You are here: Home > Consumerisation

Posts about Consumerisation:

Announcing System Center SP1, our UK MVPs

Last night we announced general availability of System Center 2012 SP1, it’s great, expansive product that is absolutely key to delivering your Private Cloud, Managing your Public cloud and managing the consumerisaiton of IT. You can get the trail VHDs at the bottom of this post or download the installers– go give it a try. We’re also announcing our System Center 2012 IT Camps schedule today too!

As System Center 2012 is such a large stable of technology I thought, rather than try to cover the expanse myself, I’d get some of our MVPs to write about some of their favourite features. These guys have been using SP1 for months, their thoughts, comments, expectations and experiences helping to form the SP1 update.

We’ll start with Patrick Lownds, MVP. You can find Patrick on twitter.

System Center Virtual Machine Manger 2012 (VMM 2012) introduced the concept of being able to deploy a bare metal host. This feature allows customers to order servers from their vendor of choice and simply plug in that server and automate the deployment of Hyper-V. The Hyper-V host could either be a standalone domain joined host or it could form or be part of an already formed cluster at a later stage.

If you’re not familiar with the process, VMM 2012 leverages the baseboard management controller (BMC) to deploy an operating system image, which is contained in a VHD, together with any specific OEM drivers, that are contained in the VMM 2012 library, applies those drivers to the operating system image, enables Hyper-V, and then restarts the server.

New in System Center Virtual Machine Manager 2012 SP1 (VMM 2012 SP1) is the ability to do deep discovery of that bare metal host. This process boots the server to perform an inventory of the hardware, using a WinPE image. Once the information is collected the server shuts down and provides VMM 2012 SP1 with information about that host i.e. processor, memory and network interface cards.

This provides VMM 2012 SP1 with a greater insight into the hardware and allows you to configure in advance the more complex aspects of Virtual Machine Manager. For example, you could configure the use of DHCP or the use of an IP address from a pool of addresses managed by VMM, for each of the network interfaces detected, prior to deploying Hyper-V.

Next up is Graham Davies, System Center Cloud and Datacenter Management MVP, you can find Graham’s blog, System Center Solutions here.

As SCOM 2007 R2 gave way to SCOM 2012, we saw the Avicode .Net monitoring capability evolving into Application Performance Monitoring (APM). In SCOM 2012 this was initially focused on WCF based web applications although some flexibility in what was discovered was available by configuring the relevant overrides.

SCOM 2012 SP1 has seen a huge jump forward in functionality not only in terms of what can now be discovered and monitored out of the box but also in terms of integration with Team Foundation Server (TFS). So what exactly does SCOM 2012 SP1 bring to the table:

The ability to monitor Windows Services, not just IIS-hosted applications.

Automatic Discovery of ASP.NET MVC3 and MVC4 Applications.

The ability to monitor SharePoint web front-end components.

Integration of Operations Manager and TFS

You can configure Operations Manager to allow APM alerts to generate and synchronise with TFS work items and APM exception events can be saved in IntelliTrace file format directly from Application Diagnostics enabling Developers to stay within their familiar environment to examine the complete exception call stack.

So SCOM 2012 SP1 both extends APM functionality improves the workflow between development and IT operations teams, improving efficiency and reducing the mean time to recovery for the problems detected by APM.

.Net Application Performance Monitoring Template

Integrating Operations Manager with Development Process

Finally in this post Raphael Perez, Configuration Manager MVP , you can find him on his System Center blog

Windows 8, Windows Phone 8, Windows RT, iPhones, Androids, Linux/Unix, Mac? How can we manage them? Application Virtualization, PowerShell, Mobility, Cloud, VDI, Security, Bring your Own Device (BYOD)? How can we integrate it?

These are only few of many questions business need answer and it is simple: Configuration Manager 2012.

The Service Pack 1 of Configuration Manager brings the world together, putting in a single console for management of Microsoft and non-Microsoft systems as well as a Microsoft Cloud and any device connected to it.

SP1 also support Windows to GO USB devices, roaming profiles, folder redirection, intelligent mobile network detection, it means that SP1 will detect mobile networks (3G/4G) to prevent software deployment when data charges may apply, and many other features.

As many other Microsoft systems, SP1 gives you support for PowerShell, it means that the administrator does not need to connect to the Configuration Manager console to perform the day-to-day tasks.

We’ll hear more from the UK and Irelands MVPs here soon! Go give the Evaluation’s a try, we’ve already done most of the installation work for you! and don’t forget to sign up for our IT Camp events to learn more.

System Center 2012 Service Pack 1 – Configuration Manager – Evaluation (VHD)

System Center 2012 Service Pack 1 – Service Manager – Evaluation (VHD)

System Center 2012 Service Pack 1 – Service Manager (Data Warehouse) – Evaluation (VHD)

System Center 2012 Service Pack 1 – Operations Manager – Evaluation (VHD)

System Center 2012 Service Pack 1 – Orchestrator – Evaluation (VHD)

System Center 2012 Service Pack 1 – Data Protection Manager – Evaluation (VHD)

Bring Your Own Network

Some thoughts on another form of the Bring Your Own trend that you may have missed and how to take it one step too far (although this is probably already happening). A mobile hotspot, a strict web filter and an a social networker inadvertently crack a hole in IT policy.

Last week I was doing a tour of the UK seeing friends and generally having fun. I met a friend of mine who happens to be a gadget geek, he has everything for the latest TV to a thin tablet device. We got to talking about how his wife uses the tablet and where and she said that she’d love to use it more at work, but her company ban anyone from attaching devices to the network. Incidentally they also ban Facebook, YouTube and other “fun”, non-work stuff.

She still takes this device to work though, and just occasionally takes work home on it – I found how fascinating.

My friends company aren’t entirely stuck in the dark ages, so they give her a laptop (it’s black and boring but solid) but it gets locked in her desk drawer over night because it’s too heavy to bother taking home. They do let her take it home and to enable that she can connect to WiFi networks of her choosing.

When she does take it home it works just fine on their home network (which by the way is 50mb fibre and faster than the office).

She wasn’t overly impressed by the idea of the tablet when they first got it, so to save money she insisted her husband only got the WiFi version, which he did. A couple of days later they realised it was a bit limited when they went away with the kids for a few days camping so they got a MiFi adapter and were happy campers again.

A few days later she took the tablet to work, along with the MiFi adapter and was using it at her desk to check Facebook etc. So that policy of stopping access to Facebook because it distracts employees just shot out of the window. Nothing new there, she’d had a smart phone for a while and had been doing that anyway.

Then it happened. A brain wave. She connected her work laptop to the MiFi and got on Facebook. You see the company does require everyone to go through a proxy to control access when they’re on the work network – very sensible for security and stopping dropped productivity of employees. The proxy was set to autodetect because people with laptops go mobile. Then she worked out that she could get to her web based email too, so she emailed over some work documents and received them on her tablet.

I found this interesting because rather than just taking her own device to work, my friend took her own network.

It’s worth pointing out that this is no different to her going into a coffee shop or using her laptop at home. She can still get to “fun” sites in both of those cases too and she can still email documents home, the difference being that it’s now easier for her to do, she doesn’t need to lug a heavy laptop home.

What could IT do differently: they could manually (group policy) set the proxy and force everyone through the VPN, but what would that achieve…no access to “fun” sites, yes. It would also mean the end to their mobile working policy since so many coffee shops and hotels require you to sign into a webpage to gain access to the Internet.

Really what IT need to do is review their mobile working policy and their web access policies and make them congruent. IT rules have gotten in the way of the user, who found an easy way around the policy.

I wonder what else you could do by taking your own network to work…

Ok if this was was me I’d do one thing more than my friend, I’d go into the network adapter order and make sure the wireless NIC is of higher priority than the wired NIC, then I’d plug the laptop into the wired network. What would happen? My internet traffic would route through the MiFi and my local network traffic would route through the wired NIC, I’d have free reign to get to anything on the internet and my work network.

Things would get seriously hinkey if I bridged the two networks, but I might not bother to do that.

So if you’re blocking “fun” sites, are you really blocking them or making users more “creative”?

Embracing consumerisation is strategic not tactical

I keep seeing lots post, blogs and articles about how IT needs to move to a more nimble and responsive view. It’s impossible to argue that the business and IT need to be in lockstep but it feels like most people see businesses as being two steps ahead. If I look around this seems to be due to a lack of strategic rethink on a regular basis and despite the promise the decision makers I talk to are about to do the same thing with BYOD.

I’m from a large enterprise background where every year the strategic decision makers who have to balance architecture concerns, security concerns, business requirements and budget think 5 years ahead. They take a snapshot of the world, plan for it continuing, start implementing the changes, then cycle again in 12 months time. This is what’s started leading to the missteps with the business. It’s a world where fixing a strategic misstep takes 6 years.

That’s no longer good enough, 6 years ago we didn’t have capable, small, light, near disposable tablet devices.

Strategic thinking in IT needs to change from precise technical strategy to directional technical strategy. Particularly with regards to endpoint strategy. The biggest strategic imperative today should be to move towards an “Access point” strategy where you aren’t thinking about deploying (just) a locked down desktop, (just) a corporate owned and operated mobile device or even enabling just BYOD it should be an “Access from anything, anywhere, anytime” strategy.

With an AAA strategy the variables are more fluid but the concerns are the same, security,reliability and availability. The decisions on how to deliver upon those concerns are tactical and tactics change. BYOD is a tactic, not a strategy as it’s too tied to a single premise – the device.

I wonder if this is a change we’ll start to see? Arguably IT only do those 3 things, security, reliability and availability…but can they do them better than everyone else the business has access to?

Simple model for approaching BYOD

For some time I’ve been trying to work out with colleagues how to articulate what I see as a solid model for dealing with consumerisation of IT in the workplace or even allowing people to bring their own devices. It’s quite tough to find some mental model to help people to understand the kind of approaches that work. I’m looking for a way to help you manage more than the standard IT desktop, to make more sense of productivity at work and with a view of IT security risks.

The key is balancing the approach: do more with less, more permissive access to less secure stuff. Most of an organisations “stuff” tends to require less security than IT think. Be a guide not a gate keeper.

Good, Better, Best, seems to be the most applicable that I’ve found.

GOOD is most open, your users being able to access your network, get IP addresses, get to some apps / services / data. They probably have to keep entering credentials and they may be storing those credentials on their device.

BETTER is having some modicum of remediation over the device – the ability to remote wipe it for example.

BEST is having an authenticated connection with general purpose security (you could say domain joined PC)

N+1 is having the ability to ensure end to end security, encrypted device, encrypted communications, rights managed documents, remote wipe, policy based management, policy based enforcement.

Not all devices will fit into all categories, in-fact probably only Domain joined Windows PCs will be able to enter the N+1 category (that’s because all the things mentioned are built in from the ground up). That said most people probably don’t need everything in the N+1 category. Most organisations will also see their users adding GOOD and BETTER devices to their mobile worker armoury along with a BEST or N+1 devices.

A further note on N+1 is that this is where I see private cloud hosted apps and desktops and there is no reason that a GOOD, BETTER or BEST device can’t be used to access an N+1 hosted app or desktop.

*caveat: this is a simple model, there will be many exceptions, the key is mixture.

Technology to Support Consumerisation: IPSec

A technology that’s been around for quite some time is IPSec, it helps to ensure security of communications between two network devices. With IPSec in place two devices need to establish a peer-to-peer trust before communication can take place, it’s kind of like having a secret handshake.

If your enabling an environment where people will be able to bring their own device you probably have some requirement to prevent them accessing some services, such as the HR system, so that they don’t walk off with the CEOs pay slip. IPSec is perfect in this situation to preform something called Server and Domain Isolation. Essentially this means that only specific devices can access the super-secret servers but every device can have broad network access.

Accesses to services and resources is somewhere that an 80/20 rule applies. Most people need access to most of the network for most of their work, some people will need access to the other 20%. Using SDI and IPSec you can require people to access secure information from devices you consider to be more trustworthy. Perhaps they can’t access the HR System from their Windows Phone but they can from their Windows Laptop, that’s BitLocker encrypted etc.

IPSec is implemented in Server 2008R2 and Windows 7 using Group Policy controls for Windows Firewall with Advanced Security. Essentially you place your super-secure resources into a group or OU that REQUIRES access and place clients that you are happy to have access to those resources into a group or OU that set things up so that clients will reply correctly if asked to do the secret handshake. If the client doesn’t know the secret handshake that’s the end of the conversation. Whilst you’re at it you can raise the general security level on your network by telling all clients to REQUEST access. That way the first thing the client will say is “do you know the secret handshake” if the answer is no they can still talk to each other.

For Windows everything is controlled through Group Policy, so not only is it easy to administer it’s easy to get very granular, for example you could say that only clients that match a specific WMI query get the IPSec policy’s applied.

If you’re wondering why you wouldn’t just do this with some app level access control or some file level access control then consider this: you don’t know what’s running in the background maliciously on any device that someone casually brings in.

RESOURCES for IPSec and SDI have been gathered together in one place already on this IPSec Page of TechNet but I thoroughly recommend the following:

Test Lab Guides for Consumerisation (BYOD etc.)

If you’re thinking about how you can make your environment more suitable for a world where people want to bring their own devices into the office then you could do well to attend an IT Camp where we talk about just that. Of course those events are now full, so I won’t bother to link them but now you can build the lab at home.

We’ve just released the Test Lab Guide that is part of the basis for the stuff we show at a camp, download, evaluate and have fun.

Embracing consumerisation: It’s all about the journey

In my last two posts I talked about People + Devices and Data + Apps – essentially 4 of the things you need to manage and probably already are in your environment. A fourth element is the network but I won’t be going into that in particular because it’s purely a means to an end, a way for People to connect the apps on their devices to the data that they need to be productive. What “client infrastructure managers” now need to do though is to combine those essential elements into the users journey and how to manage that journey not just the individual items.

Consider the scenario (one you’ll see at IT Camps): Ben is working on a document on his laptop, he needs to share it with Alice who needs to approve the content. Ben then has to go to the coffee shop but he doesn’t want to carry the weight of his laptop for a quick coffee so he just takes his slate. Whilst he’s out he realises he needs to amend the document, so he connects back to the place he shared it with Alice and makes the changes – whilst she’s actually reviewing it. Then he starts a new document, but he has to run so he just powers off. When he gets back to his laptop in the office the document is “magically” there. When he’s done for the day he packs away his laptop and locks it in his desk drawer but just before he gets out the door Don asks him to share the new document with him, so he jumps onto Don’s PC and does just that – even though he only saved the document on his desktop over on his laptop, which is locked in his desk drawer.

Some of what just happened might sound like magic. It’s not, it’s all possible with existing tools and the right deployments of User State Virtualisation, SharePoint, DirectAccess and some other established tech. All IT did was provide the means to make it happen – put some glue in place that allowed for a mixed device style.

Really it’s always been the job of IT to make technology work in the most approachable, appropriate way.

The next paragraph is the same as the story above but with the bit’s of tech marked out so you can see where we used them.

Ben is working on a document [Word 2010] on his laptop, he needs to share it [SharePoint 2010]with Alice who needs to approve the content. Ben then has to go to the coffee shop but he doesn’t want to carry the weight of his laptop for a quick coffee so he just takes his slate [Windows 7]. Whilst he’s out he realises he needs to amend the document [Word 2010], so he opens the place he shared it [DirectAccess + SharePoint 2010]with Alice and makes the changes – whilst she’s actually reviewing it from the browser [Office Web Apps]. Then he starts a new document, but he has to run so he just powers off. When he gets back to his laptop in the office the document is “magically” there [User State Virtualization]. When he’s done for the day he packs away his laptop and locks it in his desk drawer but just before he gets out the door Don asks him to share the new document with him[User State Virtualization], so he jumps onto Don’s PC [Remote Desktop Services] and does just that – even though he only saved the document on his desktop back his laptop[and on the server], which is locked in his desk drawer.

So it’s all about the journey or rather planning for the journeys that your users might make and whilst you can’t plan them all, you’ll find plenty of commonality.

Embracing Consumerisation: Data and Apps

My last post was about how, in order to embrace consumerisation, you need to start thinking in terms of managing the access that people and devices have, or more accurately the access that People on Devices have. This post is an extension of that previous post in that we’re going to start thinking about the two other of the four ingredients in our consumerisation cocktail that represent the things that people want to access.

Other than admins no person should ever have to think about accessing a server, they shouldn’t need to be thinking – “golly gosh I need to access the latest sales data so I need to go to \sales2012marchweek3some-random-sharesales.xls”. In fact no person ever really wants to have to remember that, they just want to access the sales information. More over they really don’t need to be thinking, “what credentials were they, umm, lets try this, no, how about this, no err, how about…”. People just want access to information.

OK, it’s not that simple, they do need a way to access that information but we can see a marked shift here too in resent times. Today people think in terms of Apps, services have become apps – just pick up the mobile device nearest you and the proof is instantly visible. There are also really only two types of Apps too: Viewing and Doing. The former category, Viewing, are in fact ways to consume information and the latter so they fall into our information category, Doing, are generally ways to create information. It’s hard to cite a single example of anything other than these two.(You could argue that there’s a 3rd type, Games, but that’s about it).

What we need to do when we consider how to allow a more consumerised environment – whilst also protecting our corporate assets – to control who has access to Do what with Information. Nothing new, it’s a problem we’ve had for many years and we have a wealth of well known solutions, but do they stack up in this brave new world?

Old solutions, new problems

Today what many organisations are doing is using the same old solutions, that were perfectly good in the past, applied to todays problems and they’re being effective some of the time – but not all. The old way to manage information was to manage who had access to it where it rested, on the server, but the trouble with that approach is that the information is no longer at rest, it’s constantly moving and through many applications, devices and people. How do we cope?

To give you an example, what happens when your CFO emails the financial accounts to his home PC because it’s more convenient. The chances are that the information is only protected at rest, so when it’s attached to an email that protection (the file system ACL) is removed, it then goes over a HTTPS (good) connection to the email provider (who could then read it at will) then it lands on his mobile device…or rather it wood if he’d sent it to the correct email address, instead it lands on JoeBloggs@contoso.com ‘s device not Joe.Bloggs@contos.com ‘s email inbox.

The best idea is to manage the information assuming it’s mobile, assuming that it will leave the confides of the firewall, essentially assuming the worst case will happen.

In a modern environment where employees can use their own devices and you might not have access to control those devices your best approach is to manage the information in a way that never leaves the information. To embed security into the information.

Rights management comes of age

We’ve had a technology built into Microsoft Office documents, built into Microsoft Exchange and built into Windows for quite some time to manage this issue but now is the time to turn it on. Rights Management is built on the requirement that the App that is opening the information (the document, the email) will check to see what the person opening the document can do. The App does this by requesting that information from Active Directory Directory Services, normally this only happens if the device is allowed to request that information. As such you have a mechanism to ensure that the right person can access the information from a device or App that’s secure enough to store the information.

You might well notice that again, the two variables of management you have remain People and Devices.

A second thought might well be that you need some kind of rich client software (Microsoft Outlook 2010, Microsoft Word 2010) in order to ascertain the rights that the user has over the information. Apps of course don’t have to be delivered on a device, they can be delivered as a Web App and AD-RMS works with Office Web Apps. Web Apps of course play an important part in the mix. With Web Apps you have a way to reduce the potential for data walkabouts because with a web app your data doesn’t need to leave your firewall – even though it’s displayed through a web portal outside your firewall.

Access to apps

Apps probably cost money and as such you will probably want to protect access to apps not primarily to prevent access to information but to prevent you from overspending. Controlling access to apps is a fairly simple process but it’s something we’ve done a great job of automating in System Center Config Manager 2012 – which is a future post all of it’s own. The key thing to remember though is that SCCM 2012 implements and user self service request mechanism and administrator approval mechanism for application installs, in addition to admin driven installations. Essentially you get a corporate Store for Apps – and people are comfortable with that these days, just look at your mobile device.

Key things to remember about information and apps

Control access to information at rest and in motion based on People and Devices and try to control access to apps to manage cost not information – after all what would you do if the user brought their own app?

Embracing consumerisation: People and Devices

In the past I’ve written a number of articles on how to start thinking about the consumerisation of IT – if you aren’t familiar with the term hopefully this link will help. Now I think it’s time to move beyond thinking about how you’ll build a consumerisation strategy and how your support will change and start looking at the tech that you’ll need to support a flexible environment. In this post we’ll take a look at the two major variables, People and Devices, and look at the types of tech to help support more variability in them.

There are two variable user-centric components that you use to control access in your organisation, the identity of your people and the identity of your devices. If you’re like most IT shops you’ve had your eye on these for a long time and have probably locked things down around these two things. First and foremost your people have become user accounts and this is where your access controls are probably currently more focused. Secondly you have control of devices because they’re corporate issued assets, you named them, you have admin access, you say what software is installed and what isn’t, you have to fix them when they break. We’ll spend most of our time in this post discussing devices.

Devices

The first thing to note is term I’m using – I’m not saying desktop, I’m specifically being more inclusive than that. Devices includes desktops, laptops, mobile phones, smart phones, embedded devices (you might have Electronic Point of Sale (EPOS or tills to everyone not in retail). It really doesn’t matter what the device is, people have so many today (device multiplicity) that you need to think about how to best support them all.

Traditionally we controlled devices in a binary, red and green way – you either have a corporate one or not, allow or deny. Today though people will try to bring in what they want and they love those devices so much that they will fight to make them work on the network, and when they do they break some kind of corporate policy. If we think about the Windows environment that we all have devices have identity – an account in active directory and it’s that identity that allows us to ~~control~~ secure and support them.

What we need to aim for then is a world in which we have as much knowledge about the devices on our network as we can, given the devices constraints. For example you can’t domain join an Android device. The upshot is that you can’t ~~control~~ secure and support it using the traditional methods of Group Policy etc. but the only reason you can’t is because there isn’t an account there. Most people know that the majority of mobile devices connect to our corporate network using Exchange Active Sync so that they can receive their email. There for the management connector for mobile devices – the thing that knows what that device is – is the email system.

Of course devices don’t receive email….people do. So what we really know here is some information about the device based on the person, not just the device. Given that a device does things without the person using it knowing necessarily (I’m thinking looking for resources but malware could also be a problem) don’t we need to think in pure device terms? Yes

What we need then is a lower level identifier than just the individuals identity, perhaps we consider the devices identity as it presents itself to the network.

At the network level we can see the devices MAC address first, then it’s IP Address (which we give it probably) then once meaningful communication is established we can ask for certificates, identity attributes, capability profiles and the like. Of course we need to enable the right components. It sounds obvious but the best way to support devices you have no control over is to ask them what capabilities they have and respond to that.

People

Managing people is far easier than managing devices because what we need to do here is long established. Essentially we manage what an individual is allowed to see, and do from both an information (data) and resource perspective. Normally we manage both based on Access Control Lists or permissions and on Privilege. Dave has READ access, Donna has WRITE access, Helen is DENIED access. Simple.

We are able to do this because people have a user account on the system they need access to and the really sensible shops have already introduced and enforce a single identity or at least Single Sign On. If you don’t this is your starting point.

People on Devices

The tricky considerations come into play when we use both variables together, P + D = x , and this is where the challenge for us comes in as IT Professionals. We need to build an environment that responds to this.

If Dave has access to the company accounts on his work PC (which is a fully managed, encrypted, asset) and he has the same level of access from his very beautiful mobile phone, what happens if his devices are stolen? First thing you do to respond is change is disable his user account and change his password. Second you know his work PC is encrypted so you classify that a low risk of loss. Then you turn to his mobile – it might be encrypted, it might not, perhaps just the mail box, not the app storage, did he sync the files to a public cloud location, can it be remote wiped, yes, is it switched on, is the SIM card still in the device? Questions pop up thick and fast. All I’m getting at is that you need to take into account not only the person, but the device that the person is using.

P + D = x

What a person can do on device A might need to be different to what they can do on device B, C and D so we need an infrastructure that can help manage that.

Some tech…

To secure & manage people on devices you might like to look at using:

Active Directory
Exchange Active Sync
System Center Configuration Management 2012
IPSec policies to control access to your most secure resources
Network Access Protection – to ensure minimum standards
A modern gateway – to present secure web access to internal resources
Firewalls (!)
RemRemote Desktops and VDI – to provide a consistent fall back environment, or secure remote access
VPNs or (better) DirectAccess
App-V – to deliver virtual applications so that you can remove them easily when no longer needed

For most this should be a familiar and not so scary list of technology. Deployed in a flexible way you won’t loose control but you’ll allow people in your organisation to do what they want – which sounds like too good to be true marketing fluff…but it’s not.

Why you need to know about “consumerisation” of IT

One of the biggest challenges facing the CIO at the moment is the consumerisation of IT but I’m aware that may be a term that is meaningless to most in the IT department. Perhaps it’s better explained by the term Bring Your Own Device (BYOD) which is normally enough to send an icy shiver through the heart of many a desktop or security admin. Essentially consumerisation is the idea that your users are now driving your organisation’s technology adoption, especially in the device space. You’ve probably come across and are trying to ~~block~~ deal with people using their iDroid devices to do stuff (or your just ignoring it hoping it will go away ~~like your job~~).

Of course you might be looking to actually embrace it so that you can take advantage of the cost savings, flexibility improvements and the like that it can bring, if done right. Alternatively you might think you’ve got it 100% sewn up and no-one can bring anything interesting in, and you have 0% chance of data leakage.

If you fall into the first camp then you’ll be looking at ways to manage device multiplicity*, to secure access to servers, to secure your data and it’s portability, to deliver applications seamlessly to users no-matter where they are. If you’re in the latter then what’s the chances you missed something?

*credit to @markwilsonit for coming up with that one

A better way

It’s become fairly clear that things have changed I think. It’s quite common that people want to use devices that aren’t corporate issued and as such you have to ask if they’re getting onto your network and then you have to ask if you can trust your own network? If they are using their own devices are they copying down email, how’s the encryption on that device, what do you do if it’s nicked, what if there’s no signal to remote wipe the device? If they’re bringing in their own PCs (which is the the most common consumer device for Bring Your Own – their own laptop) what controls do you have?

We see that there’s a better way with this issue. You build a network that responds to what’s happening, where devices have to meet specific criteria in order to access the more secure data in your organisation. Where the data itself is protected so that you can’t just copy it somewhere insecure and have it leak. Where applications are available to people in your org where they need to access the application. Where application access is device appropriate so you don’t have to wait for a full install on a device that isn’t your main one. Where remote access doesn’t require the user to do something different to when they’re in the office. Where working anywhere is normal. I think you get the picture.

A quick way to see the big picture, all together

We’ve got a whole host of technology that enables an environment like this, so let the acronyms commence:

App-V, RDS, SCCM2012, Exchange, AES, Office 365, Lync,AD-RMS, AD, DirectAccess, NAP, Modern Gateways, DHCP, IP-SEC

So in this selection of camp events we have a series of events to help you not only see the above but learn how it works. Camps are little different to other types of events, you lead the content and we don’t use (much) PowerPoint, it’s all based around us building the environment in the room – and by us I mean you get some hands on time. We’ll also be white boarding and thinking about what it takes to build a BYOD style policy, helping you identify some gotchas. It’s not your typical day of training – or some sales based demo.

Here are some links to some of the writing I’ve done on consumerisation over the last year or so, so that you can get the picture…

How the consumerisation of IT affects IT departments

How do you support consumerisation of IT

Building your consumerisation of IT strategy (part 1 of 2)

Building your consumerisation of IT strategy (part 2 of 2)

5 Imperatives for modern IT departments

Older Entries

Simon May's Blog

Devices, Services, Life