Thursday, February 28, 2013

BYOD: Dear IT, my inbox is flooding with calendar invites what to do?

(Reproduced from blog of i7networks ( with permission)

I am sure you would have heard many such complaints of lately especially when all of us did 6.1 upgrade on our iOS (apple) devices and when we tried to sync up with ActiveSync on our apple mobile devices and sent calendar invites and it flooded everyone’s inbox by sending multiple numerous repeat of the same invites, filled up the the log files, brought down the network/servers especially the exchange server and in many companies hitting the network performance and productivity. This kind of email to employees were not common then

Dear employee,
Exchange traffic eg. emails, calendar appointments etc from an Apple device on 6.1 is spamming and brining down the network. This is a bug in 6.1 and this issue is currently being investigated by Apple/Microsoft. We will provide a further update or a solution as soon as possible. It is suggested that until this issue is resolved all email or calendar appointments be sent using the Outlook client on your pc or Outlook Web Access (OWA). Also it is suggested that not to upgrade to 6.1 until the issue is resolved.
IT Department

(Microsoft just released a KB article that details what we know so far:
Apple has also recently released a support article for this issue:

This happened when you respond to an exception to a recurring calendar event with a Microsoft Exchange account on a device running iOS 6.1, the device may begin to generate excessive communication with Microsoft Exchange Server. You may notice increased network activity or reduced battery life on the iOS device. This extra network activity will be shown in the logs on Exchange Server and it may lead to the server blocking the iOS device. This can occur with iOS 6.1 and Microsoft Exchange 2010 SP1 or later, or Microsoft Exchange Online (Office365).

It was not easy for IT to disable all iphones/ipads running iOS 6.1 individually. Imagine try doing this in companies with few thousands in strengths to few ten of thousands in strength!! Enterprise should have the ability to recognize and discover such devices and/or apps and/or features and a way to disable either all devices in one policy enforcement say based on the OS and its version or by the application or by a particular feature in that application.

Tomorrow is not going to be simple with many more such issues and vulnerabilities going to come out and IT will demand a solution where in selectively non-intrusively can enable or disable certain devices, apps, features and will be very powerful tool to have and will be a must for an enterprise to run smoothly. This is where in such a large scale deployment situation makes sense to have a solution which works agentless non-intrusive way so that the policy control becomes just a checkmark and not wait until the OS vendor or the app vendor releases a patch (in this case apple finally released a patch to resolve this issue, iOS 6.1.2.)

In future IT just cannot send out emails saying saying please don’t upgrade and hope all comply with what is told but need complete control and discovery of all the devices that are plying on the corporate network including information such as OS, OS version, whether the device is compromised or not, jailbroken or rooted, in general the health of the device etc so that in such situations can easily & non-intrusively via policy management can enable/disable/block/allow devices to access.

Manjunath M Gowda
CEO, i7 Networks“Agentless BYOD Discovery & Control”, @i7networks

Friday, February 22, 2013

Mr CIO, BYOD brings Hidden and the Unspoken advantages to your India office

(Reproduced from with permission)

There is consumerization of IT, there is huge productivity gain and so is huge cost savings for the organization as employees are getting their devices (BYOD). All are fine, well understood and there are many articles proving (& disproving the fact)  but there is a twist to this when it comes to India.
India has the usual gains plus as bonus, as in all respects, has some unique gains in BYOD which may not apply to the developed world at all.

Customs-STPI-overseas-No-Tax route
Generally in big organizations, captive centers and MNC offices, all laptops and desktops (and servers and even software) are actually ordered overseas via a route what I call “Customs-STPI-overseas-No-Tax route”. This is how it works. You are usually member of a govt organization called STPI (stands for Software Technology Parks of India) and because govt. encourages software exports ($$$ Dreams) they don’t tax the hardware used to manufacture (or produce or create...use whichever word you want to use) software. So you need to order these laptops overseas and then do a US$ billing and then get the invoice and apply these invoices to STPI for approval and then once approved pass on these to get customs (another govt. department) approval and then send it to the company which ships the laptop and then they ship them to the nearest airport and then customs clearance required where in you submit the documents which were pre-approved by Customs and STPI combo and then after due & thorough verification of papers (not the consignment) the boxes are sent to the ordered address (in this case the company which wanted these laptops) and then apply with STPI informing that the boxes (consignment)  have come, and requesting them to come come and ensure that the consignment is actually what the paper said and what we applied for and once they come (whenever they can as they are also very short staffed and 1000s of companies to deal with) and verify the consignment (a process called bonding) and these laptops/desktops/servers/software etc are ready to use. Wow ...if you were not aware of this, probably you are already sweating.

To do all these there is a separate department of shipping and handling in the company and they won’t work directly with the Govt agencies (do you know why? Send me an email and I will buy something may be a book via amazon or flipkart for the first 3 right answers) but they use clearing and forwarding agencies whose rates are exorbitant (again, do you know why? :-)) and by the time all these are done and the time consumed, the cost expensed and the whole process can make anyone (not used to these) really sick. Of Course this elaborate process employs many and very profitable for few middlemen and some few for obvious reasons.

Imagine this process say used for probably some 10,000+ companies may be with average size of the company to be 400+. The number will be astronomical and we don't know who all losing the it the govt. (because no tax) or is it the company by paying quite a huge sun to get these laptops here or may be both, and worse the lost time (& hence lost opportunity cost)  and hence lost productivity due to it.
Now imagine the laptop becomes dated and old and has to be removed from service. You guessed it right...pretty much the same procedure to be done in the reverse order :-) Apply, approval, send it back or donate...again all sorts of checking from Customs and got it!!

The BYOD and the Cloud Effect

Now imagine what happens if BYOD (& Cloud services) comes to India in its true sense....huge savings to the company and huge cost cutting as your don't need the specialized customized shipping and logistics department and you don't need those middlemen charging hefty fees and you don't need those red tapism. What a huge time and cost savings and what huge gain in productivity. Just the cost savings will be good enough to subsidize employee buying his/her own device and these cost saved a % of it, can be ploughed back to provide very good security because of enabling BYOD in the organization. (Guess i7’s peregrine guard and its integration with AD and EAS will provide complete BYOD security and you are done :-)

Another Dimension!!
If this is all w.r.t process and cost and savings etc, there is another dimension to this BYOD story which works well in India.
Most employees commute in company provided transport or if you are rich and lucky, chauffeur driven car. It takes approximately 2 hr each way which totals to 4 hrs per day just in the traffic and if BYOD is implemented in its truest sense, additional 4 hours of work at almost no cost (other that data cost..but did you know that there are already solutions coming to provide wifi access in the company vans and busses and paid by the companies)

Volla - seems like BYOD is made for India only :-)

Manjunath M Gowda
CEO, i7 NetworksAgentless BYOD Control”, @i7networks

Sunday, February 10, 2013

Your Device is Watching You!!!

You will be surprised to find out that your own smart device is watching you more than you had ever thought. Worse, the apps on them are actually selling your personal information for the highest bidder. Still worse, if you are part of the BYOD program at your organization, your company data may be under corporate espionage – watch out enterprises!! Finally let’s look into what can be done to prevent such privacy intrusion issues and what does the law say.

 Manjunath M Gowda
CEO, i7 NetworksAgentless BYOD Control”, @i7networks

Sunday, February 3, 2013

Blog: Why device (BYOD) based differential access is required in the organization?

Here is the CIO of the Indian outfit of a US based manufacturing company and they do lot of software development here and all of it is proprietary code and forms the IP of the company. He says that he has a clear policy on BYOD and it is simple one: “just allow it connect onto the corporate network and is no different from connecting via laptop”. I was shocked and here is why…..

His is a typical organization using Microsoft AD for authentication and MS Exchange ActiveSync (EAS) for email synchronization. Uses EAS to detect all smart devices that are plying on the network and his argument was that I know all the devices that are on the corporate network any given time (via EAS). This was the “rebuking his theory” time for me and to show how to bypass this security. Real quick an AD test account was created for me and I used my new iPad to connect to AD for login and to connect to EAS for email download and his expectation was I would login and immediately connect to EAS so that he has complete details of the device and what I did was didn’t even go to the emails and completely bypassed exchange and mail server and started accessing intranet and including accessing his source repository!! He now has an unauthorized device accessing his source repository from an authorized user but his EAS has no info of that device!!!

 Manjunath M Gowda
CEO, i7 NetworksAgentless BYOD Control”, @i7networks