Captain Kirk’s Got the Lync Federation Blues

Today’s post comes from Norv Leong, Director of Product Marketing at Actiance.

Star Trek’s popularity has spanned several generations.  The captains’ names have changed (Kirk, Picard, Archer) through the years, but the fans’ devotion and passion have continued to chug along.  The show was premised on federations and how many beings of different colors, shapes, and beliefs could still get along (save for the Klingons).

The same concept holds for federation when it comes to real-time communications.  Gone are the days of closed networks where you can only talk or IM with folks in your own network (remember AOL back in the day?).  Now, Yahoo! Messenger users can IM with Windows Live Messenger (WLM) users, and unified communications platforms like Microsoft Lync can federate with public IM networks, such as the aforementioned Yahoo.

The result when federation goes awry

This is great news for inter-planetary “keeping in touch,” but it also raises issues about security.  Safely connecting to these public IM networks is of paramount concern for folks in charge of IT security.  The old adage, “you never know who’s lurking out there,” couldn’t be more true.  Tasked with ensuring that the security of their enterprise communications and collaboration platforms are airtight, great pains have to be taken to make sure that opening up to public IM networks doesn’t flood the corporate network with malware, worms, viruses, and the like.

This is where granular federation controls come into play.  Being able to control which external parties can communicate with a given organization’s employees, groups, or networks is huge.  Furthermore, it could very well be that a large enterprise has a regulatory duty to separate its business functions or divisions.  Actiance Vantage enables organizations to control communications such that employees are blocked from contacting anyone (including external users) who might be on a blacklist.

This reduces the chances of malware infection, data leakage, and the potential to interact with another person outside of an ethical or regulatory boundary.  It also means that you won’t be at the mercy of another organization’s security policy.  Freedom to federate is great, but as Captain Kirk and his crew could attest to, you gotta be careful who you interact with because not everyone comes in peace.

“Get us out of here, Sulu!  Warp factor 8!”

What to do with IM & UC management post-Quest?

For those who already utilize tracking, monitoring and control solutions for IM and UC infrastructure, it can be a real blow when you find out that your solution isn’t keeping current, or doesn’t plan to in the future.

In this real-time world, ensuring that your solution maintains the security, management and compliance of these real-time solutions is key to ensuring the future of your business. So what happens when your selected solution doesn’t?

Take the announcement from Quest that Policy Authority for UC has come to end of life and end of support at the end of last year. The hard part for customers is going to be pulling the pieces back together. No doubt you’ve transitioned your entire organization onto a specific platform, now only to find that it’s not keeping up to date with industry changes, or your vendor plans to stop development.

What should you do in that situation?

First, you should identify the timing of the change. Do you have three months or 12 months? Understanding your timeline can help you prioritize your next steps.

The next step is identifying a new partner that you can work with. Here are a few things to look for:

–       Customer churn: How many customers have recently left them to work with a different vendor? This can also be indicative of the type of support you may receive

–       Product roadmap: Has it been a while since they’ve deployed a new version of their solution? Do they support capabilities like Group Chat? Are they compliant with Live Meeting? Do they support the new Microsoft Lync Server?  What about IBM Sametime Advanced? Skype?

–       Company’s primary focus: Is security merely a component of their product offerings? Or, is security, management and compliance for the new Internet their primary focus?

–       Social media capabilities: Do they support the big three (Facebook, Twitter and LinkedIn)? What are the specific features for each they offer?

–       Partners: Who do they work with to get their updates? Are they members of industry organizations? Do they partner with platforms so they are the most up to date with new product and feature rollouts?

Why not  – if this affects you, join us on one of our webinars, and look at just how easy it is to move!

If there are any doubts in your mind or issues that arise, it’s important to take a closer look at your relationship with this partner and reconsider the engagement.

In this day and age, it’s too easy to miss one update and find your network compromised. It’s critical to partner with a company who will be dedicated to your organization’s safety and success in real time communications – and who makes it their entire business, so that you don’t have to.

Social Media and Cloud Security, are they on the new Federal CIO’s radar?

Last week, it was announced that Steven VanRoekel would be replacing Vivek Kundra as the CIO at the Office of Management and Budget (OMB).  It’s a high-profile position that essentially puts VanRoekel in charge of the federal government’s IT budget – currently about $80 billion a year.  A tidy sum of money.

So, as VanRoekel assumes his new role, all eyes will be focused on how he handles the projects he’s inheriting from Kundra as well as new initiatives.  Of the former, issues such as data center consolidation and the “cloud” are top-of-mind.  Recently, much of the buzz, both in the government and in the private sector, has revolved around Web 2.0 and social media.  However, they’re just two components of an overall security strategy.

VanRoekel must also take into consideration other types of application that factor into a comprehensive cybersecurity strategy.  These days, hackers are pretty sophisticated and are quite adept at exploiting encrypted traffic to pass along viruses or other types of malware.  For instance, unified communications (UC) platforms, such as Jabber, Microsoft OCS and Lync, and IBM Sametime, all enable federation, which is the ability to communicate with others who are not members of your UC community.  The danger here is federating with outside networks that may present unknown risks, like viruses, hackers, enemies mining for confidential information, etc.

The same analogy holds for the “cloud” initiative.  Cloud computing is all the rage, but there’s no shortage of companies and government agencies that are incredibly leery of turning over key computing processes and applications to the cloud.  Security is almost always the first issue mentioned when talking to skeptics of the cloud.  Multi-tenancy (i.e., sharing physical appliances that have been logically partitioned), data storage off-premises, and the relatively short history of this computing paradigm send shivers down the spines of the most experienced IT practitioners.

With the Internet being a global resource, the potential scope of security breaches is immense.  Sophisticated hackers might reside in the US, China, Russia, Iraq, North Korea; you just never know.  It is under this backdrop that VanRoekel will have to drawn upon his experience in the private and public sectors to devise a strategy addressing all of these security concerns.  A daunting challenge for sure, but absolutely attainable, given today’s technology.

Wouldn’t you agree?

My printer is going out of the window…

Normal
0

false
false
false

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Times New Roman”;
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}

It’s interesting to see that the latest IM worm doing the
rounds on Yahoo and Skype is now using sophisticated social engineering to
deliver its malware payload.    The
NewPhoto Worm uses sophisticated social engineering to trick users into
downloading an archive file called NewPhoto024.jpg.zip. A cleverly crafted
message asks the recipient to check the quality of a photo attachment (“My
printer is about to be thrown through a window if this pic won’t come our
right. You see anything wrong with it?”) or download a similar image.

Anyone who knows me and my recent technological disasters
would more than likely click on that link, as the printer is probably the only
thing that HASN’T gone wrong yet…(I’m mentally crossing everything I own
hoping, I haven’t just jinxed it..), so I’m guessing if you’re connected to me
on Yahoo or Skype and we converse regularly, then you probably will download
the file.

Once the file is downloaded, it executes a hidden executable
file that opens a backdoor named Tofsee, Flot, or Skyhoo, depending on the
antivirus vendor. This new worm is actually able to block antivirus software
from operating properly and uses a rootkit to hide itself. It also adds
malicious links to Microsoft Office files and infects USB removable drives.

Ouch.

So I’m pretty glad that we announced support for Skype
earlier this year – and we’ve been supporting Yahoo for a number of years now, (does
that sound like “I’m alright Jack??”  
Well, what I mean to say, is that if you do get a “call for help” from someone
with regard to their printer, and you’re not protected by FaceTime yet – before
you jump in with both feet, just look before you leap.

Sarah

Welcome to the FaceTime Blog – FaceForward

In a classic case of the “cobbler’s kids” we at FaceTime, who are dedicated to enabling businesses to benefit from Web 2.0 technologies, find ourselves lagging in the adoption of some of those same technologies!

 

In the daily grind of running an emerging company (tracking product milestones, meeting prospects and customers, assuaging investors) it is easy to lose sight of the long term value of real-time communication and collaboration. These technologies help shorten decision cycles, foster better communication – both internal and external – and, as a result, lead to higher sales and lower cost.

 

But, they do require investment. Of time, people and money. Why not wait till later?  Do we really need to do this now?

 

Well, you’re already doing it. Or rather, your user base is already using these tools. In our latest annual Greynet Survey we found that 74% of enterprise end-users were using one or more public instant messaging networks from work.

 

In fact over half of the enterprise users we surveyed were using more than eight Web 2.0 applications (what we call greynets) – IM, P2P, video, etc. – at work. According to the Pew Research Center, fully two thirds of Americans between the ages of 18 – 29 use social networking sites. These are the new workers of today, and they are bringing these tools into the enterprise.

 

While these technologies deliver multiple benefits, they also pose a variety of risks: new channels for malware attacks, unmonitored data leakage, and potential compliance/e-discovery violations.  The challenge for IT managers is how to leverage the benefits of these tools and platforms while securing against myriad risks inherent in their use.

 

That is where FaceTime comes in. Our mission is to enable our customers to leverage the benefits of Web and unified communications by delivering security, management and compliance across the broadest set of enterprise, consumer and Web 2.0 applications.

 

I would love to hear what you are doing with these technologies, what your concerns are and how FaceTime can help you meet them.

 

I look forward to collaborating with you!

 

Kailash