S P E C I A L R E P O R T :: FEBRUARY 2012

NetworkWorld
THE CONNECTED ENTERPRISE

INSIDER
Tips Box
l Network advice

A compilation of useful advice for your every networking need

INSIDE
2 3 COVER IMAGE TO GO HERE 5 6 8 Guarding against rogue sys admins 4 essential cloud security tips Picking an IaaS provider Navigating the WLAN landscape Free Windows tune-up tools and tips

13 How to optimize your infrastructure

1
www.networkworld.com

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

Guarding against rogue sys admins

THE CONNECTED ENTERPRISE

By Carolyn Duffy Marsan, network worlD

ne of the biggest threats that organizations face is losing sensitive data to theft from their own employees. The threat is greatest from systems and network administrators, who have privileged access to vast amounts of corporate data and are responsible for most compromised records in insider cases. Today, I worry about insider threats more than hackers because thats where we are weakest, says Jason Benedict, CISO of Fordham University. We have firewalls. We have intrusion protection. We have antivirus. Weve mitigated the external risk rather successfully. The hole in the university is the insider threat. I dont think weve ever had an insider become malicious and take information and sell it. But we often see people browsing information that they are not privileged to see. People with high-level privileges have been known to browse employee salary rates because they can. Heather Wyson, vice president of the fraud program at the BITS Financial Services Roundtable, says there has been an increase in insider incidents among U.S. financial services firms. You have intentional breaches like theft of financial or propriety information and placement of logic bombs and malware, but you also have the unintentional breaches caused by insiders such as employees accidentally opening an infected file, installing unauthorized software or threats from social media, Wyson says. Here is some advice from CISOs and IT security experts:

guilty of crimes but not prosecuted. Also, employees should not be given more privileges than they need for their current job, and duties should be separated so that too much access and power isnt concentrated in one employee. Privileged use should be logged and generate message to management, Verizon recommends. Unplanned privileged use should generate alarms and be investigated. 2. Keep user access and privileges current, particularly during times of job changes or layoffs. Verizon found that 24% of the insider incidents involved employees who had recently undergone a job change. Half of them had been fired, while others had resigned or assigned a new role within the company. Breaches were caused when employees accounts were not disabled quickly enough or the employee was allowed to finish the workday after being terminated. Thats why Verizon recommends that companies have termination plans that are timely and encompass all areas of access. 3. Monitor employees found guilty of minor online misconduct. Verizon has found that employees engaged in minor online misconduct often graduate to bigger crimes, such as embezzlement or stealing of intellectual property. CIOs should keep an eye on employees found guilty of online policy violations and other inappropriate behavior such as pornography or illegal content on their systems as a reasonable indicator of a future breach. Verizon has found that employees who commit data theft were often cited in the past for minor forms of misuse -- what it calls the broken window theory of cybercrime. 4. Use software to analyze your log files and alert you when anomalies occur. When Verizon investigates a security breach, evidence is found in the log files in 86% of its cases. The company cites three major anomalies to watch for in log data: an abnormal increase in log data; abnormally long lines within logs; and an abnormal decrease or absence altogether of log data. Verizon says it has seen log entries increase by 500% following a breach, and it has seen log entries disappear altogether after an attacker

disabled logging. SQL injections and other attacks leave longer lines than standard activity. Too many IT departments set up event monitoring and analysis tools and forget about them, instead of regularly monitoring their output. Verizon recommends that you configure these tools to look for obvious problems -- what it calls the haystack rather than the needle. Its as easy as a simple script that counts log lines and sends an alert can be effective, Verizon says. Benedict says Fordhams security staff reviews audit logs manually on a regular bases to identify anomalies. 5. Consider deploying data-loss prevention technology. Increasingly, CIOs are worried about intellectual property leaving their corporate networks, and they are installing software to monitor and filter outbound network traffic. Unisys, for example, has a pilot project underway of data loss prevention technology to protect against loss of the companys intellectual property, says CISO Patricia Titus. Benedict says that Fordham is planning to invest $500,000 in DLP software as soon as his budget will allow. Verizon recommends that all organizations filter outbound network traffic, as well as inbound network traffic. By monitoring, understanding and controlling outbound network traffic, an organization will greatly increase its chances of mitigating malicious activity, Verizon notes. 6. Educate your employees about the insider threat. CISOs recommend regular training for all employees -- especially IT staff -- about security threats and how to identify co-workers who might be engaging in malicious behavior such as stealing valuable data. Titus says a CISOs greatest ally in the battle against internal agents is other employees. Wyson recommends that companies offer a hotline so that employees can anonymously report fraud that they know or think is occurring. Benedict not only runs annual security awareness training courses but provides handouts, flyers and pamphlets to employees about the latest IT security threats. Fordham also is embracing social media services, including Facebook, Twitter and blogs, to continuously educate the universitys staff about security threats. n

1. Monitor users with special privileges. Nearly half 48% -- of all data breaches come from insiders, according to Verizons 2010 Data Breach Investigations Report. And the insiders that you need to watch closest are those with special privileges. Verizon recommends that CIOs use pre-employment screening to eliminate potential employees who have violated usage policies in the past. BITS offers its members a fraud-prevention service where they can share information about former employees who were found
2

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

4 essential cloud security tips

THE CONNECTED ENTERPRISE

By Christine Burns, network worlD

ore and more enterprise IT shops - as they get comfortable with virtualization practices in their own private clouds - are considering a jump to the public cloud. But before making that leap, consider these pieces of advice from those that have already jumped.

1. Make sure your provider has VM-specific security Hypervisors were never really designed to be running in a public environment, says Beth Cohen, senior cloud architect for Cloud Technology Partners, a consultancy. That fact doesnt necessarily stop them from being secure, Cohen says. But it does require a more elastic security strategy that can deal with the issues of virtual machines (VM) moving around the underlying infrastructure, interacting with cloud applications, and supporting multiple tenants. Customers going into the public cloud need to understand that perimeter security - while it still needs to be in place in any virtual data center environment - isnt going to help with the internal security of virtual machines, says Michael Berman, CTO of Catbird Networks, a vendor that focuses on virtual machine security. Both Cohen and Berman have pointed potential cloud consumers to VMwares vShield, which is both a product that offers integrated security services to the underlying VMware hypervisor and a set of APIs that allow third-party security vendors to build security services on top VMwares platform. VMwares Dean Coza, director of product management for security products, points out that a dozen security vendors announced products that tap into vShield to deliver virtual machine security products at last months VMworld conference. But VMware is only one of the virtualization software vendors out there and the company has said very little about how these tools will help lock down other popular VMs from Microsoft and Citrix. 2. Figure out a way to lockdown endpoints Predictions for mobile device sales are
3

staggering. Forrester says tablet sales will hit 208 million by 2014. Gartner contends that 1.1 billion smartphones will be sold in 2015. Enterprises moving to the cloud must brace themselves for many more of these consumertype devices trying to get to corporate data and applications in the cloud. The BYOD [bring your own device] to work issue is huge because now you have devices you dont own trying to access your data over networks that you dont control, says Tom Clare, senior director of product marketing at Websense, a content security vendor. Jacob Braun, president and COO of Waka Digital Media, a managed security service provider and consultancy in western Massachusetts, says one way to help limit the num-

decent shot at making sure they are not getting to data they - or their machines -- dont have rights to, Coyle says. 3. Push your cloud provider to put security in your SLA Standard cloud service provider servicelevel agreements (SLA) barely touch on security, so its a buyer beware kind of situation. Make sure your provider is willing to move well beyond simple monitoring of your service usage, says Torsten George, vice president, worldwide marketing at Agiliance, a security vendor that offers governance, risk and compliance services. Customers have a right to push for insight into a providers compliance posture, its overall security posture and how it stacks up against benchmarks for best security practices. Absolutely push for a custom security SLA, says Jeremy Crawford, CTO of MLSListings, a Silicon Valley-based regional Multiple Listing Service (MLS) that supports over 5,000 brokerages and 18,000 subscribers. Crawford has negotiated security focused SLAs with three public cloud providers. He takes a look at the providers standard security agreement, but only consents to about 50% of the language in most cases. He pushes for more favorable language relating to visibility into the providers systems and sets up specific terms about shared liability should there be a breach. Youve got to have teeth in the contract or youll have no legs to stand on if there is a data leak, Crawford says. 4. Act quickly Richard Rees, manager of EMCs virtual cloud consulting services, says enterprises should move quickly on an overall strategic plan for pushing their business process out to the public cloud in a controlled fashion. By doing so, you avoid rogue pockets of public cloud within the companies. I am always surprised by how quickly departmental pilot projects morph into business critical applications, Rees says. Due to the relatively low cost of entry into most public cloud applications, the likelihood that they are being used without ITs knowledge is pretty high. n

The BYoD to work issue is huge because now you have devices you dont own trying to access your data over networks that you dont control.
tom clare, director of product marketing, websense

ber of users wanting to run personal devices on the corporate network is to set up policy roadblocks. These include limiting what they can do on the machine while attached to the network, requiring them to pay for mobile malware protections and confiscating the device if there is a security issue. But there are legitimate circumstances for giving upper management controlled access through the cloud. Brauns company uses products such as Kaseyas mobile device management module, which is part of the vendors overall IT System Management platform, to gain that kind of control. Joe Coyle, CTO for Capgemini North America, contends that in order to effectively support mobile devices you must make sure your providers ID management scheme jibes with your internal one. They are coming in from everywhere, so if you lock them into their set roles through consistent ID management, then you have a

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

Tips from iT pros on security, desktop virtualization

THE CONNECTED ENTERPRISE

Those in the education field share their thoughts on all things IT

By ellen MessMer, network worlD chools are for learning, and the information technology and security professionals who support networks and applications in the nations K-12 and university systems are discovering new tactics in what can be challenging IT environments. Here we talk to four professionals in the education realm to get a sense for their top IT issues and what they do to handle them. Do vulnerability-assessment on software before you buy it. Thats the philosophy adopted at West Virginia University (WVU), which increasingly is asking software vendors to agree to submit their products to a vulnerability-assessment examination before its purchased. Its part of the contract process, says Alex Jalso, assistant director of information security at WVU, which uses the IBM AppScan Enterprise software vulnerability-assessment tool to analyze and remediate code vulnerabilities and weaknesses. Jalso says the analysis process lets the school look deeper into code, which is the intellectual property of the vendor, and for its part the school agrees to work under nondisclosure about any issues that arise. The university hasnt yet gotten all its software vendors on board, but its headed in that direction. And AppScan is also used by the university to analyze any security weaknesses in the in-house developed Web applications before they go into production. Why is this important? Jalso says its about being pro-active in identifying software weaknesses that might otherwise become a route for attack by hackers and malware. There are a lot of legal issues to consider, too, such as not violating data-protection guidelines related to HIPAA, FERPA and PCI rules. The basic idea is its not too much to ask for someone to prove their software can pass a vulnerability test if fact, pass it not once,

but again and again as the code base changes, Jalso says. Change vendors - not your expectations Ross Elliott is manager of network operations at Brick Township Public Schools in New Jersey, a district with 12 schools and 10,000 students. The IT department for the school district provides wired and wireless access for students and faculty. But earlier this year, the more open portion of the wireless network showed signs of strain with so many students using it for Internet access. As a side effect, the Astaro firewall and the Comcast service were not playing together well, says

which has shown better performance than the Apple servers in support of the Macintosh computers, according to Adam Gerson, codirector of technology at the independent college prep school. Though hes a self-professed Mac lover at a Mac school, he didnt let that stop him from trying something other than Apple for servers. Fix it frugally Like many school systems in the country today, teachers are doing more routine procedures online rather than with paper, and thats the case at Belchertown School District in Massachusetts which consists of five schools. There, teachers and students go online to get class material and log attendance, among other things. An application called PowerSchool the school district began using is configured with Cisco UCS running VMware virtual-desktop VMware View connected to data stores residing on NetApp FAS2020 storage. But according to Scott Karen, the school districts director of technology, it became apparent last year year that there were excessive latency issues with the desktop virtual-machine setup when many students tried to log on and use the system at the same time. In addition, teachers in their classrooms all taking attendance at the same time found the system not only slow but leading to file errors. The lack of caching in the older NetApp FAS 2020 was a problem, Karen says, but he adds that going to a bigger and newer NetApp was not appealing from the school districts budgetary standpoint. However, as a regular attendee at the local VMware user group meetings, where problems are shared and yes, vendors show up to pitch their wares, Karen found what he says was an economical fix for the school districts VM boot storm problems. And that was adding the Avere FXT Series two-node cluster to optimize the read/write capabilities of the system. It was up and going quickly, brought latency to a tolerable point, and it all was a lesson learned about desktop virtualization. n

Though hes a selfprofessed Mac lover at a Mac school, he didnt let that stop him from trying something other than Apple for servers.
Elliott, who thinks the firewalls proxy-based setup was likely a factor but we were upset at the support we were receiving. Network availability was getting shakier and it was on his birthday in June, when the wireless network was limping along at its dismal worst and in the IT department, we were getting bombarded with phone calls. The school system was able to sort out the network issues over the summer, upgrading speed and switching to a SonicWall firewall. Elliott says more changes may be needed to the nature of network access at the school to meet the demands of mobile devices. In another case where a decision was made to switch, New York City-based Columbia Grammar and Preparatory School, which supports about 450 Apple Macintosh computers for use in classrooms, had not been happy with the performance of its Apple servers over a considerable period. So it switched to Windows servers over the past summer,

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

picking an iaas provider

THE CONNECTED ENTERPRISE
aking the leap to a public cloud infrastructure requires careful planning. Gartner analyst Lydia Leong says the cloud infrastructure as a service (IaaS) market is immature, the services are all unique and evolving rapidly, and vendors must be chosen with care. The temptation may be to look to vendors you have a relationship, but experts say you want to be sure you ask the right questions. Post-n-Track, an online healthcare transaction and information exchange based in Wethersfield, Conn., decided to move to cloud computing for scalability and flexibility. The company found out that its managed services provider, NaviSite, was building up a cloud infrastructure, says Randy Ulloa, vice president of technology at Post-n-Track. We jumped on that potential and dug into how it was going to achieve its cloud service, he says. But a good working history with NaviSite didnt make the company a shoo-in for Post-nTracks cloud business, Ulloa emphasizes. It wasnt until we understood its physical cloud architecture - the underlying CPU and storage builds and the software and management layers on top - that we could put our minds at ease and decide to take the next step with it, he says. When moving to IaaS, some IT execs, such as Schumacher Group CIO Doug Menefee, look first to the market leader, Amazon EC2. While already running 85% of its business processes in the software-as-a-service (SaaS) model, Schumacher only recently ventured into cloud IaaS. The impetus was an internal data center glitch experienced over the Christmas holiday, Menefee says. That was a big wake up call. And recognizing the maturity level of site services like Amazon EC2, weve now decided to leverage external cloud service providers to provide the infrastructure for anything we dont have to put inside our own data centers, he says. We dont want to be a single point of failure for the organization. To some users, IaaS is about carving out a private space within the public cloud infrastructure. They get similar availability, cost and scalability benefits as they do with pure

By Beth sChultz, network worlD

IaaS, without the security concerns related to sharing infrastructure. Others like the idea of cloud IaaS but want some hand-holding rather than the purely self-service model. Many enterprises fall into this latter category, as might be expected given ITs comfort level with using outsourcers and hosting providers for management help, says James Staten, principal analyst with Forrester Research. Managed IaaS comes in three forms, he says. If youre already using an IT outsourcer such as Accenture, Capgemini or IBM, going with that provider for managed IaaS can be the cleanest, easiest and quickest option, he says. It already knows your systems, your applications and what SLAs you care about. However, you will need to make sure your outsourcers expertise matches up with your IaaS of choice. A lot of these guys already have a cloud practice, managing at least the Amazon cloud. But the key thing is to make sure the company can demonstrate experience managing the cloud instance youll be using, he cautions.

Managing the load

A second option is to select a traditional hosting company that has developed a cloud infrastructure and has a services arm that will help you manage the operating system, applications and anything else youd like. IaaS providers of this ilk include AT&T, Fujitsu, GoGrid, HP, IBM, NaviSite, Rackspace, SoftLayer, SunGard and Verizon Business, which includes Terremark. Youre making a decision that youre going to use this particular cloud, and youre not necessarily going to value portability nor are you going to value having multiple clouds, Staten says. This companys expertise is going to be limited to its cloud, but those consultants are probably the most knowledgeable about what the cloud can do, and theyll have insider tricks because the guys who built the cloud sit right next to them, Staten says. The data center host-cum-cloud IaaS provider model has worked perfectly for SaaS provider Cycle30, Jim Dunlap says, company president. When the Cycle 30 team received the goahead to create a subsidiary, it decided not to spend precious capital on building its own

data centers but rather to partner with a traditional hosting company, SunGard. And that gave us the opportunity to look at our business model and determine whether or not we could use cloud computing as a way to decrease our cost of going to market, he says. Its cloud theory was put to the test right off the bat, Dunlap says. We had the immediate need to test the process of giving SunGard our specs and systems to clone, and telling them that theyd need to turn up 25 to 50 new environments in the course of a week. And that wed want to use that cloud computing facility for six to nine months, then wed be done and theyd need to turn the facilities down and wed stop paying for that infrastructure, Dunlap says. It worked - so much so that Cycle30 now handles all such projects via SunGards managed cloud service, he adds. The third option for managed IaaS, Staten says, is pure-play cloud managers - companies such as Cloudscaling. What youre buying here is 100% pure expertise in the cloud. They know how to best take advantage of the cloud and whats unique to cloud environments, he says.

Cloud first
The difference between a Capgemini and a Cloudscaling, for example, is that the former approaches the cloud from an enterprise perspective, so manages the cloud from an operational point of view, while the latter thinks cloud first and so has an application design viewpoint. As a result, a pure-play cloud provider can put things in the cloud and can do things programmatically that can help you reduce your cloud bill, improve the availability of your application and recommend changes in your application design to get better cloud economics, Staten explains. With such a provider, for example, you could drop an application onto Amazon EC2 or other cloud and then have its consultants manage it for you. Its not a bad way to go, he adds. They can tweak your application and its deployment, push it across multiple geographies and do a whole bunch of other things that you dont have a clue how to do and probably dont even know that you could do such things in the cloud. n

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

Navigating the WLAN landscape

THE CONNECTED ENTERPRISE

By John Cox, network worlD

he influx of mobile clients is accelerating an IT rethink of wireless LAN design and operations. When WLANs were first deployed the attention was on coverage, says David Morton, director of mobile communications at the University of Washington in Seattle. You didnt spend a lot of time thinking about the number of devices in a given area, apart from a big lecture hall, and you didnt give a lot of thought on how to keep a session alive as you moved from one area to another. But with mobile Wi-Fi devices more numerous, users typically are connecting, and authenticating, often but briefly to update social networking sites. Much of the resulting Web traffic increase is often video or audio. Social networking and streaming applications can be more or less chatty. Heres how some IT shops are handling big changes to their wireless LAN environments and what other wireless experts are advocating: Have enough IP addresses. In just six months, Carnegie Mellon University doubled its address pool. It first added 4,000 new addresses, and then another 4,000 to handle the influx of Wi-Fi clients. Revisit how your WLAN handles subnet roaming. The new Wi-Fi devices really are mobile, not just portable: Users are on the move streaming music or video, having video chats, or checking social networking sites. There is more real-time communications and interactions. If youre roaming across subnets, thats a Layer 3 issue, says Rohit Mehra, director of enterprise communications infrastructure for market researcher IDC. All WLAN vendors support this and have for years. But the scale and the workload on the WLAN potentially can be higher [with more, and more active, clients]. Enterprises want to look at this and test and design their networks accordingly. Get more information about your RF environment, and how its changing, both longterm and day by day. Spectrum monitoring and analysis tools, and more RF experience and expertise by IT staff, will be increasingly
6

important. Most enterprises dont have good visibility into the Physical Layer [of the WLAN], says Paul DeBeasi, research vice president for wireless and mobility at Gartner. They often dont realize how busy the 2.4GHz band really is, for example. Make Wi-Fi network management a priority. You dont want to wait until an access point is saturated and youre getting angry calls from users, says Craig Mathias, principal of Farpoint Group, an Ashland, Mass., wireless consultancy, and a Network World blogger. Become really friendly with your network management console in learning about whats going on in your network. Be ready for continuous Wi-Fi network tuning. Some locations will see an influx of users at different times of the day, or an increase in the number of Wi-Fi clients, or both. You may need to add or move access points, change their power settings, make

use of directional antennas or other features to control the sizes of the Wi-Fi cells, to balance users across access points, to minimize interference and to prioritize traffic or applications. Get serious about 5GHz. The higher frequency gives you many more non-overlapping channels, which among other things can then be combined or bonded to create 40MHz channels instead of the traditional 20MHz channels, maximizing 11n throughput. Consider blocking chatty protocols. Some IT managers have or are thinking about blocking a range of protocols, such as NetBios, Dropbox LAN Sync, multicast and even IPv6. The Dropbox protocol is a discovery protocol, like Apples Bonjour; every few minutes, DLS will broadcast over the network to find other Dropbox devices and sync the relevant files among them. n

3 tips for avoiding tablet mgmt. headaches

ablets are a tricky proposition for many IT departments since the mobile devices boast many of the content creation capabilities of laptops but lack mature management and security software. Employees who use their own or employer-supplied iPads or other tablet computers for work purposes could be exposing company data to hackers if they dont take precautions, either while on the company network or a public Wi-Fi network. Tablets are a lot different than laptops because most people dont bring their laptops to work and say, I want you to connect my laptop to the companys network, says Dan Croft, the CEO of wireless administrative services company Mission Critical Wireless. Most laptops are going to be controlled and locked down by the company. But if a company is going to utilize tablets with corporate apps on it, there needs to be a certain level of control that an enterprise has while also recognizing that tablets will be used for both business and personal functions. Here are three practices when your company first takes the plunge and either invests in tablets or allows workers to bring their own to the office. First: Use a mobile device management platform Using a mobile device management platforms is the best way to implement remote wipe policies, password policy enforcement and minimum security guidelines for mobile devices on corporate networks. You need to run a device management platform so the company has some basic knowledge of and a certain level of control over any device thats connected to its network, says Croft. Its the best way to have a single pane of glass that will give you control over what devices have access to your network. The top MDM platforms such as those from AirWatch, MobileIron and Sybase

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

a handle on managing your workers support multiple operating systems, T H E C O N N E C T E D E N T E R mobileE P R I S apps while giving them access to meaning you dont need separate systhe critical enterprise applications they tems to manage whatever devices users expect on their desktop PC. Virtualizing bring with them to the office. Instead, your workers desktop applications for your IT shop can focus on managing the the tablet is one way to ensure that users themselves. theyre used securely and that data In general, theres a concept right now stored on them is kept safely on the corthat you should start managing the user porate network. Kane says that in addirather than managing the device, says tion to providing a secure way to deliver Forrester analyst Christian Kane. So you corporate applications to tablets it also should understand that workers can use goes a long way toward ensuring that one type of device at home and another corporate applications are kept separate type at work but youll still give them from consumer applications. access to the applications they need. Some firms have Windows-based What this means for users, says Kane, applications that they want to deliver to is that the company will let them bring tablets so they use virtualization tools like any device they want to work but it wont the Citrix Receiver or VMware View to do take responsibility for repairing that that, he says. Virtualization tools also device if it gets broken or replacing it if it allow them to segregate corporate applicagets lost. Rather, the job of the enterprise tions from apps that the user might have will be to provision access to certain downloaded so they dont interact. applications that the user needs and barAnother way to securely manage apps ring them from accessing apps that cant on tablets is to simply start up your own be securely used on their device. company app store. This can ensure Jim Freeland, team leader of the that companies can preapprove popular enterprise mobility group for medical apps for users and thus know exactly equipment vendor Medtronic, has spent what apps have access to their corporate the last year or so helping to manage network. And as Croft notes, companies iPads on his network. He says that while will want to keep their workers using companies should allow their workers their own app stores by offering a wide to bring own devices to work, they also array of popular games and non-work need to lay down the law through mobile apps so that you create a user-friendly device management policies that will environment to have apps that can be ensure that users practice strong secufun and not just business apps. In other rity protocols in exchange for access to words, companies should expect to supthe corporate network. port Angry Birds and Fruit Ninja on their If someone comes in with their own company stores along with missiondevice, make sure they accept cercritical productivity apps. tain security settings like device lock, Joel Evans, vice president of applicamandatory PINs or passcodes, and the tion development for mobile strategy ability to remote wipe that tablet right and implementation firm Mobiquity, says from the Exchange server, he says. The building an in-house app store can be a only way the user should get access to lot simpler than it sounds if companies the network is through accepting your dont overthink themselves by trying to MDM solution policies. design a store thats on par with Apples App Store or Googles Android Market. Second: Develop a strategy for apps One of our clients had built an In case you havent noticed, mobile internal app store by building an internal apps are pretty popular. In fact, Gartner website that had links to secure URLs projected earlier this year that the numwhere users could go to get apps, he ber of mobile app downloads would total says. There are a bunch of open-source 17.7 billion in 2011, generating revenues alternatives for app stores that are of roughly $15 billion. streamlined and easy to manage. So youll need to find a way to get

Third: Make sure your users know what is and isnt your responsibility As mentioned earlier, there has been a trend away from managing users devices and toward managing the users themselves and the access theyre given to corporate resources. This gives the users a lot more freedom and responsibility when it comes to managing their devices so youll want to make it crystal sparkling clear just what you are and are not responsible for handling. Users want to do whatever they want and then blame IT if anything goes wrong, says Gartner analyst Ken Dulaney. Thats untenable. So if youre an IT administrator whose workers have a habit of leaving their iPads in bars late at night, youve got to give them the tools they need to remotely wipe it themselves without disturbing you while theyre sound asleep. And whats more, says Medtronics Freeland, is that youll have to let them know that any personal data they have on their device is at risk of being wiped if they lose it or have it stolen. Weve been hearing stories of lawsuits involving some user who had their personal photos erased when their IT department remote wiped their iPad, he says. But per the policy of the companies they had the right to wipe all the data regardless of whether its personal or not. And whats more, says Kane, users need to know that while IT departments will help users manage their applications on their personal devices they wont be responsible at all for replacing devices that become broken or lost. In other words, you can bring your own device to work but if you do something stupid with it youre on your own. Its a shared responsibility and it has to be managed that way, he says. For instance, a company could say that theyll pay for a portion of your monthly contract but they wont pay for your monthly data overages. Or theyll say, well let you use whatever apps you want but we wont pay to fix your [device] if you break it. Brad Reed

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

Free Windows tune-up tools, tips

THE CONNECTED ENTERPRISE

By howarD wen, network worlD

ou dont need to spend money to keep a Windows computer running in top form. Heres how to fix, clean and maintain Windows using programs you can download now for free. The following software and tips generally apply to Windows 7, Vista and XP, and are listed in the order you should use them for the first time on a computer you suspect may be infected with malware or running slower than it should.

1. Update Windows itself with Windows Update. Though this should be a no-brainer, many Windows users dont install the latest updates for the OS provided by Microsoft (which are usually issued every Tuesday). Either they ignore the update notices that Windows sends them, or their Windows setup doesnt have automatic updating turned on. But ensuring that your installation of Windows has the latest updates and patches is one of the easiest ways to keep it functioning well. That said, were partial to not having Windows set to automatically download and install updates. After all, you could be using your computer online when unexpectedly both your Internet connection and computer slow because Windows is downloading and installing updates. Instead, we prefer leaving the automatic updating feature off, and visiting Windows Update once a week to manually check for updates. 2. Scan for malware with Malwarebytes Anti-Malware. Chances are, if you cannot visit the official Malwarebytes site (either the domain is blocked, or youre forwarded to another domain), then your Windows system has already been infected by malicious code. That is a testament to how effective Malwarebytes Anti-Malware is -- many malware writers try to block you from using this specific tool. If youre trying to clean out malware from an infected Windows computer that is obviously preventing you from visiting the Malwarebytes site: Youll have to download the tool from another, un-infected computer
8

and copy its installation file onto a USB flash memory stick or USB external drive. We suggest renaming the Malwarebytes AntiMalware installation file to whatever you like before you run it on the infected Windows computer -- there have been malware known to delete the installation file, recognizing that its Malwarebytes tool by its file name. Furthermore, even if you can successfully install Malwarebytes Anti-Malware, the malware may immediately delete the executable (mbam.exe) before you have a chance to start it. If thats the case, youll then have to copy over mbam.exe from another computer, renaming it first to another name of your choosing, and then clicking on it directly to run it on the infected computer. Cant use the USB ports of the infected Windows computer because the malware has blocked access to them? Try copying the installation file to a writable CD or DVD. The malware has managed to prevent you from even accessing the infected computers media disc drive? Then youll have to physically take out the hard drive from the infected computer, connect it to another Windows computer as a

slave or external drive, and have this second system run Malwarebytes Anti-Malware to scan and clean the drive. 3. Remove unneeded programs with Revo Uninstaller. You should uninstall applications from Windows that you dont use, or you dont recognize and are certain that your Windows system doesnt need. We like using Revo Uninstaller for this job, because it can be set to thoroughly delete the miscellaneous files, folders and settings that often remain when programs are removed using the standard uninstall function within the Windows control panel. The free version of Revo Uninstaller (see screenshot below) can remove 32-bit programs (installed on either a 32-bit or 64-bit version of Windows), but youll have to pay for the pro version to remove 64-bit programs. This tool can also be used to deactivate or entirely remove autorun files, so that your Windows computers start-up wont be bogged down from having to automatically load programs that you dont need or want

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

in order to prevent unexpected system and Internet speed slowdowns. We feel the same THE CONNECTED ENTERPRISE 4. Clean out temporary files and the Win- about individual applications that have the dows registry with CCleaner. built-in capability to update themselves withThis popular tool washes Windows of Web out user input. Switch this off! Many applicabrowser cookies and miscellaneous, usually tions, like Adobe Reader, let you download temporary files that it and other applications updates manually from within their settings. create. It can also quickly scan through the Rather than having to go through all your registry settings of Windows and remove installed software one-by-one to check for entries that are no longer needed. Although updates to them, install FileHippo.coms deleting these items can free up quite a lot Update Checker. This tool audits the proof space on your hard drive, its debatable grams installed on your Windows system, whether doing so really improves the overall and then opens a page in your default Web performance of your computer. browser listing links to download the latest Regardless, for those of us who like to keep versions of them (hosted on FileHippo.com). a Windows computer clean and running tight, CCleaner is an essential tool for clear- 6. Defrag the hard drive with Auslogics ing out temporary file clutter and freeing up Disk Defrag. some additional hard drive space. After youve updated Windows, scanned for Like Revo Uninstaller, CCleaner also malware, and thoroughly removed programs includes a tool for removing unwanted auto- and files you dont need, the last maintenance run files to help you speed up the boot time of step you should do is defrag your Windows your Windows system. systems hard drive to optimize its speed and overall performance. There are a couple of 5. Check for updates to installed programs decent defragging tools you can use over the with FileHippo.coms Update Checker. one that comes with Windows. Weve come to As we said, we prefer turning off the auto- prefer Auslogics Disk Defrag for its ease-ofmatic updating functionality of Windows, use, graphically informative representation

it to run whenever you boot up the computer.

of your hard drive, and speed at defragging. 7. Use Chrome, Firefox or Opera as your default browser -- then pick one of the remaining two as your back-up browser. Basically, were suggesting that you dont use Internet Explorer or, for that matter, Safari. Were sorry to knock on them, but neither is as secure as Chrome, Firefox or Opera. IE 10 is certainly safer to use than previous versions, but significant security flaws that could expose your Windows system to malicious code online tend to crop up with it. If you have to use IE (because your office work requires it, for instance), go through the browsers list of add-ons and uninstall any you dont need or recognize. Although were recommending Firefox, it is not immune to being compromised. Weve come across Firefox installations in which their default search engine settings have been hijacked to forward to another site, despite there being no add-on or other installed software thats obviously associated with this behavior. The fastest solution to this is to select the function within Firefox that lets you restart it with all of its add-ons disabled. n

Tips and tricks for upgrading your Android phone

T
9

By howarD wen, network worlD

he biggest problem with the Android platform has been how slowly many phone makers release the latest version of the OS for their older models. Its also not unusual for them to never do so. (A company may not want to spend resources on phones they no longer sell; or, they and the carrier for a particular model may not agree on when to provide an update.) If you own such a neglected phone, and dont want to buy a new one, then your best shot is installing unofficial Android firmware on it. The following is a primer on what you should know about the process of installing unauthorized Android firmware. Each phone

can have its own unique steps for doing this, so you should follow instructions for your specific model. 1. INSTALL AT YOUR OWN RISK Installing unofficial OS firmware on your phone will likely render whatever warranty from its maker you have on it null and void. Thoroughly read the installation instructions for your specific phone model and then follow them carefully, taking time and patience. Though the odds of bricking your phone -- rendering it inoperable because of something going wrong during the install process -- is fairly low, it can happen and especially so if you rush through things. Be aware that some features on your phone running its current version of Android may no longer be available after you successfully

install a custom Android firmware. Other features could be buggy or have quirks. 2. TWO CHOICES: CYANOGENMOD OR MIUI In the unofficial Android firmware development community, there are two major choices: CyanogenMod and MIUI. Both are built on the Android source code officially released by Google, and their latest versions are based on Android 2.3 (codenamed Gingerbread). As of this writing, the volunteer development teams of both projects are working to get new versions built on Android 4.0 (Ice Cream Sandwich). Whats the difference between the two? CyanogenMod sticks with the basic, default components of Android that come with its source code release; its UI is clean, devoid

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

of unnecessary extras. MIUI completely overhauls the stock Android UI with one that THE CONNECTED ENTERPRISE resembles that of Apples iOS. If your Android phone is (or was) a popular model, it is probably supported by either the CyanogenMod or MIUI community. If not, there is still a chance that somebody may be working on a port for your specific phone; search its model name in the official community forums for CyanogenMod or MIUI to see if there is such an on-going effort. (An excellent source to check is Android Forums.) But know that some or several features of your phone may not work if you install such an experimental, work-in-progress build of CyanogenMod or MIUI that is not officially sanctioned by that OSs community. 3. ROOT YOUR PHONE Before you can start to do anything to your phone, youll need to root it, which means basically to unlock the security settings put in place in the OS to prevent it from being altered. Check out GingerBreak to help you conveniently root your phone. Unfortunately, this app tool might not work on more recent Android phones. This guide provides a list of instructions for rooting several specific phone models. 4. BACK UP YOUR CURRENT FIRMWARE AND PHONE DATA You really want to do this if you need to reinstall your phones original firmware and data later (e.g., something goes wrong when you install the unofficial Android firmware; you decide you dont like CyanogenMod or MIUI; or, you need to reactivate your phone with its carrier, something which you cannot do when running either of these unofficial OSs on it). The easiest way to do a back-up is to install ClockworkMod ROM Manager on your phone. Run this app, and select Reboot into Recovery from its menu. This downloads and installs a recovery image profile for your phone, restarts it, and loads a plain-looking text menu, where you can select the back-up process. After the copy of your phones firmware and data is made, you can move it to a computer for safekeeping. Connect your phone by USB cable to your computer, then simply drag-and-drop the backups folder (its on your phones SD card under the folder clockworkmod) from your phones SD card to the latter device.
10

the biggest problem with the android platform has been how slowly many phone makers release the latest version of the os for their older models. if you own such a neglected phone, and dont want to buy a new one, then your best shot is installing unofficial android firmware on it. you are installing CyanogenMod or MIUI, so you should refer to the instructions that specifically are for your phone. Next, you select the ZIP file of the custom Android firmware you placed in the root directory of your phones SD card, and start the upgrade process. It normally takes less than two minutes. If youre upgrading to CyanogenMod: Dont reboot your phone just yet... repeat the above step for the ZIP file containing the Google Android apps. You return to the main menu of the ClockworkMod Recovery tool and select to reboot your phone. After about 2 minutes, it should boot and then run on the custom Android firmware. 7. ENJOY YOUR NEW ANDROID PHONE! Besides updating your phone to a more recent version of Android, CyanogenMod and MIUI can also give it new features and tools, which include better power management, Wi-Fi tethering, stronger security settings, and broader personal customization of the UI. Many users report their phones run faster with one of these unofficial OSs than with the version of Android that came originally installed on it. n

5. PREPARE GOOGLES DEFAULT ANDROID APPS FOR INSTALLATION If youre installing CyanogenMod: Unless you want to keep your to-be-upgraded phone clean of Google apps, youll need to install them separately. CyanogenMod does not include the standard Google apps that typically come pre-installed on an Android phone. So youll have to download a ZIP file that contains the installation packages for apps such as Google Search and, most importantly, the Android Market. Put this ZIP in the main root directory of your phones SD card. 6. INSTALL THE CUSTOM ANDROID FIRMWARE This is the big deal. Download the CyanogenMod or MIUI firmware designed specifically for your phone model, which comes in the form of a ZIP package, and save it in the root directory of your phones SD card. Once again, run the ClockworkMod ROM Manager app, and select Reboot into Recovery. After your phone restarts into the ClockworkMod Recovery tool, you may need to wipe out its data and cache, and format its / system directory -- this depends on whether

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

protecting Android devices

THE CONNECTED ENTERPRISE

By eriC Geier, network worlD

ndroid doesnt rival BlackBerry when it comes to security and enterprise support. But Android devices can still be reasonably secure. Here are some tips to help you protect your investment, privacy, and data.

alert you that someone is trying to guess your password or if you actually have forgotten it yourself. Smart App Protector (Free or $1.50): This also supports number passwords (eight digits) or patterns. The free version lets you protect up to five apps in addition to the Market and Package Installer apps to protect against tampering. The free version also

Data Encryption
Unlike iOS and BlackBerry, most Android devices on the market today dont support full storage encryption, which can keep your data secure from the most determined thief. In Android 3.0, an API was added to the platform to help developers use encryption. Thus in the near future we should see more encrypted Android devices. One developer, WhisperCore, already offers a free beta version of an app for Nexus S and Nexus One devices. Given the lack of encryption (and other enterprise-type features), many businesses are hesitant to support Android for corporate email usage. However, this app helps to at least secure your sensitive work data: Exchange for Android ($19.99 after free trial): Although Android natively supports Microsoft Exchange for corporate access to email, calendar, and contacts, this app adds many more features and improved Exchange support. The native Exchange feature in Android supports SSL encrypted communications between the device and server, but doesnt keep the data on the device encrypted. Thus the data can potentially be recovered by a determined snooper or thief. This app can encrypt the sensitive Exchange data stored on the Android device and can be enforced by security policies set by the network administrators.

Password Protection
Android supports screen lock protection that requires a numeric pin or pattern to be entered before the device can be used. Though Android devices currently dont encrypt the files and data, this can still be a great way to keep out casual snoopers or thieves. However, you must enter this pin or pattern every time you use your phone, or after each time the screen goes black and locks. If you find that too time consuming or annoying, consider using Unlock With WiFi. It will at least prevent you from having to keep entering pin or pattern while connected to your home or work Wi-Fi network usually a safe place where your phone wont be stolen. Use it free with one Wi-Fi network or pay $3.99 for the full version, which can also automatically turn off GPS while on the network saving battery power. If you have a corporate Exchange email account on your phone, you might actually be forced to use screen lock protection via security polices set by your company. This means you also cant use apps like Unlock With WiFi. If you think protecting your entire phone is overkill, you can protect individual apps (like Email, Calendar, Settings, Market, etc) using third-party app protectors. Here are two you might consider: Application Protection (Free): This lets you protect an unlimited number of individual apps with a password of numbers or a pattern like the Android system supports. Its a relatively simple app protector. But you can configure whether to always prompt for the password/pattern, unlock the individual app until the phone is locked again, or unlock all protected apps until the phone is locked again. You can input your email address so you can get a message with the correct password if someone has incorrectly guessed your password 10 or more times. This is helpful to
11

limits you from unlocking all protected apps when entering the password/pattern for one. But you dont have to re-enter the password/ pattern for the same app in a given period of time, or until the phone is locked. You can configure the amount of incorrect password/pattern attempts before you can try again. You can customize the app lock screen background. You can even set a time frame to limit when protection is active. This app also provides some bonus features. You can prevent the screen from turning off when using select apps or auto-rotating. If you only want to protect a few apps, you can probably get away with using the free version. Consider purchasing the Pro version if you need to protect more or you want to only enter the password/pattern once to unlock all protected apps.

Malware, Theft, and Lost Protection

Mobile devices are becoming more like computers, thus becoming more vulnerable to viruses and other malware. Android is even more susceptible than other platforms due to the openness of the platform and App Market and its multitasking capabilities. Therefore youll find many antivirus and security apps for Android. (Laptop theft gives 85,000 doctors the blues.) Mobile devices can also be easily misplaced or stolen. Most security apps include antitheft and locating features to help find your device and protect it in case it gets into someone elses hands. Additionally, some security apps provide backup capabilities of your important data in case its not recovered. Here are two security suites you might consider using to protect your gadget and the data on it:

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

Lookout (Free or $2.99 per month or map and audio locator, remote message, lock $29.99 per year): The free version provides and wipe. T H E C O N N E C T E D E N T E R P R I S card protection is also provided. E malware protection, backup of your contacts, SIM and map/sound locating. The premium ser- Youd receive an e-mail alert if the SIM card vice adds Web browsing protection, backup is changed. Though you wont see the new of photos and calls, remote lock, and remote phone number, you can see the serial number wipe. It also adds Privacy Advisor that shows on new SIM card. Though you cant change the app settings via the Web interface online, you can locate the device on a map and use the other remote features. It also offers simple remote application management, which makes it quick and easy to uninstall apps you dont want anymore. You can also initiate the remote locating/ anti-theft features via texting commands from another mobile phone as well. This is great if you dont have a PC with Internet around. The Pro edition adds SMS and spam protection, an app locker, and backup of your apps.

encrypt stored passwords. The first time you visit a website that needs a password stored by Firefox youll be prompted for the master password, and then it will fill-in the stored password. You can also use Firefox Sync to synchronize your passwords, history, bookmarks, and tabs between all your computers and mobile devices.

Summary
Remember, the first layer of protection is setting a PIN or pattern; or at least locking your sensitive apps with a third-party app protector, such as Application Protection or App Locker II: Fake Crash. Its best to go a step further and encrypt sensitive data, such as your work email using Exchange for Android. Plus keep your eye on WhisperCore and other apps to come that will provide full device encryption. To be better protected in case your Android device gets misplaced or stolen, you should use an anti-theft and remote locator app, such as Lookout or AVG Antivirus. These can also help combat viruses and malware that will likely become more prevalent on mobile devices. Last but not least, you should secure your website passwords with an app like LastPass or Firefox Mobile with the Password Manager add-in. n

Password Management
As with PCs, another security concern is how your passwords are stored by the browser. A determined snooper or thief could potentially recover passwords from your Android. But there are apps and browsers that can store and/or retrieve your passwords using encryption, so not even a hacker could get to them. Here are some solutions: LastPass ($12 per year after free trial): Though LastPass offers a free service, using its mobile apps requires the premium service. It works in conjunction with the other LastPass mobile and PC apps, so youll have the same login credentials and form details stored for both PCs and mobile devices. It also supports the storage and auto fill of form data (name, email, address, credit card details) and secure notes. LastPass installs a new Web browser, which you must use to access your LastPass account and the stored credentials. One big disadvantage of using this browser is the lack of a bookmark feature, which is provided by the native Android browser. If the LastPass browser doesnt cut it, consider installing Dolphin Browser HD and its LastPass add-in or Firefox Mobile and its LastPass add-in. Though the browsers are free, the add-ins still require the premium service of LastPass. Firefox Mobile (Free): You could install the free Firefox Mobile browser and until they add native support use its Password Manager add-in to password protect and

which apps can access your personal data, such as contacts, location, SMS text messages, and identity info. Both the free and premium services give you Web access to their online dashboard. There, you can review and change the app settings, access your backed up data, locate your phone on a map, and perform other remote locating/protecting tasks. Though there isnt a specific SIM card protection feature, if the card is changed, you can see the new phone number online. AVG Antivirus (Free or one-time $9.99): The free version provides malware and Web browsing protection. It supports backup of contacts, text messages, bookmarks, calls and system settings. It offers all the basic anti-theft and locating features for no charge:

12

www.networkworld.com tHe connected enterPrISe

NetworkWorld INSIDER

S P E C I A L R E P O R T : : J U LY 2 0 1 1

How to optimize your infrastructure

THE CONNECTED ENTERPRISE

By Dean evans anD ryan Martin, aliGn, network worlD hile many enterprises have been able to creatively manage IT demand through the recession without much infrastructure change, exponential data growth is driving the need for infrastructure consolidation and optimization. Here are five tactics that have proven to help IT transform the data center, taking into account current economic and financial conditions and the importance of delivering ROI while minimizing capital expenditures:

expense related -- is just as considerable as the savings. For example, the Australian government anticipates spending $1 billon to achieve $1 billion in savings over the course of a 15-year project. Thats why its imperative to thoroughly lay out the approach and take timing and scale into account. Another example of this is Intel. With 100,000 servers in more than 97 global data centers, Intel started investigating its inventory as early as 2001, then began executing its plan in 2006. The plan is expected to take seven years to complete. Tip No. 3: Choose low-cost relocations Historically, major data center facilities are located within 100 miles of company headquarters. Accessibility near a major airport, technical talent and access to high-speed communications were once some of the main drivers determining data center locations. However, todays drivers are led by access to large and inexpensive amounts of power, with small cities rapidly advancing as a top pick. Google is in the process of completing a number of new data centers in places like Council Bluffs, Iowa, The Dulles, Ore., and Pryor, Okla. For organizations hesitant to scout for new sites and negotiate direct benefits via tax and property breaks, special real estate developers are stepping up with prefabricated lease and build-to-suit options. One such development firm is Digital Realty Trust (DRT) whose recent expansion in downtown St. Louis was spotlighted in The New York Times. Tip No. 4: Reduce the data center footprint With growth in information, theres a need for more space. And yet access to capital will continue to be difficult for some time so you must understand and plan for alternatives to building or leasing an incremental data center. Alternatives include shared facilities to colocation and even cloud. Some not only displace capital expenditure spending, but also provide cost savings, flexibility and scalability not attainable with a new data center. One interesting example is the holding company that was established after investment firm Lehman Brothers was dissolved in 2008. Faced with a major restructuring, Lehman Brothers Holding Inc. (LBHI) turned to an outsourced IT services firm to help determine the technologies that could create an

Tip No. 1: Leverage lower-tier data centers Leveraging lower-tier data centers for resiliency is one of the most effective ways to lower costs because the higher the tier, the bigger the pocketbook burden. Many organizations with high-availability applications maintain redundant high-tier data centers. While these applications still require high availability, you can use lower-tier and lower-cost sites for noncritical applications and archival storage. In fact, this should be the case for any organization outside of certain government operations or those in the financial services industry. When evaluating the option of moving to a lower-tier data center, your business needs and requirements for recovery times should be top of mind. Recovery times are independent of a data centers availability or uptime, and provide flexibility for use of lower-tier data centers. Cooling and operating a $2,500 server in a Tier-2 data center costs about $1,320 in electricity and facility operations compared to $1,870 for a Tier-3 center. That is 42% premium. As the electricity portion of the costs rises, the disparity between the two tiers will rise as well due to the differences in equipment power and cooling requirements. Tip No. 2: Consolidate data center operations Another path to optimization is to consolidate internal data center operations. The opportunity to significantly reduce costs and gain green credits by reducing your footprint is hard to ignore. Savings from such a transformation can range from 20%-60%. However, the investment -- both time and
13

infrastructure which would be quick to deploy, flexible, highly secure and cost-effective. Critical to LBHIs success was its decision to rent infrastructure on a monthly basis rather than buy equipment. This allowed LBHI to save on capital investments while utilizing the services firms project-management, integration and managed-services expertise. As the transition got underway, an on-site, private VMware cloud-computing platform delivered speed and flexibility for time-sensitive applications and data, while less critical applications and data were migrated to an offsite location. This hybrid approach maximized the benefits of both solutions -- low-latency computing through on-site technology combined with cost savings from off-site storage. In order to ensure business resiliency, all locations were also replicated to a disaster recovery site. Tip No. 5: Put SaaS and PaaS to work in the data center Until recently, cloud solutions like software as a service (SaaS) have been characterized as having form over function, designed for a large population of users, and ideally suited for small to midsize businesses. However, as IT is increasingly tasked with tightly managing budgets and showing rapid ROI, SaaS must be moved closer to the top of the list. This model not only reduces infrastructure and support requirements, but helps speed time to implementation. Platform as a service (PaaS) provides a couple of options. From an infrastructure perspective, development environments that use any of the platforms can be eliminated, reducing server hardware from the budget. From the application perspective, development teams can be grouped within PaaS enterprise licensing arrangements and have access to new environments in real time, reducing internal infrastructure middlemen and time lags. Finally, PaaS frameworks are open-source code and can typically easily be integrated with their SaaS counterparts. These new models require the transformation of IT functions into a comprehensive service-based approach, and demand tight integration among application, facilities and technology teams to plan, design, migrate and operate data centers that accommodate a more flexible service delivery architecture. n

www.networkworld.com tHe connected enterPrISe