Introduction
Yesterday, I attended the Symantec Symposium 2012 conference which was a chance to demonstrate the computing technologies Symantec was involved in developing and selling that were becoming important to big business computing.
Relevance to this site’s readership
Most solutions exhibited at this conference are pitched at big business with a fleet of 200 or more computers. But there were resellers and IT contractors at this event who buy these large-quantity solutions to sell on to small-business sites who will typically have ten to 100 computers.
I even raised an issue in one of the breakout sessions about how manageability would be assured in a franchised business model such as most fast-food or service-industry chains. Here, this goal could be achieved through the use of thin-client computers or pre-configured equipment bought or leased through the franchisor.
As well, the issues and solution types of the kind shown at this Symposium tend to cross over between small sites and the “big end of town” just like a lot of office technology including the telephone and the fax machine have done so.
Key issues that were being focused were achieving a secure computing environment, supoorting the BYOD device-management model and the trend towards cloud computing for the systems-support tasks.
Secure computing
As part of the Keynote speech, we had a guest speaker from the Australian Federal Police touch on the realities of cybercrime and how it affects the whole of the computing ecosystem. Like what was raised in the previous interview with Alastair MacGibbon and Brahman Thiyagalingham about secure computing in the cloud-computing environment, the kind of people committing cybercrime is now moving towards organised crime like East-European mafia alongside nation states engaging in espionage or sabotage. He also raised that it’s not just regular computers that are at risk, but mobile devices (smartphones and tablets), point-of-sale equipment like EFTPOS terminals and other dedicated-purpose computing devices that are also at risk. He emphasised issues like keeping regular and other computer systems up to date with the latest patches for the operating environment and the application software.
This encompassed the availability of a cloud-driven email and Website verification system that implements a proxy-server setup. This is designed to cater for the real world of business computing where computer equipment is likely to be taken and used out of the office and used with the home network or public networks like hotel or café hotspots. It stays away from the classic site-based corporate firewall and VPN arrangement to provide controlled Internet access for roaming computers. It also was exposing real Internet-usage needs like operating a company’s Social-Web presence, personal Internet services like Internet banking or home monitoring so as to cater for the ever-increasing workday, and the like. Yet this can still allow for an organisation to have control over the resources to prevent cyberslacking or viewing of inappropriate material.
Another technique that I observed is the ability to facilitate two-factor authentication for business resources or customer-facing Websites. This is where the username and password are further protected by something else in the similar way that your bank account is protected at the ATM using your card and your PIN. It was initially achieved through the use of hardware tokens – those key fobs or card-like devices that showed a random number on their display and you had to enter them in your VPN login; or a smart card or SIM that required the use of a hardware reader. Instead Symantec developed a software token that works with most desktop or mobile operating systems and generates this random code. It even exploits integrated hardware security setups in order to make this more robust such as what is part of the Intel Ivy Bridge chipset in second-generation Ultrabooks.
Advanced machine-learning has also played a stronger part in two more secure-computing solutions. For example, there is a risk assessment setup being made available where an environment to fulfill a connection or transaction can be assessed against what is normal for a users’s operating environment and practices. It is similar to the fraud-detection mechanisms that most payment-card companies are implementing where they could detect and alert customers to abnormal transactions that are about to occur, like ANZ Falcon. This can trigger verification requirements for the connection or transaction like the requirement to enter a one-time-password from a software token or an out-of-band voice or SMS confirmation sequence.
The other area where advanced machine-learning plays a role in secure computing is data loss prevention. As we hear of information being leaked out to the press or, at worst, laptops, mobile computing devices and removable storage full of confidential information disappearing and falling in to wrong hands, this field of information security is becoming more important across the board. Here, they used the ability to “fingerprint” confidential data like payment card information and apply handling rules to this information. This includes implementation of on-the-fly encryptions for the data, establishment of secure-access Web portals, and sandboxing of the data. The rules can be applied at different levels and affect the different ways the data is transferred between computers such as shared folders, public-hosted storage services (Dropbox, Evernote, GMail, etc), email (both client-based and Webmail) and removable media (USB memory keys, optical disks). The demonstration focused more on the payment-card numbers but I raised questions regarding information like customer/patient/guest lists or similar reports and this system supports the ability to create the necessary fingerprint of the information to the requirements desired.
Cloud-focused computing support
The abovementioned secure-computing application makes use of the cloud-computing technology which relies on many of the data centres scattered around the world.
But the Norton 360 online backup solution that is typically packaged with some newer laptops is the basis for cloud-driven data backup. This could support endpoint backup as well as backup for servers, virtual machines and the like.
Mobile computing and BYOD
Symantec have approached the mobile computing and BYOD issues in two different paths. They have catered for the fully-managed devices which may appeal to businesses running fleets of devices that they own or using tablets as interactive customer displays. But they allowed for “object-specific” management where particular objects (apps, files, etc) can be managed or run to particular policies.
It includes the ability to provide a corporate app store with the ability to provide in-house apps, Web links or commercial apps so users know what to “pick up” on their devices. These apps are then set up to run to the policies that affect how that user runs them, including control of data transfer. This setup may also please the big businesses who provide those services that small businesses often provide as an agent or reseller, such as Interflora. Here, they could run the business-specific app store with the line-of-business apps like a flower-delivery-list app that runs on a smartphone. There is the ability to remotely vary and revoke permissions concerning the apps, which could come in handy when the device’s owner walks out of the organisation.
Conclusion
What this conference shows at least is the direction that business computing is taking and was also a chance to see core trends that were affecting this class of computing whether you are at the “big end of town” or not.
