Tablet Security in the Enterprise: Risk and Remedies

Today, malicious apps and malware continue to be the number one security threat in tablets, followed by public Wi-Fi eavesdropping. Tablets can easily be infected by clicking on a malicious link or by entering company credentials into a phishing page mimicking itself as a challenge page.

While we’ve seen examples of the mobile platform companies proactively addressing malware attacks – the iPad 2Smart Cover security hole fixed by Apple’s iOS 5.0.1 release and Android’s 58 malicious applications, which were downloaded onto 260,000 devices before Google remotely wiped the devices clean – it’s simply not enough. Not to mention, these remedies aren’t always applicable to tablet devices, with only a small percentage maintaining an always-on 3G connection, making it nearly impossible to implement a real-time security fix.

Two ways that mobile platform companies have typically remedied security holes exposed by malware: OS security re-architecture or stricter entry programs into app stores. However, the stricter the app adoption rules and implementation restrictions (so as to not allow a bad app into an app store), the less number of apps enter the market in a given time. While Apple has the luxury of highly scrutinizing the apps it approves, Android–coming from behind—has looser controls in an effort to balance innovation with security.

The recent Smart Cover security hole uncovered in iPad 2 and fixed by Apple’s iOS 5.0.1 release is the OS remedy; and Android’s 58 malicious applications, which were downloaded onto around 260,000 devices before Google eventually admitted it and wiped them from devices remotely, is an app store remedy.

Both of these remedies are not acceptable solutions for enterprises. Enterprise IT heads cannot wait for a new OS release or a re-evaluation by the app store when a malicious attack is siphoning confidential data from thousands of devices. The situation gets even more critical when malicious apps get on tablet devices. Unlike smartphones, most tablets are still tethered devices. Only a small percentage of them have always-on 3G connection through which a remedy can be applied immediately.

Accellion Secure Mobile Apps give enterprise tablet users the ability to securely share, edit, send and receive files in their workspace without the fear of a malicious app or link compromising their content and identity.

Accellion Secure Mobile Apps work in conjunction with Accellion Secure Collaboration to keep everything in an encrypted, secure, private container, even if a tablet user decides to download a file onto its local drive.

Should malware infect an Accellion Secure Mobile Apps user device, nothing is lost. Or, if it tries to access the tablet’s local drive, it will see nothing but a bunch of encrypted files. Users could be on an iOS, Android or BlackBerry device, and it will behave the same.

And then there is the internal threat, when people get distracted and leave behind their device by accident. If there is sensitive corporate data on the tablet and the device ends up in the wrong hands, it could easily lead to a reportable data breach. With Accellion, IT has control and management over the application, so if a device is lost or stolen, Accellion administrators can easily block access remotely and reset credentials.

Look for the discussion about tablet security to continue on this blog, but in the meantime, the more you use your tablet like a laptop, the more you should consider taking security measures.

Your iPad Is Not Your iPhone: Get Secure

Over the past year, we’ve seen the iPad become more prevalent in the corporate world – and why not? Its portabilityis ideal for employees on the go and users are able to blend work and personal use on a single device. Yet, it’s these two benefits that have introduced new security concerns for IT, with the iPad often treated more like a grown up iPhone than a corporate computer.

Of course, the laid back attitude towards iPad security is understandable. Tablet adoption has been predominantly driven by consumer usage, with public Wi-Fi and cloud computing making it simple to upload and download files and applications at will – whether Angry Birds, grocery coupons or the latest corporate PowerPoint.  But, the freedom of anytime, anywhere access, combined with the increased volume of corporate data being shared via iPads, has blurred the lines between corporate access and casual entertainment.

Yet, the harsh reality is that malicious apps and malware are the number one security threat to tablet computers, followed by public Wi-Fi eavesdropping.  Phishing attacks are phishing attacks, whether your users are on a PC or an iPad, and enterprises need to implement the same strong security measures regardless of the device.

So, what’s an IT group to do?

Individuals should be able to send, share, and access files and applications, while you ensure they’re protected from malicious content. Accellion Secure Mobile Apps is one viable option – providing around-the-clock secure access to files to a range of mobile devices, plus encrypting documents for future, offline use. Plus, if the device is ever lost or stolen, administrators can easily block access remotely and reset credentials.

Let’s face it: your employees were likely attracted to the iPad because it makes their life easier – and maybe a little more fun. So, the key is to boost security while enabling employees to work and interact exactly as they do today.  The discussion on tablet security is far from over, so look for more insight on our blog.

Some insights from the 2011 Gartner Data Center Conference

The first day kicked off quite early with Gartner presenting top 10 major IT trends and then they had several individual sessions.   Some notes on Big Picture trends:

1. Physical Infrastructure management is becoming very critical.  One stat shared was that one data center could consume many time more  energy than 100 offices that depend on those data center application and services.

2. Compute Fabrics are starting to emerge in the enterprise and it is going to accelerate.  Compute fabrics are also known as Cisco UCS and HP
Converged Infrastructure and refer to the ability for the enterprise to seamlessly add and expand compute capacity that comes pre-integrated with server, storage and networking elements.  Our perspective has been ”Converged Management for Converged Infrastructure”.  If  infrastructure is converging, why shouldn’t management.

3.  Hybrid clouds are going to be the norm.  Hybrid clouds are going to be driven more by need to focus core capabilities within the firewalls and
outsourcing non-essential applications.  This is differentiated than enterprises using hybrid clouds purely for bursting capacity.

4.  Challenges in cloud computing are going to be around integration and security.  Specifically around integration they mentioned that integration costs could get so high that the gains from cloud could often be lost in the integration costs.

by Ashish Kuthiala

Buried Alive by Consumer Applications in the Workspace

An article in GigaOM citing new research by Unisys on the consumerization of IT recently piqued my interest.   According to the research, IT pros underestimate the use of consumer technologies in the workplace by a whopping 50%.  In fact, IT decision-makers gave themselves a rating of only 2.9 for overall support of employee owned mobile devices, social applications and integration of social apps with enterprise applications.  According to Isabella Mark, director of Global Solution Management at Unisys, IT is falling behind in addressing and benefiting from consumer technologies due to the sheer volume they now have to deal with.  Each new technology that employees bring into the workplace is another technology that IT needs to figure out how to use, manage, or perhaps even ban.

For many, Dropbox represents the poster child for the consumerization of IT.  Free and easy to get your hands on, the Dropbox consumer file sharing app has spread like wild fire through organizations.  And now IT and security teams are grappling with how to deal with the security risks of unmanaged, untracked file sharing of enterprise data via personal Dropbox accounts.  Learn more about the privacy concerns of consumer file sharing apps that stem from the consumerization of IT in our latest whitepaper, “Beyond Dropbox: Requirements of Enterprise Class Secure File Sharing.”  While Accellion’s solutions are enterprise-class, they are created for ease-of-use, and also provide the security and management that IT requires.

Stillman, J. (2011, November 18). Consumerization study: It pros swamped, behind on mobile. Retrieved fromhttp://gigaom.com/collaboration/consumerization-study-it-pros-swamped-behind-on-mobile/

Nina Seth - Product Marketing Manager at Accellion.

Evolving Mobile Data Security Risk

In 2010, Oracle surveyed more than 3,000 people from around the globe to discover how people communicate. The overwhelming response was mobile, mobile, mobile. In 2011, Oracle conducted a second survey calling it The Future of Mobile Communications-Take Two. This upgraded report delivered interesting results about mobile phone usage and the perceptions of mobile devices.

I don’t think we have to discuss the “bring your own device” (BYOD) trend or the fact that employees are using mobile devices to share files & access business applications. The lightning fast proliferation of data hungry users is the thing that organizations and IT managers are trying to manage. The respondents of Oracle’s 2011Future of Mobile Communications-Take Two report confirm that these trends are permanent. That’s bad news for our telephone booth frequenting super hero.

How data hungry were the users from the survey? Over the past year alone, mobile data usage increased 47%. Even more remarkable is the fact that 55% of those surveyed reported having downloaded a mobile app, up significantly from 42% in 2010.  The most dangerous threats posed by downloaded mobile apps are well-documented in Veracode’s Mobile app top 10 list. Even more notable was the fact that 25% of mobile web users are mobile only.

When respondents were asked if they think that information stored or transmitted with a mobile device is secure, the results were disproportionate. Thirty-two percent of those asked thought their information was secure. Sixty-eight percent said that they didn’t think the information stored or transmitted with a mobile device was secure.

People can be their own worst enemy when it comes to security.  Ten percent of all iPhone users have 0000 or 1234as a device password. The fact that there are mobile data security programs available and not being used is indefensible.

For all these reasons, mobile devices are the most popular target for data theft.  In several upcoming blog posts we will discuss some Dos and Don’ts of mobile device security and take a closer look at mobile security compliance.

Nagar, M. (Designer). (2011). Introduction and evolution. [Web Graphic]. Retrieved fromhttp://www.bluegenietech.com/blog/tag/history-of-mobiles/

New chapters, new challenges, new growth.

With cybercrime now one of the top four economic crimes facing governments and companies globally and a quarter of all economic crime committed in the past year cyber based, the need for greater information security strategy and awareness has never been greater.  

The UK Government’s recent announcement of strategies and initiatives to safeguard critical infrastructure and systems is a welcome indicator of the shape of things to come, as information security climbs rapidly up the corporate and government agenda. The UK Government's announcement of a pilot programme to bolster co-operation between state and private information security professionals, along with the proposed establishment of a cyber crime unit within the National Crime Agency by 2013 are very welcome developments.

Today, key industry figures have gathered in London for the Cyber Security Summit . At a time when the online rules of engagement are changing, governments and businesses around the world are looking to meet challenges head-on, it's clear that the information security market is set for significant growth over the coming years. Exciting times lay ahead for the industry and Clearswift is very excited to announce the beginning of a new chapter for us, following our acquisition by mid-market growth investor Lyceum Capital.

The deal will allow Clearswift to increase our focus on content-aware security solutions as well as broaden our software range, acquire further technical capabilities and develop our geographical reach.

As part of this new chapter, we welcome highly experienced software entrepreneur and former CEO of IRIS Software, Martin Leuw as our new Chairman. Under Martin's leadership, IRIS grew in value from £30m-£500m in 10 years, transforming it into one of the UK's largest privately-owned technology companies. Martin is joined on our board by Lyceum Partners Jeremy Hand and David Harland.

Clearswift will be gaining some excpetional experience and knowledge to support the business through the next phase of growth and we're looking forward to a bright future. Our heritage in content inspection and flexible policies, backed up with excellent service, makes us exceptionally well positioned to meet customer needs in a world where social media and web technologies are rapidly transforming the way we all do business.

Full details are available here

Richard Turner