Tuesday, June 25, 2013

BYOD Behavior - Size Does Matter

Not the device's but your behavior.  Harvard Business School researchers wanted to determine if the type of device people use changes how they act around other people.  Does device size affect assertiveness?  Does interacting with a device of a certain size, affect how you behave afterword?  Or, Is Your iPhone turning you into a Wimp?

If you just can't stand the suspense, in a word, Yes.

Many of us are aware that body language can communicate so much more than words.  If you watch (and can understand) people's body language, you can learn much more than just what they are saying.  Are they uncomfortable or are they hiding something.  Are they imagining something or recalling from memory.  You might have even heard of micro-expressions - those little head scrunches, slight eye squint or a tight jaw that sends a message. In addition, by adopting certain postures, body chemistry and behavior can be affected.  For example, standing over someone's desk with arms wide, generally brings more assertiveness than sitting across with arms and legs crossed.  So how about our posture while using a mobile device since we spend an average of 58 minutes per day our smartphones?  Would it then make sense that a larger (arms wide) screen person would be more assertive than someone using a smaller (arms crossed) screen?

Apparently so.

The study, 'iPosture: The Size of Electronic Consumer Devices Affects Our Behavior,' looked at how the body posture inherent in operating everyday gadgets affects not only your body, but also your demeanor.  It showed that working on a relatively large machine (like a desktop computer) causes users to act more assertively than working on a small one (like an iPod).

The researchers asked participants to perform randomly assigned tasks on one of four different sized devices: iPod Touch, iPad, MacBook Pro Laptop or iMac Desktop.  They answered a survey, played a gambling game and a few other tasks and when they were done, the researcher told them, 'I will get some forms ready for you to sign so I can pay you and you can leave. If I am not here in five minutes, please come get me at the front desk.'  Instead of retuning on time, the researches waited at least 10 minutes and noted if/when a participant came to the front desk.

The participant's device size greatly affected who made the move to the front.  Of the participants using a desktop computer, 94% took the initiative to fetch the researcher but those using the iPod Touch, only 50% left the room.  And among those who did leave the room, the device size seemed to affect the amount of time they waited to take action. The bigger the device, the shorter the wait time.  On average, desktop users waited 341 seconds before fetching the experimenter, while iPod Touch users waited an average of 493 seconds.

According to the researchers, the results indicate that expansive body postures lead to power-related behaviors, even in cases where the posture is incidentally induced by the size of the gadget or computer.

So what does all this 'human behavior' stuff mean for BYOD?  Not really sure but fun to think about it.  Will those seeking advancement in the workplace, gravitate toward tablets?  Does offering a larger device to a normally shy worker bring out their assertiveness?  Do you have the annoying know-it-all use the smallest screen possible?  Might be interesting to look around the office and what devices employees use to see if the study results match your work environment.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Monday, June 24, 2013

In 5 Minutes or Less - PCoIP Proxy for VMware Horizon View

In this special Contestant Edition of In 5 Minutes or Less, I welcome Paul Pindell, F5 Solution Architect, to be the first contestant to see if he can beat the clock. Paul shows how to configure BIG-IP APM to natively support VMware's PCoIP for the Horizon View Client.

BIG-IP APM offers full proxy support for PC-over-IP (PCoIP) protocol. F5 is the first to provide this functionality which allows organizations to simplify their VMware Horizon View architectures. Combining PCoIP proxy with the power of the BIG-IP platform delivers hardened security and increased scalability for end-user computing. In addition to PCoIP, F5 supports a number of other VDI solutions, giving customers flexibility in designing and deploying their network infrastructure.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Friday, June 21, 2013

Inside Look - PCoIP Proxy for VMware Horizon View

I sit down with F5 Solution Architect Paul Pindell to get an inside look at BIG-IP's native support for VMware's PCoIP protocol.  He reviews the architecture, business value and gives a great demo on how to configure BIG-IP.

BIG-IP APM offers full proxy support for PC-over-IP (PCoIP), a leading virtual desktop infrastructure (VDI) protocol.  F5 is the first to provide this functionality which allows organizations to simplify their VMware Horizon View architectures.  Combining PCoIP proxy with the power of the BIG-IP platform delivers hardened security and increased scalability for end-user computing.  In addition to PCoIP, F5 supports a number of other VDI solutions, giving customers flexibility in designing and deploying their network infrastructure.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, June 18, 2013

Is 2013 Half Empty or Half Full?

It certainly has been a wild ride thus far for 2013 as we head into the second half.  Breaches, hacks, exposures, leaks, along with things like BYOD and SDN should make the next 6 months interesting.  From the many headlines in 2012, you'd think organizations would be locked down tight but alas, intruders are still kicking a$$ and taking names...literally.

Media and news organizations, like the New York Times and Wall Street Journal, experienced data breaches due to spear fishing and malware.  According to various news articles, certain journalists were targeted based on their story coverage but more interesting to me is the fact that the anti-virus along with the IPS/IDS in place failed to catch the malware.  Unless there is a signature in place for a known piece of evil code, that demon will make it's way through.

Financial institutions up to and including the Federal Reserve were breached.  While many bank hacks are driven by monetary gain, sometimes they are the targets of political activists.  Humans are very passionate about their beliefs and like to express those feelings.  There have always been protesters and activists - some write letters, some picket on the sidewalk, some throw rocks and with the advent of the internet, now you can protest by creating digital havoc.  Instead of hoping that people boycott a particular entity, you can simply take it out yourself so no one can get to the site. 

Social media networks continue to feel the heat from breaches.  Many social media sites are now deploying two-factor authentication to help reduce password exposures and increase verification checks.  Many news stories have talked about password usage and it's good that two factor is being deployed...but,in many cases, it is only after the bad news hits the media.  Why wait?

To help organizations understand the various web threats, OWASP has released their Top 10 for 2013 (with changes from 2010 Edition):

  • A1 Injection
  • A2 Broken Authentication and Session Management (was formerly 2010-A3)
  • A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
  • A4 Insecure Direct Object References
  • A5 Security Misconfiguration (was formerly 2010-A6)
  • A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
  • A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
  • A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
  • A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
  • A10 Unvalidated Redirects and Forwards

Along with their Top 10 Mobile Risks:

These are guides to help organizations understand the threats but always make sure you understand you own risks and focus on mitigating those first whether they are on the OWASP Top 10 or not.  Then make sure you're covered on the rest.

So far, 2013 has been full of breaches that empties an organization's information.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Tuesday, June 11, 2013

Small Business is a Big Target

If you think that small businesses are not an enticing enough target to breach, think again.  While the media has certainly upped it's coverage over the last couple years pertaining to data loss, many of the headlines involved global brands and tens of thousands records...not the corner deli, the mom/pop shop or the new start up.  Yet a couple of recent reports show that small businesses and start-ups are prime targets for data loss.

The annual, chuck full of stats, Verizon Data Breach Report noted that of the 621 confirmed data breaches, almost half happened at companies with less than 1000 employees and almost 200 at companies with less than 100 employees.  A Symantec report echoed the finding.  In theirs, small businesses with less than 250 employees accounted for 31% of the attacks in 2012, up 18% from 2011.  Symantec also notes that start-ups are especially vulnerable in the early going.

Why are these groups targets?

They have valuable data - intellectual property, financial information, digital identities - but may not have the resources to properly protect that data.  Many large, global companies have beefed up their security in fear of becoming the next headline in a major newspaper.  Thieves usually go after the easiest target - those with limited resources to protect against such an attack.  Thieves may also infiltrate a smaller organization to jump on a global network if a partnership is in place. Take out the villages before entering the capital.  In a start-up's situation, as they quickly launch, employees may be enticed to click a malicious link in an email...which then spreads.  Most startups get infected with malware within the first year.

From marketing organizations to cleaning products to credit repair services, here are some stories of how cyber attacks almost destroyed 5 small businesses.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, June 5, 2013

TechEd2013 – Gimme 90 Seconds Betcha Didn’t Know Edition (feat. Simpson)

The coolest trade show game show is back! F5 Business Development Manager Phil Simpson tests his F5 knowledge in this special ‘Betcha Didn’t Know’ Edition. When people hear of the many BIG-IP capabilities their response is often, ‘I didn’t know you could do that!’ Let’s see if Phil can win the limited edition psilva autographed F5 ball by sharing some unique BIG-IP features that you may not have known about. These are always fun.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

TechEd2013 – NVGRE with Microsoft’s System Center 2012 VMM (feat. Korock)

After resisting for over 3 years, F5 Technical Director Ryan Korock finally joins me on camera to discuss the new NVGRE solution. This new solution—along with F5’s broader solution set—aims to help customers assure reliable performance regardless of how individual organizations choose to architect their systems. Through integration with Microsoft’s System Center 2012 Virtual Machine Manager, the F5 solution will dynamically serve as a bridge between customers’ virtualized and non-virtualized environments. F5 solutions can augment Windows Server 2012 Hyper-V Network Virtualization environments, providing notable benefits for organizations deploying Microsoft and F5 technologies in concert, including cloud and service providers.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]