- Cloud Essentials
- Software as a Service
- Accounting / Financial
- Asset Management
- Business Intelligence
- Business Process Management
- Compliance & Risk Management
- Content Management
- Document Management
- Help Desk Management
- IT / Application Management
- Project Management
- Transportation & Logistics
- Infrastructure as a Service
- Platform as a Service
How cloud brings smoother remote working to organisations
There's plenty of demand for mobile computing within the workplace - what role does cloud have to play?
Back in the day, remote access to systems and applications was something you did reluctantly.
If you were really high-tech you'd have an ISDN-based dial-up server such as a Shiva LANRover D56, which provided you with (gasp) 56Kbit/s dial-up speeds to download your email and perhaps transfer a file or two between the office and your remote device. Even early VPN installations were speed-limited, because Internet dial-up speeds were low and links were expensive.
These days mobile computing is the order of the day. We have cellular data rates upwards of 10Mbit/s, costing a few tens of pounds a month, and we expect to be able to do as much on the move as we would in the office. This presents us with a new challenge – to make our users' experience of mobile computing as similar as possible to their office experience.
How can we do this with the cloud?
Depends where your applications are based. The fundamental principle of mobile computing is to put your user as close as practicable to the application instance and the data it works with. In a traditional world where everything was in-house the trick was to have remote access servers around the world and to ensure your users connected – either manually or automatically - to whichever was closer. Where you have apps in the cloud, however, you want to be able to connect your user to the closest instance of each of your cloud applications.
First off, unless you have no in-house applications whatsoever (which is unlikely) you'll need a mechanism for connecting your devices to your network.
1. Company BlackBerry handsets
BlackBerry devices are generally a special case, thanks entirely to the way in which they work – specifically the fact that they connect to the world not just through your mobile service provider's network but through Research In Motion's (RIM's) network too. Providing your users with data services to their BlackBerry devices requires a BlackBerry service, and you can do this internally using an in-house BlackBerry Enterprise Server or using a service provider's hosted offering. Unless you have a particular desire to host a BES internally (and remember, it can be costly to implement a properly resilient one yourself) why not consider the provider's hosted alternative – not least because service providers may have partnerships (or simply large owned networks) that allow the handsets to access an entry point to the network much closer to the user than your own Internet connection.
2. Other company smartphones
Other types of smartphone aren't quite so simple to support as BlackBerry handsets in the context of securing them for corporate use (which includes remote access to the company network) but in the last couple of years life has become significantly sweeter in this respect thanks to a number of companies producing software packages for tightening them up and making them secure. Good Technology and Mobile Iron are two promising vendors whose brochures have landed on my desk lately, but it's a rapidly expanding industry.
Of course, the risks and drawbacks of implementing your own platform are hardly different from those of doing BlackBerry integration yourself, and so it's no surprise that the managed alternatives are popping up like spring daffodils (my AT&T account manager in the US started looking very keen just recently, for instance, when I happened to ask how they might be able to help me should I want to hang some iPhones off my network).
3. Company PCs
With modern developments, company PCs are becoming something of an enigma when it comes to implementing remote access. This is because those nice chaps at Microsoft have come up with a funky concept called Direct Access, which is basically a native VPN platform that's built into Windows 7 and is completely seamless for the user.
The problem is, it's still in its infancy and it can be highly complex (= expensive) to configure in order that it can attach to the most nearby of your perimeter remote access servers – and in a world where you want your home user to connect direct o a cloud application without going via the office, one initially wonders about the usefulness of an OS feature that invisibly links you to the office the moment you start up and log in!
Like most VPN systems, though, DA can be configured to work in one of two ways, one of which is called “split tunnelling”. Rather than forcing everything over the VPN, with ST connections to devices on your corporate network go over the VPN and connections to other systems (Internet sites or, more relevantly to our discussion, cloud application instances) go directly over the Internet.
This is, of course, far more efficient for cloud apps as the users are going directly to the nearest application instance on the Internet. The problem is protecting your corporate PCs from the perils of unbridled Internet access – specifically viruses and other malware – which means that your security auditors will tend to have kittens when they see you're using this approach. Thankfully the likes of WebSense and their peers in malware protection now provide agent add-ons that enable your corporate PCs to protect themselves when remote in precisely the same way they're protected when in the office.
4. Personal devices
Personal devices are a big no-no when connecting to any corporate network or native cloud application, since they cannot by their very nature be secured and protected against malware by your corporate policy and/or software.
What you can do, however, is to provide them with a window into both the LAN and the cloud implementation – so instead of running the app natively they will instead run a client app (the Citrix Receiver is an example) whereby the user I/O happens on the user's personal device but the processing runs on a secure, hosted server. In reality this isn't that much different from the portal-based services that have been on offer for years from Citrix, and more recently from Microsoft's Unified Access Gateway (part of which is Direct Access, and part of which is a portal-based service for clients that aren't Windows 7).
Security for Cloud applications
Dealing with the security (= authentication) of users for in-house applications is relatively straightforward, since the majority of VPN offerings will integrate quite happily with your own directory service.
In a cloud scenario, though, you have to be a little thoughtful about how to authenticate your users – after all, you don't want to force them through your office VPN service just for the sake of guaranteeing who they are.
The trick is to integrate your cloud service with your in-house directory service so that when the client connects to the cloud service, the cloud infrastructure is able to verify your credentials. Some services, such as Microsoft's Office365, use Active Directory Federation Services (quelle surprise, given that it's a Microsoft service!). Others, such as WebSense's Cloud service, use a proprietary equivalent. Whatever the case the principle is the same: a highly encrypted copy of your user database is stored by the cloud service (and updated frequently) to enable your users and computers to be authenticated when they connect.