factors most responsible for successful malware attacks. It turns out that 58% point to a lack of user knowledge about cybersecurity risks – the most popular answer by far.

This data is not unusual, security professionals often bemoan end-user cybersecurity behavior. They don’t pay attention in training classes, they click on suspect links, they are easily fooled by social engineering tactics, etc.

Topics: End-User Computing Information and Risk Management Security and Privacy