Embracing Consumerisation: Data and Apps


My last post was about how, in order to embrace consumerisation, you need to start thinking in terms of managing the access that people and devices have, or more accurately the access that People on Devices have.  This post is an extension of that previous post in that we’re going to start thinking about the two other of the four ingredients in our consumerisation cocktail that represent the things that people want to access.

MS Dublin DC Server PodsOther than admins no person should ever have to think about accessing a server, they shouldn’t need to be thinking – “golly gosh I need to access the latest sales data so I need to go to \\sales\2012\march\week3\some-random-share\sales.xls”.  In fact no person ever really wants to have to remember that, they just want to access the sales information.  More over they really don’t need to be thinking, “what credentials were they, umm, lets try this, no, how about this, no err, how about…”.  People just want access to information.

OK, it’s not that simple, they do need a way to access that information but we can see a marked shift here too in resent times.  Today people think in terms of Apps, services have become apps – just pick up the mobile device nearest you and the proof is instantly visible.  There are also really only two types of Apps too: Viewing and Doing.  The former category, Viewing, are in fact ways to consume information and the latter so they fall into our information category, Doing, are generally ways to create information.  It’s hard to cite a single example of anything other than these two.(You could argue that there’s a 3rd type, Games, but that’s about it).

What we need to do when we consider how to allow a more consumerised environment – whilst also protecting our corporate assets – to control who has access to Do what with Information.  Nothing new, it’s a problem we’ve had for many years and we have a wealth of well known solutions, but do they stack up in this brave new world?

Old solutions, new problems

Today what many organisations are doing is using the same old solutions, that were perfectly good in the past, applied to todays problems and they’re being effective some of the time – but not all.  The old way to manage information was to manage who had access to it where it rested, on the server, but the trouble with that approach is that the information is no longer at rest, it’s constantly moving and through many applications, devices and people.  How do we cope?

To give you an example, what happens when your CFO emails the financial accounts to his home PC because it’s more convenient.  The chances are that the information is only protected at rest, so when it’s attached to an email that protection (the file system ACL) is removed, it then goes over a HTTPS (good) connection to the email provider (who could then read it at will) then it lands on his mobile device…or rather it wood if he’d sent it to the correct email address, instead it lands on JoeBloggs@contoso.com ‘s device not Joe.Bloggs@contos.com ‘s email inbox.

The best idea is to manage the information assuming it’s mobile, assuming that it will leave the confides of the firewall, essentially assuming the worst case will happen.

In a modern environment where employees can use their own devices and you might not have access to control those devices your best approach is to manage the information in a way that never leaves the information.  To embed security into the information.

Rights management comes of age

We’ve had a technology built into Microsoft Office documents, built into Microsoft Exchange and built into Windows for quite some time to manage this issue but now is the time to turn it on.  Rights Management is built on the requirement that the App that is opening the information (the document, the email) will check to see what the person opening the document can do.  The App does this by requesting that information from Active Directory Directory Services, normally this only happens if the device is allowed to request that information.  As such you have a mechanism to ensure that the right person can access the information from a device or App that’s secure enough to store the information.

You might well notice that again, the two variables of management you have remain People and Devices.

A second thought might well be that you need some kind of rich client software (Microsoft  Outlook 2010, Microsoft Word 2010) in order to ascertain the rights that the user has over the information.  Apps of course don’t have to be delivered on a device, they can be delivered as a Web App and AD-RMS works with Office Web Apps.  Web Apps of course play an important part in the mix.  With Web Apps you have a way to reduce the potential for data walkabouts because with a web app your data doesn’t need to leave your firewall – even though it’s displayed through a web portal outside your firewall.

Access to apps

Apps probably cost money and as such you will probably want to protect access to apps not primarily to prevent access to information but to prevent you from overspending.  Controlling access to apps is a fairly simple process but it’s something we’ve done a great job of automating in System Center Config Manager 2012 – which is a future post all of it’s own.  The key thing to remember though is that SCCM 2012 implements and user self service request mechanism and administrator approval mechanism for application installs, in addition to admin driven installations.  Essentially you get a corporate Store for Apps – and people are comfortable with that these days, just look at your mobile device.

Key things to remember about information and apps

Control access to information at rest and in motion based on People and Devices and try to control access to apps to manage cost not information – after all what would you do if the user brought their own app?

Comments (1)

  1. show box says:

    Thanks.

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    http://showboxandroids.com/showbox-apk/
    http://showboxappandroid.com/
    Latest version of Showbox App download for all android smart phones and tablets.
    http://movieboxappdownloads.com/
    It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    http://showboxappk.com/showbox-for-ipad-download/
    http://showboxappk.com/showbox-for-iphone/
    Showbox for PC articles:
    http://showboxandroids.com/showbox-for-pc/
    http://showboxappandroid.com/showbox-for-pc-download/
    http://showboxforpcs.com/
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings.
    http://www.showboxforipad.org/showbox-apk/
    Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above
    all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.
    http://www.showboxforipad.org/
    http://movieboxappdownloads.com/moviebox-apk-android/
    http://movieboxappdownloads.com/download-moviebox-pc/
    Movie Box, an esteemed movies application in which you can find stacks of programs and films. The guide is given here to download Movie Box app to Android and to Apple iOS 9.0.2, iOS 8.4/8.3 and also for the lower versions without Jailbreak.
    http://showboxforiphone.org/
    Please do login to Showbox application with the help of Ymail. You can login in Ymail from here –
    http://ymaillogintips.com/
    Sign Up & Do registration for latest movies on Showbox applic