“Networks without Borders” are rapidly becoming the rule rather than the exception.
The demand for all access all the time, along with the rapid rise in remote, telecommuting, part-time and transient workers, has rendered network borders obsolete and made networks extremely porous. 21st Century networks more closely resemble sieves than citadels.
Gone are the days when data resided safely behind the secure confines of the firewall — when employees clocked in promptly at 9:00 a.m., sat stationary in front of their computers, never accessed the Internet, logged off at 6:00 p.m. and stayed offline until the next workday.
Today’s workers are extremely mobile, always connected and demand 24×7 access to the corporate network, applications and data via a variety of device types — from desktops to smartphones — irrespective of location. Workers at 67 percent of all businesses worldwide travel, telecommute and log in remotely at least several days a month, ITIC survey data indicates. At present, one-out-of-eight employees use their personal computers, notebooks and smartphones to access corporate data.
From an internal perspective, the ongoing economic downturn has resulted in layoffs, hiring freezes, budget cuts and less money and time available for IT training and certification. At the same time, enterprise networks and applications have become more complex. IT departments face increasing pressure to provide more services with fewer resources. Almost 50 percent of all businesses have had budget cuts, and 42 percent have had hiring freezes, suggests a recent ITIC survey of 400 firms. An overwhelming 84 percent majority of IT departments just pick up the slack and work longer hours!
External pressures also abound. Many businesses have partners, suppliers and customers that require access. Additionally, many organizations employ outside consultants, temporary and transient workers who need access to the corporate network from beyond the secure confines of the firewall.
This type of on-demand, dynamic access is distinctly at odds with traditional security models. The conventional approach to security takes a moat and drawbridge approach: to contain and lock down data behind the safety of the firewall. IT managers have been trained to limit access, rights and privileges — particularly with respect to transient workers, outside consultants and remote and telecommuting workers. And who can blame them? The more network access that is allowed, the greater the risk of litigation, noncompliance and compromise of the integrity of the corporate network and data.
The Porous Enterprise
It’s tedious and time-consuming to provide secure, ubiquitous access to an array of mobile and home-based employees, business partners, suppliers, customers and consultants who need permanent or temporary access to the network. It necessitates constant vigilance on the part of the IT department to monitor and provision the correct access rights and privileges.
The conundrum for IT departments is how to easily, quickly and cost-effectively provision user account access while preserving security and maintaining licensing compliance. The emerging Virtual Desktop Infrastructure (VDI) technology, which allows users to control a desktop running on a server remotely, can address some of these issues, but VDI doesn’t solve all the problems.
An intriguing alternative to VDI is nascent software application from MokaFive, which is designed specifically to plug the holes in the so-called “porous enterprise.” MokaFive, based in Redwood City, Calif., was founded in 2005 by a group of Stanford University engineers specifically to enable IT departments to swiftly provision network access without the cost and complexity of VDI solutions.
MokaFive is not the only vendor exploring this market; its competitors include VMware (via the Thinstall acquisition); Microsoft (via the Kidaro acquisition), LANDesk and Provision Networks. However, the MokaFive offering is, to date, the only “pure play” offering that enables organizations to provision a secure desktop environment on the fly to individual users rather than just an entire group.
The MokaFive Suite is actually a set of Desktop as a Service facilities that are operating system-, hardware- and application-agnostic. MokaFive’s desktop-management features enable IT administrators to centrally create, deliver, secure and update a fully contained virtual environment, called a “LivePC,” to thousands of users. Contract workers can log on via guest access; there is no need for the IT department to specially provision them. The MokaFive Suite facilitates ubiquitous access to email, data and applications irrespective of location, device type (Windows or Macintosh) or the availability of a hard-wired network connection.
I discussed the product with several IT executives and administrators who immediately and enthusiastically grasped the concept.
Dial In, Dial Up, Dial Down
“This a very cool idea,” said Andrew Baker, a 20-year veteran VP of IT and security who has held those positions at a variety of firms, including Bear Stearns, Warner Media Group and The Princeton Review. “The most tedious aspect of configuring a worker’s experience is the desktop,” he said.
Typically, the IT manager must physically configure the machine, set up the access rights, privileges and security policies, and deploy the correct applications. This is especially problematic and time-consuming, given the increasing number of mobile workers and transient workforces.
The other issue is the constant need to reprovision the desktop configuration to keep it up to date. The MokaFive Suite “saves precious time, and it solves the issue of the disappearing network perimeter,” Baker said. “I love the idea of being able to be secure [and] platform-agnostic, and being able to support multiple classes of workers from a central location.”
MokaFive’s LivePC images run locally, so end-users simply download their secure virtual desktop via a Web link and run it on any computer (Windows or Macintosh). IT administrators apply updates and patches to a single golden image, and MokaFive distributes the differentials to each LivePC. The entire process is completed in minutes by a single IT administrator.
Once the MokaFive LivePC link is up and published, users are up and running, regardless of whether it’s one person or 100 people. The traditional method of physically provisioning an asset can involve several IT managers and take anywhere from two days to a couple of weeks. It involves procurement, imaging, testing, certification and delivery of the device to remote workers. MokaFive could cut administration and manpower time by 30 percent to 60 percent, Baker estimated, depending on the scope of the company’s network.
MokaFive also requires less of a monetary investment than rival VDI solutions and doesn’t require IT administrators to learn a new skill set, claimed MokaFive VP of Marketing Purnima Padmanabhan.
“VDI does enable companies to ramp up and quickly provision and deprovision virtual machines (VMs); however, the IT department is still required to build out fixed server capacity for its transient workforce,” Padmanabhan said. Oftentimes, the additional capacity ends up going to waste.
“The whole point of contractors is to dial in, dial up and dial down expenses, and that’s what MokaFive does,” she added.
Worth a Look
Corporate politics frequently determine access policy at the expense of security, observed Steve Sommer, president of SLS Consulting in Westchester, New York. Sommer spent 25 years simultaneously holding the positions of CIO and CTO at Hughes, Hubbard & Reed, a NYC law firm with 1,200 end-users — including 300 attorneys — in a dozen remote locations.
“A company’s knowledge workers — lawyers, doctors, software developers — who drive large portions of revenue will demand all-access all the time, and security be damned,” he said. “In the past, it was an either/or proposition.”
With the MokaFive Desktop as a Service approach, all the data is encapsulated, encrypted and controlled. Organizations now have the option to manage the permanent workforce as well as temporary contractors and consultants who use their own personal devices quickly and easily. IT managers can provision a virtual machine (VM) on top of MokaFive or give the remote user or contract worker an HTML link that contains the MokaFive LivePC.
The end-user clicks on the link to get a completely encapsulated VM environment, which is controlled through policies using MokaFive. It can be completely encrypted at the 256-bit AES encryption. The entire environment is managed and contained, and it is kept updated with the latest passwords, connections, application versions and patches. When the user or contract worker leaves the company, the IT department issues a root kill signal, and all the licenses are retrieved and called back, ensuring compliance.
“MokaFive is a boon for IT departments and end-users alike; no more worrying about provisioning and version. I love the fact that it’s application-, hardware- and operating system-agnostic,” Sommer said. “And it also has distinct time-saving benefits for the end-user or transient workforce. They can take their work with them wherever they are, and they don’t have to worry about borrowing a notebook or PDA and ensuring that it’s properly configured with the correct version.”
MokaFive already has several dozen customers and prospects and is gaining traction in a number of vertical markets including financial services, legal, healthcare, government and education. Given the burgeoning popularity and mainstream adoption of VDI, the MokaFive Suite represents a viable alternative to organizations that want a fast, cost-effective and nondisruptive solution that lets IT departments provide efficient and secure network access. It’s definitely worth exploring, and MokaFive offers free trials for interested parties via its Web site.
Laura DiDio is principal at ITIC, a research and consulting firm that covers the high-tech industry.