Debra Shinder WS Blog

There has been a general consensus that, when it comes to Windows tablets for business, those running Windows 8 Professional are the most appropriate choice. There are many reasons for that from a security point of view: Windows 8 Pro supports enterprise level security technologies such as EFS and BitLocker, and can be managed as a member of a Windows domain. But Brien Posey says you shouldn’t automatically dismiss Windows RT:
http://uk.enterpriseefficiency.com/author.asp?section_id=2725&doc_id=259507

Of course, assuming you’re deploying company-owned devices rather than engaging in BYOD, substituting RT tablets for Intel-based ones, at least for certain users, can save the company money – but there are security advantages, too. Because it runs on ARM instead of x86/x64, RT is not vulnerable to malware written for the latter platforms, and because its desktop is locked down and doesn’t allow installation of legacy software, and the apps in the Microsoft Store are vetted, users can’t get into trouble downloading and installing malicious programs.

As for usability, my own experience with RT led me to the surprising conclusion that you can actually get a lot of work done with the device:
http://www.techrepublic.com/blog/tablets/hands-on-getting-real-work-done-with-surface-rt/2855

One big impression that I took away from CES 2013 was that there are a lot of tablets out there already, and a lot more are on the way. How is a vendor to distinguish its product from all the others? If you’re targeting the enterprise, and especially vertical markets such as healthcare or other highly regulated industries that are required to comply with security and privacy mandates, one way is to build in extra security.

That’s what Dell has done with their new Latitude 10. It’s a 10 inch tablet running Windows 8 that outdoes the iPad in several ways, including built-in encryption (with file-level encryption in the works) and two factor authentication support via smart card or fingerprint scan. Of course, it can also be managed in a Windows domain environment like any other Windows 8 computer. All of that security enhancement puts it a step ahead of most popular tablets, even without the non-security features such as the removable/replaceable battery.

Ed Tittel did a quick review of the Latitude 10 over on his blog, and pretty neatly sums up both its advantages and a few significant “worry points.”

http://itknowledgeexchange.techtarget.com/vista-enterprise-desktop/dell-latitude-10-viable-healthcare-tablet-option/

Last Friday, Microsoft’s Azure cloud, the one that the company is “all into,” experienced a major outage. This seems to be shaping up to be an annual event, as Azure users will remember an outage last February, too. This one was caused by an expired SSL certificate, proving once again that security and accessibility are (logically) at odds with one another. You can read more about it here:

Do you have users in your organization who need to dual boot Linux with Windows 8, or who need to just run Linux on a new PC that came with Windows 8 pre-installed? Some small businesses, especially, have found themselves in that position with no easy solution. The Secure Boot feature in Windows 8 can make installation of other operating systems difficult.
Now it’s a little easier. The Linux Foundation has worked with Microsoft to obtain the proper security keys and has released the first version of a UEFI bootloader. This isn’t something for Linux novices, but it will provide a tool that expert Linux pros can use to overcome the obstacles of installing on Windows 8 systems. So if you’re a *NIX whiz kid, or have one on staff, check it out.
Read more here:
http://www.zdnet.com/linux-foundation-releases-windows-secure-boot-fix-7000011084/

IT today seems to become more regulated by the minute. As organizations move their assets into the cloud, and as providers plan the offering of cloud-based services, it’s imperative to keep abreast of the legal implications. There’s a whole lot more to it than understanding HIPAA or GLB – although those are complicated and confusing enough. Court decisions, as well as legislative action, can change the interpretation and application of existing laws or create new ones. When the cloud resources are spread across multiple jurisdictions, things get even more complex.
The Cloud Security Alliance (CSA) announced at the RSA conference today that they will be forming a Cloud Legal Information Center (CLIC) to assist cloud computing practitioners and providers to become aware of all the implications of the laws that govern the technology. Read more here:
https://cloudsecurityalliance.org/csa-news/csa-to-establish-new-legal-information-center/

Java is regularly plagued with security issues and many individuals and organizations have given up and disabled it altogether on their systems’ web browsers rather than take the risks. That’s looking like a better and better idea, as more and more web sites move to HTML 5 instead and more and more vulnerabilities pop up. The critical vulnerability reported in January is followed this month by two new issues that have been discovered by a Polish security research company that can bypass the Java sandbox and allow attacks to infect computers in zero-day attacks. Read more here:
http://nakedsecurity.sophos.com/2013/02/25/zero-day-vulnerabilities-java/

Microsoft just recently published a new set of papers in the download center that were designed to provide a reference IT pros can use to design, plan and implement an IaaS (Infrastructure as a Service) solution within their organizations.

We all know BYOD is a hot trend and it appears to have momentum; I don’t think that train is going to be stopped anytime soon.

If you benefitted from the white paper to which I linked in my previous blog post, here’s another that goes well with it. This one delves into the identity infrastructure capabilities that are specific to both on-premises and cloud computing and how such an infrastructure can be implemented using Microsoft solutions. The previous document is something of a prerequisite, since you really need to already understand the four pillars before you dive into this one.

http://gallery.technet.microsoft.com/Identity-Infrastructure-f19a7123/view/Reviews

I’ve written a lot about identity and identity management over the past year, and interestingly enough, my husband has lately gotten interested in the same subject and is doing work in that area at Microsoft – particularly as related to hybrid IT and the new private cloud model. At Microsoft, ID management is based on four pillars that organize the identity management concepts for easier understanding. This TechNet document discusses how to create an identity infrastructure within a hybrid network environment, using those four pillars.

http://gallery.technet.microsoft.com/The-Four-Pillars-of-31ee0915/view/Reviews