Darin Stahl
Darin Stahl
Principal Consulting Analyst
Info-Tech Research Group

A Business Continuity Plan (BCP) is a complex project that touches all aspects of the organization, and yet often has few or no dedicated resources. It’s work that you hope to get done in between other projects, or at home at night after the kids go to bed. It’s no surprise so many organizations struggle with BCP.

Please join me and subject matter experts on Thursday, April 24, at 4 p.m. EDT for a webinar “Developing a Business Continuity Plan: Should it be IT or the Business?” Project ownership is just one of the challenges of Business Continuity Planning we’ll be discussing in this webinar.

Go here to register for this Webinar
(Video replay will be available at this link after the event)

Info-Tech Research Group webinars occur during the early weeks of our research projects. Attendees will weigh-in on several key polls and will be able to pose questions to the group.We want to work closely with our members and potential members as we build out our research to ensure we are thoroughly meeting your needs.

 

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

alertBy now, you’ve likely heard that a serious vulnerability has been reported in the commonly-deployed OpenSSL cryptographic library.  The bug puts widespread SSL/TLS encryption at risk of failing to properly protect encrypted data, potentially exposing usernames and passwords and other content transferred over the encrypted link.

This is a serious matter, being addressed as an emergency by IT professionals around the world.  A few questions you may be asking yourself include:

  • As a provider of IT services, is the security of any of those services at risk due to the bug?
  • As a consumer of IT services (or from your customers’ perspective), is any information at risk due to the bug?
  • What can and should I do in either of these cases?

From the IT service provider standpoint, the answer is (unfortunately) probably a yes – more than 2/3 of all internet-facing websites run on a platform that includes the OpenSSL library, and then there are all the internal-facing web services.  Suffice it to say that this is a serious matter, and is worth every organization investigating further.

Organizations should read the material available at heartbleed.com to understand the problem in greater depth.  After confirming the state of OpenSSL usage within the organization, and checking to see if the version used in each case is affected by the bug, “[r]ecovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys.”

From a pragmatic standpoint, Info-Tech advises focusing on externally-facing services (e.g., web servers, mail servers, SSL VPN services, etc.) first, as those are potentially at risk from an external attack.  Once these have been remediated, focus can turn to the inside of the organization, where risks may crop up from web management consoles of a myriad of devices including network components, printers, and more.

From the IT consumer standpoint, the answer is again an unfortunate yes.  Many commonly-used social media sites and consumer-focused applications (such as e-banking) were subject to the vulnerability, and there’s no way to determine whether or not the vulnerability was exploited.  As such, once the services have been fixed, it is necessary for consumers of each service to change passwords in order to ensure that any data that might have been exposed is no longer accessible to an attacker.

Info-Tech advises individuals to take a look at The Heartbleed Hit List: The Passwords You Need to Change Right Now to determine the status of their favorite sites, and Info-Tech further advises organizations that have been affected to inform their customers and users that a change of password is warranted – again, after the vulnerability has been patched and potentially compromised SSL/TLS certificates have been replaced.

Finally, individuals should consider their password management practices more generally.  If, for example, someone used the same password for Tumblr (one of many at-risk sites that have since remediated the vulnerability) as they use for online banking or internal network access, it is possible that an attacker has already sniffed out that password.  As such, Info-Tech recommends changing any passwords that were the same as any affected services, as well as recommending a better general practice of avoiding re-use of passwords that grant access into sensitive applications or systems.

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter
Mike Battista
Mike Battista
Senior Consulting Analyst
Info-Tech Research Group

The mobile landscape supporting enterprises is constantly changing. It is more important than ever to determine whether our current mobile platform mix can adequately support our business goals.

We are facing the introduction of new mobile devices available on different platforms on a daily basis. Mobile platforms themselves are constantly evolving causing a shift in usage patterns in the workplace.

Please join me and a panel of subject matter experts on Thursday April 17, 2014 for a Webinar on “Switching Mobile Platforms: Do You Have An Exit Strategy?” We  will discuss assessing your need to switch platforms, the extent of switch necessary, and developing a successful plan for switching.

Register Here for “Switching Mobile Platforms: Do You Have An Exit Strategy?”
(Video replay will be available at this link following the Webinar)

Infrastructure managers are worried that they will be forced to abandon a mobile platform (such as BlackBerry) because it no longer meets their organization’s needs. Take back control and formulate an exit plan.

Info-Tech Research Group webinars occur during the early weeks of our research projects. Attendees will weigh-in on several key polls and will be able to pose questions to the group.We want to work closely with our members and potential members as we build out our research to ensure we are thoroughly meeting your needs.

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter
Horizon6 workspace
Citrix has long been a proponent of the three any’s for workforce computing – any application, accessed any where, from any device. With Horizon 6 VMware is preaching the same mantra.

With Horizon 6 VMware could pull ahead of rival Citrix in the desktop virtualizaton race and, if so, they’ll do it taking pages from the Citrix playbook.

VMware announced Horizon 6 (formerly known as View and before that VMware VDI) on April 9. The words comprehensive and integrated are almost an understatement when it comes to Horizon 6. Here are a few of the new capabilities (for VMware) that Horizon is bringing to the table:

  • Delivery of published applications and virtual desktops through a single platform. The big thing here is the integration of application access to Microsoft remote desktop services (formerly known as terminal services). This has been Citrix’s bread and better for years (from Metaframe, to Presentation Server, to XenApp). Through integration with Microsoft APIs Horizon will provide access to “published Windows applications, RDS-based desktops and virtual desktops across devices and locations”.
  • Single Workspace Access to Everything. End users will have a unified workspace and single sign on access to applications — server hosted applicaitons, virtual container applications, Web applications,  SaaS applicaitons and “published application from third party platforms such as Citrix XenApp”.  This too is an area where Citrix has been leading.
  • Integration with VMware Virtual SAN. As the name implies, Virtual SAN pools direct attached local storage to appear to VMs as a shared storage array. SAN storage has been a cost driver for VDI. With integrated management of Virtual SAN in Horizon it will be easier to create lower cost VDI-in-a-box solutions where a server or cluster of servers use local storage, lowering the per desktop costs of VDI.
  • Central Image Management. Since VMware acquired Wanova in 2012 we’ve anticipate the integration of the image management across physical and virtual desktops. This is a sort of holy grail, if you can centrally manage desktop images across physical and virtual you can further streamline management (rather than have on discipline for the native running PCs and another for the virtual world). VMware says that through the updated VMware Mirage it will be possible to do just that.
  • Cloud Desktop as a Service Delivery. Another promising acquisition by VMware has been DaaS provider Desktone. Horizon 6  offers a client that connects to virtual desktops and applicaitons running in your data center but also on the VMware vCloud Hybrid Services cloud and various service provider partner clouds that run vCloud.

Desktop Virtualization is more than just VDI (virtual desktop infrastructure) but rather all aspects of workforce computing where the end user accesses an application or service that is not running native on the access device. This has been the mantra of Citrix for years. Yes, there is hosting and remote access of virtual PCs running on servers, but there is also traditional server hosted applications and virtualized streamed applications as well as SaaS and Web applicaitons and the rapidly growing mobile applications and services (such as cloud file sharing).

Info-Tech has taken this broader view into account in our annual desktop virtualization vendor landscape. Citrix has always scored very well on comprehensiveness measures. Citrix has also traditionally painted VMware as a one trick pony, mainly focused on the VDI use case with some minor keys in application virtualization and file sharing. If all of the above are successfully executed when Horizon 6 becomes available in the second quarter of 2014, Citrix will no longer be able to make that kind of differentiation. The addition of Airwatch to the VMware portfolio will also challenge in mobility management.

Where is desktop virtualizaiton going? Both Citrix and VMware are staking their ground for the dawning post-PC mobile cloud era. For more on what you need to do to move workforce computing forward in this era, see the Info-Tech project sets:

Also see these previous analyst posts:

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter
Christina Hall
Christina Hall is Info-Tech’s Product and Communications Manager.

We know what we’re talking about. For Info-Tech’s Vendor Landscape research products we speak with a lot of companies, and spend thousands of hours researching products, so that we can help you make the right decision.

Vendor briefings are the heart and soul of the Vendor Landscape research project. Every year we call on hundreds of vendors for briefings on their products and strategic roadmaps. In 2013, we reached out to 418 vendors to participate in 43 Vendor Landscapes. We want to make sure our clients are reading the most accurate information possible.

Top10vendors
The Top 10 vendors by inclusion in Info-Tech Vendor Landscapes. We reach out to dozens of vendors annually for these projects.

Vendor Landscapes are Info-Tech’s vendor research reports that take a look at the top 8-10 products in a certain market space. The research walks you through where the market is sitting at the moment, what’s to come, what features are available, and where certain vendors rank based on our default criteria.

Click the images below to see the full infographics for just three of our recent Vendor Landscape reports:

VL_Midsize_to_EESA_thumb VL-Mid-market-PPM_thumb VL_Cloud_Management_thumb

We know that every company looking to purchase a solution has a different use case, so we also have a tool that helps you choose which features matter most to you, and rank vendors based on your own unique use case.

Briefings for Vendor Landscape reports are only part of our coverage story. Analysts often brief with major vendors for regular updates, introductions and expert interviews. Major vendors often reach out to us to participate in analyst briefing events.  This all adds a lot more conversations to the table.

To get full benefit of our vendor intelligence, you can talk with our analysts directly by booking a series of Guided Implementation calls. Speak one-on-one with an analyst and receive help identifying your use case, defining your requirements and choosing your vendor. Imagine how much time that would shave off creating an RFP!

For more on our Vendor Landscapes see the following:

Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter