alt tag

Posts from September, 2015

What You Don’t Know CAN Hurt You: The Dangers of Shadow IT

Friday, September 18th, 2015


Last spring, Hillary Clinton received a barrage of criticism after it was revealed that she used a private email server during her tenure as Secretary of State—seemingly at odds with government security protocols, if not federal laws. Clinton would go on to publicly dismiss the controversy, saying she simply preferred the convenience of carrying a single mobile device for her government and personal email accounts.

We’ll leave speculation about Clinton’s IT motives to other forums. But everyone can agree the Hillary email controversy is a perfect example of what is commonly termed shadow IT: employees and departments acquiring and using devices, software, or online services to solve a specific business need, without their IT department’s guidance, approval, or even knowledge.

BYOD Gone Bad

Think of shadow IT as the dark side of BYOD, which we discussed last time. With so much intuitive technology available to the consumer market (from mobile gadgets to Cloud-based apps), it’s easy for the not-so-tech-savvy to think they’ve stumbled upon an easier way to get their work done. The only problem is that when IT administrators are left “out of the loop,” unchecked shadow IT can open the door to multiple risks—from improper software licensing to network compatibility issues to an all-out security breach.

Can these vulnerabilities be avoided by simply imposing an arbitrary “no shadow IT” policy? Of course not.

The underlying cause of shadow IT is a rigid IT department which is reluctant to accept change. When employees are not offered better solutions, they’ll seek out their own.

Out of the Shadows

Shadow IT can be minimized when the IT team sheds its “watchdog” mentality in favor of a collaborative, win-win relationship with the rest of the company:

  • Address employees’ high-priority IT requests as soon as possible. Streamline evaluation/procurement processes to remove roadblocks to new solutions.
  • Keep an open mind to out-of-the-box ideas. Don’t shoot down a suggestion by replying, “We can’t do it that way… because that’s not the way we do it.”
  • Regularly share information about emerging security threats—and how to avoid them.
  • Reinforce the importance of following data compliance regulations, where applicable.
  • Stay ahead of the game by following the latest IT trends and suggesting cutting-edge solutions.
  • Stress the practicality of centralized IT operations as opposed to individuals “doing their own thing.”

Effective two-way communication is the ultimate defense against shadow IT. At MPA Networks, we’ve found that this proactive approach has worked wonders for customers who’ve felt bogged down by an unresponsive IT department. Employees are less inclined to look for outside solutions—and ultimately become more productive—when they feel they’re simply being listened to.

BYOD Is Here: Where’s Your Company Policy?

Friday, September 11th, 2015

Best IT blog on setting policies for bring your own device mobile usage by company employees.

Once upon a time, IT administrators offered company-issued hardware to employees based upon something akin to Henry Ford’s “Model T” approach: “You can have any equipment you want, as long as it’s whatever we have for you.”

In light of the mobile/Wi-Fi revolution over the past few years, times have changed. Many employees now prefer to rely upon their personal notebook, tablet, or smartphone to do business. In fact, some companies actually offer a stipend to employees to purchase their own mobile device—whether it means waiting in line to grab the latest generation of that trendy high-end gadget or choosing a cost-conscious off-the-shelf workhorse from a lesser-known brand.

This trend has been recognized as the “consumerization” of IT, or more informally as bring-your-own-device (BYOD).

The BYOD Advantage…

Allowing employees the option of bringing their own mobile devices to work offers several advantages:

  • The company bears less of the cost associated with purchasing new hardware, or letting unused surplus equipment take up space.
  • Employees who use their preferred personal devices—in the office or when telecommuting—experience higher overall productivity, while eliminating the redundancy of carrying both the “work” phone and personal phone.
  • Managers avoid that (usually awkward) experience of retrieving “company property” from an employee on their last day on the job.

…And the Drawbacks

With new mobile devices constantly entering the market (will the smartwatch catch on or fail?), BYOD is part of the modern workplace. But it opens a whole slew of legal grey areas, chiefly revolving around the privacy of employees’ personal content vs. the security of sensitive—if not legally protected—company data. Which work-related content created on an employee’s personal device belongs solely to the company? Companies of all sizes need a formal BYOD policy to tightly regulate the use of personal gadgets on the job.

A BYOD policy is unique to the needs of every company. Avoid “cookie-cutter” legal templates which became outdated yesterday. For your protection, craft a policy which clearly spells out key areas, including:

  • Which devices are permissible (laptops, tablets, smartphones)
  • Standardized anti-virus protection and other necessary security
  • Allowable/prohibited apps
  • Acceptable wireless connectivity (LAN, VPN, public Wi-Fi)
  • How/when/where mobile data is backed up
  • Which cloud applications are accessible (email, calendar, file sharing, and more)

Lastly, every personal mobile device can be lost or stolen at any time. No BYOD framework can be without a universal “kill switch” to immediately wipe company data from a device’s memory. There are several commercial apps available which will reliably do this.

BYOD in your company is inevitable. Embrace it, but protect yourself with a solid, comprehensive policy. Don’t know where to begin? We can help.

IPv6: Heard of it? You Will…

Friday, September 4th, 2015


In our ever-expanding universe of high-tech acronyms, perhaps one you’ve recently heard is IPv6. What exactly is it? Why do some IT people embrace it as the foundation of a “new Internet,” while the mere mention of it gives others an instant headache?

First, think back to the “good old days” decades ago here in California, when the DMV issued license plates with three numbers and three letters (“SAM 123”). There were always plenty of number combinations available… until there were so many new cars clogging our freeways that the state began running out of numbers and added an extra digit.


Similarly, what would become the “World Wide Web” was designed around every computer’s own virtual “license plate”—an individual IP address which enables it to talk with other computers. The original number of IP address combinations available—about 4.3 billion—was plenty for the computers of government facilities and college campuses, and then businesses and homes. But with the rise of mobile devices and online connectivity in everything from stoplights to air conditioners, the number of Internet-connected devices around the world now exceeds the number of humans alive! The Internet was running out of addresses, and change was inevitable.


This led to the development of IPv6 (Internet Protocol version 6). Officially deployed in June 2012, it’s intended to replace (eventually) the current protocol—the numerically obsolete IPv4.

The biggest difference with IPv6 is every new device is now assigned a longer, heavily encoded 128-bit IP address, compared to the 32-bit addresses of IPv4.

The result? Enough unique IP addresses (340 undecillion, or “trillion trillion trillion”), to last far beyond the needs of our great-grandkids’ grandkids.

In the meantime, our generation’s migration to IPv6 hasn’t been without growing pains. An IPv4 infrastructure is not inherently interoperable with IPv6. While newer hardware can be expected to be IPv6-compatible, older, IPv4-based equipment—routers, switches, security devices, printers, photocopiers, and more—may retain limited functionality or expose glaring security flaws requiring hefty upgrades. Despite promises of faster traffic and stronger security, some IT managers actually prefer to “remain in the past” by manually disabling IPv6 on their networks—even though Cisco and Microsoft strongly advise against it.

The most common solution for a smooth IPv6 transition is a dual stack protocol, where local servers and routers operate in both IPv4 and IPv6 simultaneously. This ensures a hassle-free maximum lifespan for any piece of hardware. As the number of 32-bit addresses continues to rapidly dwindle away, we may see the day when the remaining IPv4 internetworking is officially shut off forever. It’s never too early to plan ahead.

How “future-proof” is your company’s network against IPv6 and other changes on the horizon? Contact us for a complimentary assessment.