market trends

Yes, Microsoft publishes yet another security alert for Internet Explorer. It allows an attacher access to any file on the system, and all versions of Internet Explorer are vulnerable — though the default configuration in the most recent versions of Windows (Vista, Server 2008, or 7) will block attempts to exploit the vulnerability. This leaves Windows XP deployments at risk; that’s 66% of the market according to NetMarketshare.

Bernard Ourghanlian, Director of Security at Microsoft France, has an interesting (for us) take on the issue. Interviewed by journalists for French web media Clubic, he says “We would love to put Internet Explorer 6.0 behind us, but we simply can’t. For an enterprise, deploying a new navigator is a huge job. As long as Microsoft offers support for Windows XP (up to 2014), Internet Explorer 6.0 will also be supported.”

Putting to one side (for the moment) the fact that this new vulnerability is one more proof point for the session isolation we’ve developped with Virtual Browser, Ourghanlian’s words highlight a further problem with the management of desktop navigators as part of the enterprise infrastructure: deployment, updates, patching… all these tasks represent significant management and support overheads for the enterprise. The centralized architecture of Virtual Browser makes updates, whether to the browser or its plugins, trivial, and means that every user sees the updated browser, instantly.

There’s nothing new under the sun, they say; they could have been talking about browser security issues. There’s clearly a need for a revolution in the browser architecture — run-time environment, deployment, and support tools. That’s what we’re working on and where we’re going with Virtual Browser.

The latest release of Virtual Browser introduces several new features (like every new release — with thanks to Mathieu’s team!). One of these new features in particular adds a whole new dimension to the Virtual Browser solution. Virtual Browser now supports delivery of ICA and RDP remote desktop clients, alongside our already familiar browser support (IE, Firefox, Java, Flash, etc). With this release the end-user now has access not just to web-based applications but to any application which can be virtualised, as well as full-featured virtual desktops.

It’s worth taking a few minutes to understand where we’re going with this. Release 1.3 offers a single, secure, platform-independent client delivering installation-free end-user access to any web-based or virtualised application without the need to worry about (i) the configuration of the end-point device; (ii) the compatibility of end-point browser configuration and the target application/server; or (iii) the appropriate network configuration (VPN, etc) to access the remote application. The objective is to position the Virtual Browser solution as the universal client for access to cloud-based services.

The “Cloud” and “Cloud Computing” are still relatively new terms and there are varying definitions of what they comprise. For us, they cover the full set of web-enabled or virtualised applications, hosted in the enterprise (the private cloud) or by third-party service providers (SaaS). What we’re seeing today is enterprises migrating step-by-step to cloud computing models, with the infrastructure becoming decentralised — some of it moving to virtual environments (Citrix and others), some of it onto the Intranet, and some moving to the Internet, taking advantage of Cloud offerings vendors like Google, Salesforce.com and other SaaS providers.

In positioning Virtual Browser as the universal client for cloud access, we’re facilitating enterprise migration to cloud computing by resolving three key management issues:

1. Security: encrypted traffic between the VB client and server, strong authentication, and support for multiple isolated user environments: Internet, Enterprise (internal) applications, on-line (cloud, SaaS) services, on both enterprise (managed) end-points and non-managed end-point devices.
2. Single point of management and maintenance — configuration, updates, patching — of the client environment, on a centralised server environment, clustered for redundancy and scalability.
3. Platform independence and compatibility: No matter what type of device the end-user is using or where they connect from, the application sees the same browser, eliminating compatibility issues and facilitating application development and support.

The SANS Institute, internationally recognized for its leadership in information security training and certification, has just published a threat report under the title “The Top Cyber Security Risks“. It comes as no surprise to us at commonIT that the report clearly identifies web usage as the key vector for attacks, whether at the client side or on the server.

The report leads by identifying two priorities that need addressing: unpatched client-side software, and vulnerabilities in Internet-facing web sites. Based on data collected between March and August of this year, the authors show that application vulnerabilities now far exceed those being discovered in the operating system, commenting that “browsers and client-side applications that can be invoked by browsers seem to be consistently targeted”.

A well-developed tutorial included in the report describes one specific way in which the enterprise can expose itself to web-based penetration. But the report is full of interesting data, and merits the time to read it for any information security professional.

And so to Virtual Browser. If we find the report particularly interesting and relevant, it’s not just for the quality of the data. It’s also because our Virtual Browser technology successfully addresses and mitigates the situations described, something no other technology on the market today is capable of. By putting the browser in a datacenter-hosted virtual machine and isolating browsing sessions from each other, the enterprise is fully protected whether the client side or server side is compromised. Virtual Browser — the enterprise browser solution, Secure by Design.

Last week Google finally got around to announcing what we’ve all been expecting since the launch of the Google Chrome browser — the Google Chrome Operating System. No surprise, really, the hints were there in the generous use of operating system terminology (Process Manager, Address Space, Garbage Collector etc) to describe browser features. No surprise either given Google’s historic focus on developing and delivering new services over the web. You’re using GMail for your email and calendar, you use Google Apps for your office applications, you use Picasa to touch-up your photos and you browse the web using Google Chrome; what do you need a full-featured local OS for when you can do everything via the browser? The temptation proved too strong for Google to resist and the result is now here, essentially a Linux kernel with a user interfaced based on the Google Chrome browser.

Google isn’t the first company to develop a solution of this type, and examples such as Good OS or jolicloud are worth taking a look at. The difference, of course, is that when Google has the resources and the clout to really impact the market.

So how does the commonIT team view this? Well, you can tell we’re not surprised. In practice this is one more sign that we’re merely at the beginning of a revolution in IT systems architectures, with the re-centralization of applications and data, accessed via the browser. As far as we’re concerned where there’s change, there are opportunities; but we’ll talk about that some other time

A new infected web page is discovered every 4.5 seconds… It’s not me who says this, but leading antivirus vendor Sophos in its annual security report. Every January all the anti-malware vendors publish their statistics, and all agree on one thing: threats are targeting web applications.

You’ll find an interesting discussion of the problem on this blog.

There’s good news, though, as well as bad news. The bad news: with businesses moving more and more of their applications — even the most critical — onto the web, following the Web 2.0 and Cloud Computing trends, the web is going to remain the No. 1 focus for malware developpers for the next few years. The good news: the Virtual Browser solution is more than ever the perfect response, protecting users and the enterprise against web-based attacks. Stress-free internet!

According to Datamonitor one in five firms is committed to Green IT as part of their business strategy. Reducing printer usage and optimising power consumption are just two of the tactics helping companies achieve their environmental targets while reducing costs.

At commonIT we’re committed to sustainable development, but the question is “does Virtual Browser contribute to Green IT?”

Well, to begin with we can consider that anything that contributes to the development of (1) working from home or remotely and (2) application centralization (virtualization, cloud computing) participates indirectly in energy savings by limiting unecessary travel and reducing server power consumption (according to VMWare, clustering 10 servers on a ingle virtual server platform reduces total power consumption by 80 to 90%). The agility and security that Virtual Browser provides for corporate (and mobile) use of web applications will help firms keep moving in the right direction.

But the most natural link between Virtual Browser and Green IT is probably the opportunity that our product represents for Netbooks. The development of these cheap and “green” terminals (see what Gartner says) is currently limited by the hardware performance required by the web browser. Today’s Netbooks don’t have the performance for more complex web applications. Virtual Browser can solve this problem, because the browser does not run on the terminal (or the Netbook) but on a virtual server in the infrastructure (or in the DMZ, or in the cloud). Only a very simple software agent (able to run on a USB key) runs on the laptop or the Netbook.

Recently, IBM and Canonical announced a virtual desktop product, based on Linux. Their announcement matches the commonIT market vision, covered by David in his “Back to the dumb terminal” article.

Some may ask “if the desktop is virtualized, why would you want to virtualize the web browser?” The answer is simple: while desktop virtualization has a number of advantages (cost reduction for instance), it doesn’t solve web browser security issues; the threat is simply moved from a physical computer to a virtual environment and as long as the web browser runs in the same environment as other applications and sensitive data, security issues still exist.

That’s why we recommend “double virtualization”: a virtual browser running on a virtualized desktop — at least as long as users are still dependent on non-web applications. And once all applications are webified, Virtual Browser delivers the single secure client for the enterprise information system - there’ll no longer be any need for a full client-side OS.

Does history repeat itself? I’m not sure about that but maybe IT does. At least, the question needs to be asked when you look at the new centralized IT architectures which are coming out, taking us back to earlier days. Applications are moving onto virtual servers and terminals are becoming (or returning to being) simple user I/O devices to access those applications. Is this the return of the dumb terminal?

Thanks to mobility, virtualization, Web 2.0 and SaaS, a new generation of IT architectures is arriving, based on new uses, new business models and new technologies. In a few years, I bet that datacenters will be virtualized, applications hosted in the enterprise, software vendors or services providers’ infrastructures, and laptops transformed into simple terminals with 3G or wifi connections.

This vision, shared by analysts, seems to be a natural evolution of what has already started. And this move should accelerate because of new opportunities:

• Users will become consumers of web services — no IT expertise required
• In the enterprise, less IT expertise will be required
• Application availability will improve, guaranteed by service provider SLAs
• Infrastructure will be scalable and its cost will depend on enterprise use
• Mobility and working from home will increase productivity and make IT more sustainable by reducing unnecessary travel.

Even if this future seems great, we have to be realistic. At this stage two issues need to be addressed:

1. High bandwidth network availability. If users must be connected to use applications, that means they must be able to connect from anywhere. This issue will be solved soon as telco networks reach higher levels of coverage in enterprises, home offices and public areas.
2. Security. The challenge is now (a) to bring trust into the hosted architecture (what happen when corporate applications are no longer running on the enterprise’s own servers?) and (b) to protect data against web threats and browser vulnerabilities which are the hacker’s new “Eldorados”.

In creating commonIT one of our key goals was to help development of this new architecture and these new uses. That’s why our mission statement is to make users free of security and mobility issues.

That’s what we mean by “Stress-free internet”