Skip to main content
Monthly Archives

October 2014

BYOD: California Court Decides Who’s Wearing the Pants

By News3 Comments

Article originally featured in ITBriefcase.net

The workplace trend of BYOD (Bring Your Own Device) is nothing new. What remains unclear, however, is the burden of ownership, cost and security. When employees bring their own cell phones, laptops or tablets to work, there’s a fair chance they’ve personally purchased those devices—data plans and all. In fact, some employers today require a BYOD policy, with no intention of paying for any of it. As one CIO bluntly put it, “Well, we don’t buy their pants either, but they’re required for the office.”

Fortunately, not all employers take such a cynical approach to workplace reimbursement, nor do they subscribe to a one-size-fits-all BYOD policy. While many view the trend as a potential win-win for everyone, the need for clarity is apparent. At least that’s what the California Court of Appeals decided when it handed down a ruling in August 2014 regarding the workplace trend. In Cochran v. Schwan’s Home Service, the court stated:

“We hold that when employees must use their personal cell phones for work-related calls, Labor Code section 2802 requires the employer to reimburse them. Whether the employees have cell phone plans with unlimited minutes or limited minutes, the reimbursement owed is a reasonable percentage of their cell phone bills.” 

This ruling solidified the responsibility of employers throughout the state of California to now provide reasonable reimbursement to all employees using their personal cell phones for work-related calls.

Indirectly, the ruling opened up a Pandora’s Box, unleashing ambiguous questions and concerns regarding data security, liability and actual reimbursement percentage figures—for all devices.

Just the thought of required reimbursement has left many business owners and CIOs feeling uncertain about the reality of BYOD’s future. While the practice isn’t exactly new, the trend is contemporary enough for a few larger companies to consider the recent court decision a death knell.

Establishing Order

Before we throw the BYOD baby out with the bathwater, let’s examine the facts of this widely misunderstood case. First, the ruling pertains exclusively to employee cell phones. Second, the now-required reimbursement is based on a “reasonable” percentage—partial, not complete; and finally, California is the only U.S. state affected by this decision so far.

While the court decision will undoubtedly have an impact on BYOD practices throughout the U.S., the benefits of the trend unarguably outweigh the deficits. BYOD was established to accomplish objectives for both the employer and employee. In theory and in practice, BYOD gives employees freedom to utilize cutting-edge technology, which has the capacity to not only enhance their own job performance but also benefit the corporate entity or employer, who also garners the additional benefits of lowering overhead costs and alleviating liability for devices connecting to the corporate network.

The trend, when properly implemented and regulated, has the ability to grant employees access to enterprise data from a single device. It also potentially benefits the IT department by eliminating the need to manage these personal devices. For example, if an employee downloads a pirated movie onto a work device their employer (the owner of the device) could be held legally liable; however, with BYOD, the device is owned by the employee so the liability lies with them personally.

Down the Rabbit Hole

Perhaps the real debate lies with provisions and compliance. In response to the California court ruling, the National Law Review recently advised employers to revisit their company cell phone policies. This call for review is a good start and should prompt employers to instate more comprehensive BYOD policies designed to protect the privacy of both the employee and the corporation. Companies and employees would also greatly benefit from clearly defining their “percentage of reimbursement,” shifting the liability to the center, and firmly differentiating business and personal use. On the other hand, this could lead to more concerns regarding ownership and responsibility of home Internet connections and cable bills. Drawing a line in the sand will be an on-going challenge—at least for now.

In the meantime, enterprise solutions currently deployed by California companies need not be affected by the recent ruling, as some of the more comprehensive options—made with enterprise-grade security features in mind—have the ability to proactively monitor and manage their environment from any web browser, meaning the type of device used should have no effect on employee productivity and corporate security.

Reconfiguring the System

If BYOD vanishes from our corporate landscape, the only viable alternative will be to take a step backward. By chaining employees to outdated or unsuitable corporate-owned devices and software that require maintenance and careful monitoring, companies risk the real possibility of not only impeding an employee’s performance but also discouraging an already skittish workforce—a high price to pay.

If nothing else, the ruling will push us in another direction; one where new enterprise solutions are required in order to navigate uncharted waters. BYOD isn’t dying; it’s evolving.

Ashley 199x300 BYOD: California Court Decides Who’s Wearing the Pants

ABOUT THE AUTHOR: Ashley Leonard is the president and CEO of Verismic Software—a global industry leader providing cloud-based IT management technology and green solutions—and a technology entrepreneur with 25 years of experience in enterprise software, sales, operational leadership and marketing, including nearly two decades as a successful senior corporate executive and providing critical leadership during high-growth stages of well-known technology industry pioneers. He founded Verismic in 2012, after successfully selling his former company, NetworkD—an infrastructure management software organization. In his present role, Leonard manages U.S., Australian and European operations, defines corporate strategies, oversees sales and marketing, and guides product development. Leonard works tirelessly to establish Verismic as the leading provider of IT endpoint management solutions delivered from the cloud by building beneficial industry partnerships and creating a strong, innovation-driven culture within the Verismic workforce, all while delivering returns to Verismic’s investors. Verismic’s latest offering, Syxsense , is an agentless, cloud-based IT management software solution that is revolutionizing the way IT professionals engage in endpoint management.

ABOUT VERISMIC: Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology and green solutions focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 35,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, Syxsense ; Power Manager; Software Packaging and Password Reset.

Verismic Software Announces Expansion With Addition of Salt Lake City Location

By NewsNo Comments

SALT LAKE CITY, UT and ALISO VIEJO, CA–(Marketwired – Oct 22, 2014) –  Verismic — a global provider of IT management solutions delivered from the cloud — today announced the expansion of its cloud software operations with the opening of a new development center in Salt Lake City.

“Salt Lake City is an ideal location for great software development talent, allowing us to continue developing industry-leading cloud technologies,” says Verismic President and CEO, Ashley Leonard. “Our presence in the burgeoning cloud technology industry strategically positions us for growth as we continue to develop innovative solutions to complex infrastructure problems.”

Headquartered in Orange County, Calif., and with offices in the U.K. and Australia, Verismic made its mark by transforming IT management with Syxsense — an agentless, cloud-based IT management software alternative that is revolutionizing the way IT professionals engage in endpoint management. The company also offers a growing product suite of IT support and green technology solutions.

Verismic relocated its Chief Technology Officer, Mark Reed, from Florida to lead the building of the development team in the Salt Lake City region. The expanding company has hired great talent and expects to continue this growth with further staff additions through the rest of 2014 and in to 2015.

“The skill level within the Salt Lake City area is impressive, and we have been thrilled thus far with the interest in our expansion to the region,” says Reed, a Salt Lake City native.

The newest Verismic Software office is located at 175 West 200 South, Salt Lake City, UT 84101 — in the Historic Firestone Building within the heart of Salt Lake City.

For more information on Verismic’s steady growth and innovative solutions, visit www.verismic.com.

ABOUT VERISMIC:
Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology and green solutions focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 35,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, SyxsensePower Manager; Software Packaging and Password Reset. For more information, visit www.verismic.com.

Patch Tuesday: Back In Full Swing!

By Patch Management, Patch TuesdayNo Comments

After a relatively light Patch Tuesday last month, October’s security updates are back in full swing. With a total of eight security bulletins covering a total of 24 vulnerabilities discovered in Internet Explorer, Office, and the .Net framework, three of these are rated as critical – full details can be seen below.

Critical updates

Internet Explorer features heavily in this month’s update, with the first Critical update, MS14-056, addressing 14 privately reported vulnerabilities, scoring a CVSS of 9.3. The most severe of which could allow remote code execution giving the attacker the same admin rights as the current user.

The second of the Critical updates, MS14-057, could also allow remote code execution if the attacker sends a specially crafted URI request containing international characters to a .NET web application. The three privately reported vulnerabilities score CVSS 9.3, so remediation should be done as soon as technically possible.

The final of this month’s Critical updates, MS14-058, resolves two privately reported vulnerabilities in Windows, again with a CVSS score of 9.3. Once again the more severe of the two could allow remote code execution. What is interesting here is that the attacker would have to rely on a phishing attack to exploit this vulnerability as it requires the attacker to convince a user to open a specially crafted document or visit a untrusted website.

Important update – but no less critical

By far the most important patch in this month’s update is MS14-060 as there are already zero-day attacks taking advantage of this vulnerability, so remediation is recommended as soon as technically possible. While this security update is only rated Important by Microsoft, it has been independently scored CVSS 9.3 for all supported release of Microsoft Windows, excluding Windows Server 2003.

The security update resolves a privately reported vulnerability in Microsoft Windows that could allow remote code execution if a user opens an office file containing a specially crafted OLE object. This would allow an attacker to execute any command in the context of the user such as installing programs; view, change, or delete data; or create new accounts with full user rights.

Next steps

As always it’s vital to update the Critical vulnerabilities at the earliest opportunity, so we will be analysing the binary code for each patch update and will be rolling out the updates to all of our customers through the agreed deployment process using Verismic Syxsense.

Update no.
CVSS score
Microsoft score
Affected Software
Details
MS14-056 9.3 Critical Microsoft Windows, Windows Explorer Cumulative Security update for Internet Explorer (2987107)
MS14-057 9.3 Critical Microsoft Windows, Microsoft .NET framework Vulnerabilities in .NET framework could allow remote code execution (3000414)
MS14-058 9.3 Critical Microsoft Windows Vulnerabilities in Kernel-Mode driver could allow remote code execution (3000061)
MS14-060 9.3 Important Microsoft Windows Vulnerability in Windows OLE could allow remote code execution (3000869)
MS14-061 9.3 Important Microsoft Office, Microsoft Office services, Microsoft Office web app Vulnerability in Microsoft Word and Office web apps could allow remote code execution (3000434)
MS14-063 7.2 Important Microsoft Windows Vulnerability in FAT32 disk partition driver could allow elevation of privilege (2998579)
MS14-062 6.8 Important Microsoft Windows Vulnerability in message queuing service could allow elevation of privilege (2993254)
MS14-059 4.3 Important Microsoft Developer tools Vulnerability in ASP.Net MVC could allow security feature bypass (2990942)

Reducing Endpoint Management Bloatware

By NewsNo Comments

Originally printed at www.btc.co.uk

Ashley Leonard, President and CEO of Verismic explains his view on the imperative of simplifying Endpoint management

It’s now well accepted that employees use multiple devices in the workplace. Desktop PCs have been augmented with laptops, tablets and smartphones. The Internet of Things will make the penetration of internet connected devices into the corporate world even greater.

The risk to the corporate network caused by unmanaged and potentially unpatched devices, commonly called endpoints, is significant. After all, it only takes one rogue to create a security flaw, so thousands could wreak havoc. Traditional endpoint management tools fail to protect businesses by being cumbersome. They are too complex, function heavy, unwieldy, and too demanding of resources: especially people and infrastructure.

COMPLEXITY 
Endpoint management tools have grown in complexity. Vendors add more and more functions to their core product, often unnecessarily, and all too often failing to help organisations control endpoints quickly and efficiently.

When speaking to organisations, from the smallest to the largest, 99 per cent of the time they primarily want asset inventory and remote control tools. That’s what they need urgently and use frequently. Customers also use software deployment and patching but only in around 75 per cent of cases. The remaining functionality of endpoint management tools is generally wasted, confusing and delaying the endpoint management process.

As a result of the excessive functionality, the User Interface (UI) of traditional tools inherits this complexity too. For IT, it becomes harder to find their way around the UI, which inevitably leads to additional costs for supplier training services or even worse, administrators giving up and performing tasks the old way.

It’s also quite often the case that traditional endpoint management tools actually require dedicated people, systems administrators, to manage the tools and keep them running, such is their complexity. Without the right people how do you even know the tool is running efficiently and effectively? It might not even be running at all. If your business doesn’t have that person or team, you’ll need to hire.

That’s another unwanted cost and another delay to managing devices – and costs are not just limited to people and training either. Traditional endpoint management tools also generate additional costs for servers, software and maintenance. This is usually a significant upfront cost as well as an ongoing maintenance cost. Some of these tools even require servers at each site within the organisation.

MANAGE YOUR ENVIRONMENT, NOT YOUR MANAGEMENT TOOL
Endpoint management tools should remain simple, focused and flexible. Here’s what businesses should be demanding:

  • A product which starts with the primary requirement for asset inventory, remote control, software distribution and patching, with additional functionality available instantly 
  • They need a simple UI, but with the flexibility to interrogate the system in more detail if required
  • Naturally, they need low monthly payments with no long-term contract
  • Businesses need endpoint management tools, which are quick to deploy and provide rapid asset discovery, even for modern environments which operate BYOD policies, virtual environments and mobile device fleets. This means using endpoint management tools which operate from the internet using agentless technology, and do not require the installation of clients that require constant updates and patches
  • Finally, endpoint management tools should operate from the cloud, because today’s endpoints are inside and outside the firewall. Cloud endpoint management is also better suited to Managed Service Providers, who frequently support customers outside the firewall. 

We’re seeing fewer and fewer businesses sign up for on premise software and an increasing demand for cloud services. Businesses neither want nor need to worry about hardware costs and the recruitment of systems administrators.

In 2014, flexibility and simplicity is the name of the game. Endpoint management providers and tools which can’t demonstrate these core principles are destined for the endpoint scrapheap. NC