Mobile Security: Crunchy on the Outside, Soft on the Inside

May 10, 2013

When we hear of mobile malware (especially on Android) growing 163 percent or infecting 32.8 million devices in 2012, it’s easy to understand why having a security strategy and solution for employee-owned devices is essential. However, what can sometimes get lost, especially for organizations looking to bolster their security posture, is how to prioritize security across your environment.

To be clear: establishing a perimeter defense in your network is important – very important. But if you’re a company that hasn’t already covered the basics, where should you begin? Many companies are now realizing that security is not just about holding the enemy at the gates, it’s also important to understand when the enemy is already within them. A good security posture starts by assuming you are compromised and then asking the hard questions: “Would I even know if I were compromised? What is the enemy doing? How can I stop them once they are inside?”

Security doesn’t start with BYOD – that’s just one aspect of a much larger picture. Should you really be focused on the doors to your house when the foundation is crumbling? Enterprise security shouldn’t be built like an M&M – crunchy on the outside, soft on the inside – it should be crafted more like a jawbreaker – hardened from the inside out. Of course, you want everything hardened, but you can’t tackle all aspects of your infrastructure at once. You need to prioritize based on risk and value. Attackers are after intellectual property and they have a particular appetite for credentials to help them come and go as they please. Build concentric circles of defense starting with your critical infrastructure, then extend to your application and database servers, and then encompass other sensitive systems like finance and your highest risk end-user systems (e.g., remote users, publicly accessible systems, etc.).

Also, what is a perimeter these days? When it comes to securing mobile devices and cloud computing, your corporate assets are being accessed from around the world, in Internet Cafes and homes, and by devices that don’t travel through any “known” perimeter (3G/LTE networks, etc.). Authors of advanced malware are currently targeting endpoints and servers with more regularity than mobile devices. Mobile attacks tend to be focused on small financial gains, not stealing intellectual property. So what we saw in the past with hackers changing dial-up modem settings to expensive toll lines and pocketing the cash, we now see with mobile hacking and expensive premium SMS messages; cybercrime – not cyberespionage.

Mobile devices still represent security vulnerabilities because of the unprotected credentials and company documents they store. The data on these mobile devices could always be used in more advanced attacks on desktops or servers in the future. So it should be part of your strategy to secure employee-owned devices that are not under your primary control. All I’m saying is start at the center where the data and systems are easily identifiable and there are proven technologies that exist to stop advanced threats from executing in your environment. As you extend your security layers, you will be left with a security posture that’s more sour than sweet for cyberattackers.

via Mobile Security: Crunchy on the Outside, Soft on the Inside | Bit9 Blog.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

Dealing with Mobility and BYOD Security Challenges? Start with The Network

April 18, 2013

The topic of mobility and BYOD has become a fairly divisive subject, because of the differing perspectives on how to resolve security challenges for the mobile user. Perspective on this ranges from the complexities of dealing with BYOD to a recommendation to keep personal and business devices separate. The fact is, we all have strong affinities for our favorite mobile devices, and just as organizations had to embrace the desire for users to use Macs in the office (remember that controversy?), users are now making their own choices about the mobile devices they use at work. When employees are given the resources to do their jobs in more places, they find better and more productive ways to work.

The challenge is how to give users the full advantage of their mobility platform of choice without introducing risks to the business. A key part of that challenge is enabling flexible mobile security options depending on the device and use case. For example, an employee on an unmanaged device may just require access to the Internet, while another employee on a managed device may require full access to specific data center applications. Your mobile security solution should support both use cases.

While there are multiple considerations to secure mobile traffic, it’s the network where you must start. This means maintaining a secure connection, keeping the traffic across it safe, and extending it to all users. By retaining control of the network, organizations can embrace mobility by making it safe for all users in all locations, regardless of the device. Starting from this premise, it becomes much easier to think in terms of how to make mobility work for your organization by providing the security to enable safe usage rather than trying to prevent it.

If you’d like to learn more about mobility and BYOD security challenges, check out my latestSecurityWeek article.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Bring Your Own Demise [INFOGRAPHIC]

March 6, 2013

Bring Your Own Device (BYOD) is certainly not new, but its effects on security and employee behavior are still largely undetermined.  To quantify the impact of personal devices in corporate settings, Varonis conducted a short survey and compiled the results in a new research report.

The results may surprise you — more than half of respondents reported someone in their companylost a device with important company data on it, and 22% of lost devices had security implications for the company.  Moreover, 86% of employees admit to being “device obsessed,” working on their mobile device around the clock.

Enjoy, share, embed our infographic and download the full report to learn which data protection activities truly matter.

Bring Your Own Demise: A Report of the Impact of BYOD

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , , | Permalink
Posted by david ricketts

The growing threat of insider fraud not a top security priority for organizations

March 5, 2013

An Attachmate sponsored Ponemon Survey indicates the growing threat of insider fraud is not a top security priority for organizations which is proving to be a costly mistake.

On average, organisations experience approximately one fraud event per week, according to information from the second annual Attachmate and Ponemon Institute survey, “The Risk of Insider Fraud

However, only 44% of respondents say their organisation views insider fraud prevention as a top security priority, a perception which has declined since 2011.

The average cost of a data breach in a 2011 study was $194 per lost or stolen record

The survey reveals some alarming data security trends:

  • On average, it takes 87 days to first recognize that insider fraud has occurred and more than three months (105 days) to get at the root cause of the fraud.
  • 79% of respondents say that in their organization a privileged user has or is very likely to alter application controls to access or change sensitive information and then reset the controls.
  • 73% of respondents, an employee’s malfeasance has caused financial loss and possibly brand damage.
  • 81% say they already had an employee use someone else’s credentials to gain elevated rights or to bypass separation-of-duty control
  • 48% of respondents say that BYOD has resulted in a significant increase in fraud risk
  • 77% of respondents say the lack of security protocols over edge devices presents a significant security challenge and risk

This data demonstrates the invisibility of employee actions across an enterprise,” said Larry Ponemon, chairman and founder of Ponemon Institute. “While organizations may have policies and procedures to thwart insider fraud, it doesn’t mean employees will remain compliant, particularly with the rise of Bring Your Own Device (BYOD) practices

Data security and insider threats continue to be a challenge for organizations, particularly as BYOD brings complexity to enterprise risk management,” said Christine Meyers, director of Attachmate’s enterprise fraud management solutions. “Next-generation enterprise fraud management solutions, such as Attachmate Luminet, are able to correlate cross-channel activity, score risk and provide a screen-by-screen replay of what actually occurred. Add to that the proven deterrence factor that arises from being able to see and monitor use and abuse, and you can see why customers choose to deploy this technology for fraud detection

Fraud statistics

  • On average, organizations have had approximately 55 employee-related incidents of fraud in the past 12 months
  • More than one-third say that employees’ use of personally owned, mobile devices has resulted in malware and virus infections that infiltrated their corporate networks and enterprise systems and another 26% it is very likely to occur
  • 61% rate the threat of insider risk within their organization as very high or high
  • 23% say insider fraud incidents existed six months or longer before being discovered and 9% could not determine when they occurred.
  • 55% of organizations say their organization does not have the ability/intelligence to determine if the off site employee’s non-compliance is due to negligence or fraud

Threats from BYOD, Mobility & Edge Devices

For the first time the study asks questions about the effect Bring Your Own Device (BYOD), mobility and edge devices have on the risk of insider fraud. We define BYOD as the employees’ use of their personally owned mobile devices (typically smart phones, tablets and laptops) for both work and non-work activities.

An edge device is a physical device that can pass packets between a legacy network (like an Ethernet network) and an ATM network, using data link layer and network layer information. An edge device does not have responsibility for gathering network routing information. It simply uses the routing information it finds in the network layer using the route distribution protocol. An edge router is an example of an edge device.

Edge devices and BYOD make it difficult to identify insider fraud

58% agree that BYOD makes it more difficult for the security or compliance department to have complete visibility of employees’ access and computing activities. The majority of respondents (78%) do not agree that employees’ access and possible misuse of edge devices is completely visible to the security or compliance department (100% – 32% of strongly agree/agree responses).

The study defined insider fraud as the malicious or criminal attacks perpetrated upon business or governmental organizations by employees, temporary employees and contractors. Typically, the objective of such attacks is the theft of financial or information assets, which include customer data, trade secrets and intellectual properties. Sometimes, the most dangerous insiders are those who possess strong IT skills or have access to an organization’s critical applications and data.

With this research, we want to reiterate that organizations are not immune,” said Meyers. “The threat of insider fraud is a growing risk that can result in tangible financial loss to businesses. And the longer an organization takes to address it, the more costly it can become

The insider fraud survey includes results from more than 700 individuals at leading global organisations.

 

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Mobility and Big Data: Why They Need Each Other to Thrive

January 9, 2013

Mobile devices and apps will generate seven exabytes of data by 2015, a number that will continue to double and perhaps triple each year. Not only are huge volumes of data/content being communicated through mobile networks, but there has been unexpected growth in related communications and transactions, such as:

  • Salesforce.com getting 60 percent of its “transaction volume” from mobile devices
  • Pandora delivering 60 percent of its music minutes to mobile devices
  • Facebook getting 30 percent of its traffic from mobile
  • Twitter getting 55 percent of tweets from mobile

This dramatic growth, coupled with low-cost, large-scale data architectures, is making it possible for “Big Data” to capture, analyze, and act in real-time to maximize the impact for business. But I would argue that big data and mobile are also intertwined, and the total societal impact of one depends on the other.

The unique benefits of mobile—ubiquity, immediacy, and relevance—are magnified by big data. To fully leverage these attributes, mobile solutions need to be location-aware (ubiquitous), real-time (immediate), and context-aware (relevant). Seventy percent of mobile apps are abandoned within the first two months after being downloaded, due in large part to the fact that they are not enterprise-class, not connected to the data and analytics that make them engaging, and therefore not leveraging the attributes of mobile. Big data is becoming a critical element in meeting these demanding expectations from the user.

Together, mobile and big data provide an opportunity to not only offer users convenience and utility, but to actually drive behavior change. A health insurance company, for example, might deploy a consumer-facing app that mashes up claims data with public health data and personal fitness/wellness data from other consumer apps. This creates the opportunity for powerful analytics to help guide the consumer to make better health decisions based on a real-time view of their current condition and available options.

Sustaining behavior change is critical to virtually every industry, whether it’s getting a patient to follow their prescribed therapy (only 70 percent do so in the U.S.), encouraging an employee to save more for retirement (there is only a 3.6 percent savings rate in the U.S.), or getting an energy customer to make more efficient decisions (the average U.S. household wastes 25 percent of its energy). This is where mobile and big data can play a significant role. By marrying context, personalization, and knowledge of potential actions/offers using mobile and big data/analytics, the impact of retail, healthcare solutions and beyond could be improved drastically.

Where big data is accelerating the sustaining of behavior change, it is also accelerating the convergence of people and objects. There are now nearly 10 billion things connected and only about half of them will be mobile phones. Yet up until now, the hundreds of millions of connected objects—truck fleets, environmental sensors, smart meters, etc.—were considered part of the closed “Machine-to-Machine” or M2M world. This is changing. Fueled by the integration of technologies such as Wi-Fi, Bluetooth, QR Codes, and NFC into mobile devices, we are lowering the barrier for people to interact with objects, and opening up a new category of innovations we call P2M, or “People to Machines.”

Very soon, we will not talk about mobility or big data but just real-time, personalized interactions that drive business impact, anywhere, anytime, on any screen. Now that’s powerful.

via Mobility and Big Data: Why They Need Each Other to Thrive | Xconomy.

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Grolsch Beer: Interactive Multi-Screen Ads

September 7, 2012

This Grolsch multi-screen campaign is an interesting example of extending a TVC into interactive an online video and mobile experience, that in turn drives retail foot traffic. Starting with a TVC introducing a bold character, the ad then challenges you to go online to continue the conversation.

Users are then introduced to the character more personally over a beer and are asked to text him their name in real-time as the online video plays… For users who’s name the character recognises, he sends them back a text message, literally buying them a beer in real life, with the text linking straight to a coupon code and store finder to claim. Created by the BMB Agency.

Leave a Comment » | Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

How Placed maps mobile app usage down to the store

August 30, 2012

Hey, mobile developers, have you ever wondered where users are when they interact with your apps — as in down to the level of whether they’re in a Starbucks or the McDonald’s right across the street? A Seattle-based startup called Placed has a novel approach to mobile-device data that it claims can tell you just that, a capability the company thinks can change the way developers think about everything from targeted advertising to product design.

Placed, new technology for location analytics

for more information click on:

http://gigaom.com/cloud/how-placed-wants-map-mobile-app-usage-down-to-the-store/

Leave a Comment » | Application Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Cloud back-up meets the enterprise: An infographic

August 6, 2012

Did you know that the average mobile worker now carries 3.5 mobile devices in 2012, up from 2.7 devices in 2011?

And that 92% of mobile workers believe that they should be able to read work email on their phone?

What happens to corporate data residing on endpoint devices such as laptops, tablets and smart phones? Is this data backed up hourly, daily, monthly? How is the enterprise protecting corporate assets residing on endpoint devices brought into the workplace?

Check out the infographic to find out how Cloud Backup addresses these challenges and more.

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

VIDEO Glasses-Free 3D Display

May 28, 2012

Head-Coupled Perspective on Mobile Devices. We track the head of the user with the front facing camera in order to create a glasses-free monocular 3D display. Such spatially-aware mobile display enables to improve the possibilities of interaction. It does not use the accelerometers and relies only on the front camera.” — DocteurCube

Leave a Comment » | Application Hosting, Marketing | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

Data point: Mobile disrupts most media

May 24, 2012

Posted by: in North America

As smartphone adoption grows and attention spans attenuate, people are increasingly multitasking their media consumption. According to recent research published by Google, almost 9 in 10 smartphone owners in the U.S. use their mobile while doing other things, whether watching a movie, playing a video game or reading. We highlighted this phenomenon in our recent report, “15 Ways Mobile Will Change Our Lives.” And our latest report spotlights how marketers are taking advantage of the second screen as more TV viewers sit on the couch with smartphones (or other mobile devices) in hand. Google’s research finds that more than half of U.S. smartphone owners use their device while watching TV. The spike in connected screens and services that link them with the big screen is creating intriguing new possibilities for TV broadcasters and marketers alike.

Google’s report also looks at how people are turning to their mobiles for a growing roster of functions, behavior that will become increasingly prevalent. The data shows that 35 percent of smartphone owners expect to use their device to access the Internet more often in the future. And as more marketers lead shoppers onto their smartphones, m-commerce will become increasingly important to retail. As yet, more than a third of Google’s respondents said they have purchased a product or service on their smartphone, and more than two-thirds of those did so in the previous month. Mobile-optimized sites and location-specific deals will become crucial for capturing shoppers via their smartphones.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

« Previous Entries
Follow

Get every new post delivered to your Inbox.

Join 746 other followers