Research: Digital Transformation 2017: Strategy, Returns on Investment, and Challenges

A few months ago, Tech Pro Research surveyed IT leaders about digital transformation in their organizations. Only 20% said they had a comprehensive digital transformation strategy in place, but this doesn’t mean digital transformation hasn’t been happening. 

Report author Mary Shacklett points out that, “What in fact has been happening is a democratization of digital transformation initiatives, with the technology being inserted at points within the business where there are immediate needs for it.” Almost all survey respondents (96%) said some steps toward a digital transformation have been taken in their organization, despite the fact that the majority don’t have an overarching strategy. 

The push toward digital transformation isn’t just coming from IT. Sixty-seven percent of respondents said business leaders outside of IT were asking for a digital transformation. However, 63% said IT leaders would be the ultimate owner of any transformation that might occur. This could present challenges, especially with regards to funding. “Respondents reported that their senior managements were highly enthusiastic about digital transformation, but the budget dollars to match that enthusiasm weren’t always there,” Shacklett said in the report. 

In the survey, respondents were also asked about future steps toward digital transformation, what digital transformation technologies had the best, and worst, returns on investment, and what roadblocks to digital transformation exist in their organizations. This report contains findings from those questions, and analysis of those findings. To learn more, download the report: Digital Transformation 2017: Strategy, Returns on Investment, and Challenges

MobileIron lands reseller deal with Lenovo

Enterprise mobility management firm MobileIron announced that it has inked a reseller partnership with PC giant Lenovo. Under the deal, Lenovo will resell MobileIron's security and management platform to enterprise customers purchasing Lenovo PCs, tablets, and smartphones.

"Modern enterprise computing means moving to modern operating systems like Windows 10, Android, and iOS, and using EMM to secure all your devices from mobile to desktops," said MobileIron CEO Barry Mainz. "As the market leader in PC sales, Lenovo is leading that transition on the hardware front and this partnership with MobileIron adds the critical security layer that companies need for modern operating systems."According to MobileIron, the partnership underscores the massive shift from legacy security tools to EMM for PC management.

Mainz is just wrapping up his first year as MobileIron's chief executive, after replacing MobileIron founder Bob Tinker in January 2016. At the time, Mainz said he planned to work to help MobileIron, which went public in 2014, become the "applications and security backbone" for end-user computing. The Lenovo partnership is a certainly a step in that direction.

MobileIron recently expanded its portfolio with the launch of a new Internet of Things division -- a move that's not totally unexpected given Mainz's history in IoT. Before MobileIron, Mainz was the president of Wind River, an Intel subsidiary with various IoT-related products.

Tens of thousands of Chromebooks fail because of Symantec BlueCoat problem

Well, this is annoying. Maryland's Montgomery County schools are using Chromebooks. The school system is using about 120,000 Chromebooks and multiple PCs running the Chrome web browser. But when Google recently updated them to Chrome OS 56, over 30 percent couldn't log on, while many PCs running Chrome were unable to reach the web.

So, was it Google's fault? Not so fast.

The school system was using Symantec's BlueCoat, a man-in-the-middle (MitM) SSL web proxy. This uses ProxySG technology to examine Secure-Socket Layer (SSL) and Transport Layer Security (TLS) encrypted web content. So far, so good -- if you want to make sure your seventh graders aren't peeking into pornography. But, in this case, it turns our BlueCoat doesn't support the newest standard web security protocol, TLS 1.3.

TLS is SSL's successor. The newest version, TLS 1.3, blocks attacks that were effective against TLS 1.2 and earlier security protocols. It also speeds up web connections.

"This update, the first since 2008, is a major overhaul that provides both increased security and enhanced speed, especially on mobile networks," said Nick Sullivan, CloudFlare's head of cryptography. "TLS 1.3 improves request speeds by requiring one less round trip to connect to an internet application, compared to previous versions, and can decrease page load times by 20 percent."

Mozilla Firefox, Google Chrome, and Opera currently support TLS 1.3. Microsoft and Apple are working on supporting it in Internet Explorer 11 and Edge and Safari, respectively. Google decided in its latest update to more fully support only TLS 1.3.

Both Google and Mozilla saw TLS decryption problems coming. A recent security study found vendors are badly handling TLS inspections. The anti-virus or network appliances "terminate and decrypt the client-initiated TLS session, analyze the inner HTTP plaintext, and then initiate a new TLS connection to the destination website." However, they then incorrectly validate certificates and can introduce security flaws.

Unfortunately, some programs, and BlueCoat's is one of them, goes even farther wrong. They hiccup when trying to deal with TLS 1.3. What should happen is "Successful connection. Client and proxy may negotiate down to TLS 1.2 instead of TLS 1.3." Instead, "when Chrome attempts to connect via TLS 1.3, BlueCoat hangs up connection."

BlueCoat isn't the only web proxy with this problem. Iboss, a web gateway, is also reported to foul up when dealing with Chrome 56.

But this has to be done by hand and it only works for the current user. It's in no way a fix you'd want to use with tens of thousands of Chromebooks or PCs.

So, in the short-run, Google has set "Chrome so that when it can check-in will receive instructions to disable TLS 1.3 and thus should stay 'fixed' (for now)." To do this, you must set your web proxy so that it doesn't intercept TLS traffic until all the devices have been upgraded. In the case of Chromebooks, that will simply be logging in. With PCs running Chrome, you'll need to go to a Google site, such as Gmail, that requires a login. If you're only installing Chrome OS or Chrome 56 now, the new versions default to using TLS 1.2 and should work fine.

Who's fault it is?

Google puts the blame squarely on BlueCoat and other web proxy vendors. One note on the Chromium bug list said: "We're waiting on a response from BlueCoat. They were made aware of TLS 1.3 several months ago, but evidently did not test their software per our instructions."

Another Google software engineer stated: "These issues are always bugs in the middlebox products. TLS version negotiation is backwards compatible, so a correctly-implemented TLS-terminating proxy should not require changes to work in a TLS-1.3-capable ecosystem. It can simply speak TLS 1.2 at both client <-> proxy and proxy <-> server TLS connections. That these products broke is an indication of defects in their TLS implementations."

Eventually, Google will return TLS 1.3 as the default. With Chrome 57 almost ready to go, this probably won't happen until the Chrome 58 release, after the security vendors fix their proxies.

As for BlueCoat? A Symantec spokesperson said "Symantec has been alerted of a potential issue with TLS 1.3 on select devices. We're investigating now and are working to resolve the issue."

Hopefully it won't take long. Otherwise, with Chromebooks being so popular in schools and SSL/TLS decryption being a common feature in educational-system web proxies, we can only expect to see further failures.

Tens of thousands of Chromebooks fail because of Symantec BlueCoat problem

Well, this is annoying. Maryland's Montgomery County schools are using Chromebooks. The school system is using about 120,000 Chromebooks and multiple PCs running the Chrome web browser. But when Google recently updated them to Chrome OS 56, over 30 percent couldn't log on, while many PCs running Chrome were unable to reach the web.

So, was it Google's fault? Not so fast.

The school system was using Symantec's BlueCoat, a man-in-the-middle (MitM) SSL web proxy. This uses ProxySG technology to examine Secure-Socket Layer (SSL) and Transport Layer Security (TLS) encrypted web content. So far, so good -- if you want to make sure your seventh graders aren't peeking into pornography. But, in this case, it turns our BlueCoat doesn't support the newest standard web security protocol, TLS 1.3.

TLS is SSL's successor. The newest version, TLS 1.3, blocks attacks that were effective against TLS 1.2 and earlier security protocols. It also speeds up web connections.

"This update, the first since 2008, is a major overhaul that provides both increased security and enhanced speed, especially on mobile networks," said Nick Sullivan, CloudFlare's head of cryptography. "TLS 1.3 improves request speeds by requiring one less round trip to connect to an internet application, compared to previous versions, and can decrease page load times by 20 percent."

Mozilla Firefox, Google Chrome, and Opera currently support TLS 1.3. Microsoft and Apple are working on supporting it in Internet Explorer 11 and Edge and Safari, respectively. Google decided in its latest update to more fully support only TLS 1.3.

Both Google and Mozilla saw TLS decryption problems coming. A recent security study found vendors are badly handling TLS inspections. The anti-virus or network appliances "terminate and decrypt the client-initiated TLS session, analyze the inner HTTP plaintext, and then initiate a new TLS connection to the destination website." However, they then incorrectly validate certificates and can introduce security flaws.

Unfortunately, some programs, and BlueCoat's is one of them, goes even farther wrong. They hiccup when trying to deal with TLS 1.3. What should happen is "Successful connection. Client and proxy may negotiate down to TLS 1.2 instead of TLS 1.3." Instead, "when Chrome attempts to connect via TLS 1.3, BlueCoat hangs up connection."

BlueCoat isn't the only web proxy with this problem. Iboss, a web gateway, is also reported to foul up when dealing with Chrome 56.

But this has to be done by hand and it only works for the current user. It's in no way a fix you'd want to use with tens of thousands of Chromebooks or PCs.

So, in the short-run, Google has set "Chrome so that when it can check-in will receive instructions to disable TLS 1.3 and thus should stay 'fixed' (for now)." To do this, you must set your web proxy so that it doesn't intercept TLS traffic until all the devices have been upgraded. In the case of Chromebooks, that will simply be logging in. With PCs running Chrome, you'll need to go to a Google site, such as Gmail, that requires a login. If you're only installing Chrome OS or Chrome 56 now, the new versions default to using TLS 1.2 and should work fine.

Who's fault it is?

Google puts the blame squarely on BlueCoat and other web proxy vendors. One note on the Chromium bug list said: "We're waiting on a response from BlueCoat. They were made aware of TLS 1.3 several months ago, but evidently did not test their software per our instructions."

Another Google software engineer stated: "These issues are always bugs in the middlebox products. TLS version negotiation is backwards compatible, so a correctly-implemented TLS-terminating proxy should not require changes to work in a TLS-1.3-capable ecosystem. It can simply speak TLS 1.2 at both client <-> proxy and proxy <-> server TLS connections. That these products broke is an indication of defects in their TLS implementations."

Eventually, Google will return TLS 1.3 as the default. With Chrome 57 almost ready to go, this probably won't happen until the Chrome 58 release, after the security vendors fix their proxies.

As for BlueCoat? A Symantec spokesperson said "Symantec has been alerted of a potential issue with TLS 1.3 on select devices. We're investigating now and are working to resolve the issue."

Hopefully it won't take long. Otherwise, with Chromebooks being so popular in schools and SSL/TLS decryption being a common feature in educational-system web proxies, we can only expect to see further failures.