Managing IT Risk Associated with Mobile Computing Security

When BYOD was coming to fruition a few years ago, it had a sudden and deep impact on IT risk. Why? Many CISOs I spoke with at the time said it was purely a matter of scale. All of a sudden, large enterprises had thousands of additional devices on their networks and they struggled to figure out what these devices were doing and how these activities impacted organizational risk.

Topics: IBM End-User Computing Check Point Fortinet Cisco Information and Risk Management mobile Security and Privacy Security BYOD Citrix data security Fiberlink android Dropbox Good Technology Airwatch Blue Coat CISO Bit9 Anti-malware Facebook

Enterprise Security Professionals Identify Mobile Computing Security Challenges

Most companies now provide network access and application support for non-PC devices like smartphones and tablets and many are developing new applications and business processes designed specifically for these devices. Business managers look at iPhones, Android devices, and even Windows phones and see opportunities for revenue growth, cost cutting, and improved communication everywhere.

Topics: IBM Cybersecurity MDM Information and Risk Management mobile Security and Privacy Security cybersecurity skills shortage endpoint security Citrix CyberArk Courion Bradford Networks Fiberlink android Good Technology ForeScout Airwatch Blue Coat

Holiday Shopping? Android, Apple, or Microsoft

Have you ever noticed how we are all considered IT experts come the holiday time? Brothers, mothers, grandfathers, aunts, cousins and close friends all turn to us for their latest technology purchasing decision. Since I am a bit of a gadget guy, I enjoy these conversations. It’s fun to step through what they think they want and what they actually need. Here are a few of my observations:

  • Apps matter. If you currently rely heavily on an application or a set of applications from a specific app store and an app of equal or better functionality is not available on a competing app store, the decision is pretty simple. Stick with your current platform of choice. Upgrade if you feel you need a new form factor (viewing size) or the latest high resolution experience. This scenario is most often observed with current Apple users.
  • Form factor: I’m personally a new fan of the phablet. Here is why. If you want one device that can handle 90% of your computing activity the phablet works very well. The viewing size is usable for many tasks that include web browsing, a richer experience with apps due to the larger viewing size, and I have found that you can be productive on the device as opposed to smaller form factors I have owned. Ignore your friends when they ask “how does that fit in your pocket” and “that thing is the size of your head." I carry it around just fine and with a headset (I use a wired one) I rarely if ever hold it to my head and when I do it works fine. Dare I go as far to say that the iPad Mini would be a fantastic device if you could make phone calls with it.
  • Work and play. It’s really work and personal unless you are a big gamer. The ideal device enables you to use it as a work and personal device. This boils down to a device that has a keyboard so you can input at a reasonable rate and touch so you can interact with apps and the workspace very efficiently. I have used many devices in the work/ personal environment and right now you will be hard pressed not to look at some of the new Microsoft devices. Whether it is the Surface or touch-enabled Windows 8.1 devices from Microsoft partners, the work/personal experience is tough to match. You basically get a productive work experience with Windows apps and enjoy the tablet touch experience. With that said, apps for Windows are getting better, but still need some attention

I’m real impressed with the number of devices that are sub $400. So if you find yourself advising friends and family, start by looking at the Windows Surface, Apple iPad Mini, and the Kindle Fire HDX. These devices are all VERY capable. Side Note: Have fun decoding all the commercials on TV with your take on them and explain what really matters. My prediction is:

  1. If the user is already an Apple consumer and heavy user of apps, then the Apple products are pretty sticky. Be prepared to still pay a price premium, it's not the perfect match between work and play, but it comes with great support from the genius bar at the Apple retail stores.
  2. If the user isn’t an Apple fanboy and Microsoft productivity apps are not important, then the Kindle devices can be a great match. Do your homework here first and double check that the functionality matches requirements and be ready to enjoy the gateway into Amazon.
  3. If the user is a Microsoft Windows user and wants a touch-enabled experience, the new Windows 8.1 devices are an ideal match. Windows 8.1 touch does involve a little bit of seat time to get used to the gestures and the apps in the app store still need work, but the devices deliver a solid work/ personal experience.

Have fun! Every situation can have its uniqueness, but some basic questions about apps, form factor, and how they plan to use the device will quickly boil choices down. And don’t forget about the phablet. Go visit the retail stores and try out devices like the Nokia 1520 and Galaxy S4. Now I need someone to convince me why I need one of these ridiculous cellphone watches.

Topics: Apple Microsoft End-User Computing Endpoint & Application Virtualization mobile Amazon android endpoint devices

Beyond Basic Mobile Management

In 2010, ESG Research asked 174 enterprise IT professionals whether their organizations were developing or planned to develop their own mobile applications. The findings were as follows:

Topics: End-User Computing Endpoint & Application Virtualization Information and Risk Management Enterprise Software mobile Security and Privacy android MobileIron Zenprise iPad Good Technologies

A Multitude of Mobile Security Issues

The Black Hat USA conference takes place next week. If it's anything like RSA and Interop, there will be a fair amount of discussion about BYOD and mobile device security. Yup, a lot of hype but this is a topic worth discussing as nearly every enterprise organization and CISO I speak with is struggling here.

Topics: Apple Microsoft End-User Computing Check Point MDM Cisco Information and Risk Management McAfee mobile Security and Privacy google BYOD android Good Technology Juniper Networks Black Hat trend micro Symantec Anti-malware Interop MobileIron DLP RSA Security Conference iPad

BYOD Security Gotchas

I've spent a fair amount of time lately on BYOD (Bring Your Own Device), mobile devices, and related issues around information/cyber security. Yes, we are still firmly in the hype cycle but some mobile device security patterns are starting to emerge.

Topics: Cisco Information and Risk Management Security and Privacy Security BYOD endpoint security android Juniper Networks NAC mobile device CISO Extreme Networks iPad Enterasys

Document-based Security Standards: The Time is Now

I first heard the term de-perimeterization years ago from my friends at the Jericho Forum, a UK-based organization of security professionals. Back then the focus was on securing IT when it crossed organizational boundaries. In other words, a highly-secure network perimeter offers little protection if my business applications, services, and sensitive data are consumed by users working at other organizations, with different security policies and controls, residing outside the firewall.

Topics: Microsoft Check Point Information and Risk Management McAfee Enterprise Software Security and Privacy android Content Management trend micro Search Symantec RSA NIST DLP iPad Archiving Windows

Final Thoughts on the RSA Conference 2012

Okay, it's been a week since the RSA Security Conference 2012 so my window of opportunity for editorial comment is nearly closed. A few last thoughts:

Topics: Microsoft Big Data Cisco Data Management & Analytics Information and Risk Management Sourcefire McAfee Security and Privacy Kaspersky android Juniper Networks rsa conference trend micro Symantec RSA Blue Coat saic security analytics Gartner

Who's To Blame? Sentiment Analysis Will Tell You

This week, several mobile carriers rolled out updates to older Android phones. The Android 2.2.x (Froyo) operating system has been out since May of 2010. Release 2.2.2 has been on a rolling release since January 2011 and is just now being pushed out to older phones, like my Samsung Galaxy Continuum, by Verizon Wireless and T-Mobile. For me, it has been a disaster with about 20% to 25% of my apps no longer working. How many apps are "not working" depends on whether you include random crashes or only immediate crashes. I apparently have gotten off lightly. Some customers are reporting problems where the phone app itself dies, turning the smartphone into a dumb brick.

Topics: google android Social Enterprise

The Evolution of Endpoint Security

Back in 2007, ESG asked 206 IT enterprise security professionals to respond to the following statement: Endpoint security has become a commodity market with little difference between products. A majority (58%) of respondents either "strongly agreed" or "agreed" with this statement.

Topics: Check Point Information and Risk Management McAfee Security and Privacy Security malware endpoint security Kaspersky android trend micro Symantec Firewall IDS/IPS APT iPad