commonIT

Hot on the heels of Virtual Browser version 1.2, version 1.3 is now ready for release. Why are we introducing two versions at so close together? Well, it’s part of an ambitious product roadmap which leads up to a full rollover to version 2.0 during Q1 2010. Regular intermediate releases help keep us focused, while fulfilling customer and partner expectations in terms of fast time-to-market for new features and functionality.

Virtual Browser release 1.3 delivers support for transparent authentication modes so that, for example, user authentication for Virtual Browser sessions can be based on Windows logon credentials. On the server side, Virtual Browser can now integrate ICA and RDP clients, opening up a whole new range of possibilities for enterprise deployments.

Looking ahead, the objective is to position Virtual Browser as the universal client for the Cloud Computing era. For the enterprise moving to Cloud-based solutions, Virtual Browser offers a single, centralized point of control for multi-platform access to any web-enabled or virtualized application, wherever it’s hosted. By integrating support for ICA and RDP clients on the Virtual Browser server, end users can access web applications and Citrix or TSE applications through a single, secure, multiplatform browser interface.

CommonIT is growing fast. Less than a year after we opened for business, we’ve outgrown our original offices and so from today we’ve moved half a mile across Lyon to more spacious accommodation. Our new offices, at 22 Rue Constantine in Lyon’s 1st arondissement, are next door to the Museum of Fine Arts and a short walk across the Place des Terreaux from City Hall.

We’ll have space for our expanding team (currently 10 people), and the new offices also offer better facilities for meetings with customers and partners — and for our training sessions, the next of which takes place on December 17th (at the new address).

Visit the web site for full contact details.

Details of a new vulnerability in IE6 and IE7 were published on the internet at the beginning of last week, before Microsoft was aware of the problem. Microsoft has issued a security advisory but has yet to announce an update to correct the problem. Like previous vulnerabilities (see here and here), recommended workarounds and protection measures place heavy (unrealistic?) demands on users, and the risks remain high — an attacker can inherit the user’s access rights on the attacked machine. IE6 and IE7 are still the most widely used browsers on enterprise networks.

It’s worth remembering that even the most well-informed users can fall victim to a web-based attack. It happened to well-known security expert Gadri Evron, who unwittingly helped propagate a worm on Facebook. While Facebook reacted quickly to the attack, it’s interesting to note the propagation method was based on clickjacking rather than on XSRF as some early blog posts said.

Just a month after the release of version 1.1, version 1.2 of the Virtual Browser server component is ready for deployment.

The latest release offers improved performance, but more importantly for enterprise deployments multi-server support means that high availability and load balancing features are now available. It’s also possible to configure individual web sessions so that they are isolated on separate physical servers, optimizing network topologies and performance and further reinforcing application security.

Eagerly awaited by our most demanding users, these new features guarantee continuity of service for Virtual Browser end-users independently of the failsafe mechanisms offered by the underlying platform (the Virtual Browser server is designed for installation in VMware environment), while also improving scalability, optimizing performance when very large numbers of sessions are open simultaneously.

In Sizing the Cloud; Understanding the Opportunities in Cloud Services (published in March 2009) analysts at Gartner, Inc. predict a global market for enterprise cloud services reaching $150.1 billion in 2013 – more than three times the size of today’s market of $46.4 billion. The cloud-based enterprise will be dependent on the internet to an extent way beyond the situation today, and information systems and applications will be utility services, like water or electricity — a click of the mouse to bring up the CRM software and shut it down, with the user paying for a metered service.

As far as I’m concerned this is a fantastic development which will allow businesses to focus on — well, what they do best, where they can add value. Information resources will be available on demand, like tapwater. Except that a packet of data is not like a drop of water; those data packets may be carrying business-critical data. The internet is a two-sided coin for the enterprise: one the one hand, on-demand access to flexible, massively scalable information resources ranging from basic hardware platforms to individualized services and applications software; on the other hand, the vector for increasingly intense efforts to penetrate enterprise information systems for criminal gain. In other words, the enterprise is in the process of migrating it’s information resources to the most stressful environment you can think of if you’ve ever had to think about information security.

If the Cloud Computing paradigm is to fulfill its promises, we urgently need to find ways of reducing the stress of internet dependency. We need to protect ourselves from the internet that threatens us, to get the full benefits of the internet that will make our business more agile, more responsive, which will allow us to evolve and progress. If we can’t make the internet “stress free” we’ll start seeing the (costly) development of parallel secure networks for enterprise applications.

If the best way to avoid internet attacks is not to connect to the internet, that’s clearly an unrealistic approach today. What we can do, however, is to segment different usages, isolating access to sensitive, business-critical data and applications from the potential threats. While building an entirely new network is probably a stretch too far, a more realistic solution, perfectly feasible today, is to isolate individual web applications by virtualizing access at the source, the browser itself. Enterprise end-users access sensitive business applications and data over the internet using secure tunnels carrying virtualized browser sessions. With the virtual browsers hosted in close proximity to the applications, data need never be exposed on the internet with this architecture. We can’t clean up the internet to make it entirely safe for your business critical data and applications, but by ensuring that critical systems and end-user browser sessions are protected from attack we can bring a “stress-free” internet experience several steps closer for the CIO.

Click here to watch the video

Housed in the historic 19th century Bourse (Stock Exchange) building in the heart of Lyon, the Chamber of Commerce and Industry (Lyon CCI) plays a key role in the development of France’s second biggest regional economy. The CCI consults with and lobbies government representatives and politicians at local, national and international levels to defend the interests of 58,000 businesses in and around Lyon. It supports the creation, acquisition, and development of member businesses.

The problem

Many of the applications developed for use internally at the CCI were developped for compatibility with version 6 of Microsoft’s Windows Internet Explorer (aka IE6). More recent applications, however, have been developed for compatibility with version 7. And as most web development pros know, an IE6-optimized application is highly likely to be incompatible with IE7 – and vice-versa.

So how could the IT services at the CCI reliably deliver access to older applications and more recent ones, given that it’s impossible to install both versions of IE on a single desktop?

Virtual Browser provides the solution

The Virtual Browser solution resolves the problem by integrating IE6 as the browsing environment in the users’ Virtual Browser session. The Virtual Browser session thus ensures full support for older, IE6-compatible applications while the desktop IE7 installation allows users to access more recently developed web applications.

Users are satisfied as they continue to use the older applications transparently while benefiting from the improved features of IE7 for newer applications. For the CCI, using Virtual Browser to deliver compatibility in a mixed environment means significant cost savings compared with upgrading or re-writing applications for IE7:

“There’s no doubt that the cost of developing and upgrading all our applications bears no comparison with the cost of rolling out Virtual Browser” says Albert Levigne, CIO – Lyon CCI.

Why choose Virtual Browser by commonIT?

The Lyon Chamber of Commerce and Industry chose Virtual Browser for:

• The ease of deployment of the Virtual Browser agent to 600 end-points.
• End-user performance and ease of use.
• The innovative approach which resolved the compatibility problem much more cost-effectively than a program of updating or redeveloping older applications for compatibility with the latest generation of browsers.

Just back from three intense and encouraging days at the Assises de la Sécurité conference in Monaco. It’s the first time commonIT has been to the event, an annual fixture in the French information security calendar now in its ninth year. The number and the quality of the contacts we made was impressive, with a lot of interest in the Virtual Browser solution. As word got around, with CSOs, industry analysts and consultants speaking to each other about commonIT, it was as if we were watching our technology grow from day to day, evolving from “technical innovation” to “enterprise solution” before our eyes. Journalists from leading French industry media including Distributique, 01 informatique,  Journal du Net, Global Security Mag, and virtuanews joined the buzz.

We’re going to have our work cut out following up all the leads — but that was what we went for! A big thank you to DG Consultants for the organisation and management of the event.

Last week we passed a key stage in the development of commonIT, closing our first funding round. The €500k we’ve raised will be invested in accelerating current initiatives, both technical — we expect to announce release 2.0 of Virtual Browser early in 2010 — and in sales and marketing development.

It’s with pleasure, then, that we welcome Rhône-Alpes Création and Expansinvest (Banque Populaire des Alpes) to the table as partners in the commonIT project. They worked quickly and effectively with us allowing us to reach this funding agreement just eight months after founding commonIT, an important factor for us. Personally I’d like to extend a warm thank you to Mathieu Viallard, director of business development at Rhône-Alpes Création, for his efficiency and professionalism in managing the negotiations.

Version 1.1 of the Virtual Browser solution enhances the product with new features facilitating seamless integration with the enterprise infrastructure:

• Strong authentication based on X.509 certificates increases protection for the enterprise and reduces the risk of security being breached by simple password theft from a compromised terminal.
• Role-based administrator access ensure that each admin only has the authority to execute authorised tasks (eg configuration, monitoring, etc).
• An IE6 rendering engine provides support for older web-based applications, incompatible with more recent browsers.
• Virtual Browser client installations are now available for Apple Macintosh OSX and Linux platforms, in addition to the Microsoft Windows client.

Additional minor modifications have been made to improve performance and ease of use, so that Virtual Browser remains the best solution for secure web access in the enterprise.

Does what, exactly? Why, winning the Monaco Grand Prix, of course! When commonIT heads for Monaco next month we won’t be trying to emulate Formula 1 drivers (though some of the team regret this) — but we’re going there to win.

From October 7th to 10th around a thousand of the most senior CSOs representing practically every major enterprise, ministry and government and local authority agency in France will be in Monaco for the ninth annual “Assises de la sécurité” get-together. As one of the sponsors of the event commonIT will man a stand for the three days of conferences and workshops, and deliver a 40 minute workshop on virtualisation and browser security. Through a partnership with the French edition of Global Security Mag all delegates will also receive a copy of a new white paper on enterprise web security developped by commonIT — the English version will be available shortly, watch this blog!

The three days of close interaction with high-level contacts from every sector of the French economy are a once-a-year opportunity to reach key decision makers, to spread the Virtual Browser message, to listen to their needs, and to detect new business opportunities. That’s why we’re sending a team of three people; commonIT will represented by Daniel, Albino and myself. Just like Jenson Button, we’re going there to win. But we’ll be driving a little more slowly.