BYOD

BD Banner for blog

Originally published on the Bitdefender website

No matter how valiant the efforts to secure their systems, or the amount of money spent on IT defenses – many of the same IT security challenges persist today as they always have.

Enterprises are behind in their ability to quickly detect data breaches. According to the 2015 Verizon Data Breach Investigations Report, the vast majority of organizations don’t detect breaches with days of occurring, no – the time to detect compromise is still too often measured in weeks, or months. And, depending on the study, security breaches can cost $100 per record and up.

As the sheer number of breaches, their duration, and their costs reveal in the past few years, enterprises can clearly do much better. But it’s not a matter of a quick fix. It’s not a single product deployment, or hiring to fill a few positions. There are, however, key areas that organizations can focus upon to close the gap between the ease in which attackers can exploit enterprise weaknesses and the ability for enterprises to defend their systems and data.

Here we go:

1. The security program informs the regulatory compliance program, not vice versa

Too many organizations today remain focused on maintaining their baseline security controls. They check their regulatory compliance check boxes and move on. Firewall: check. Network monitoring: check. Network segmentation: Should be in place, check. What lacks is a focus is making sure each of these functions is done right.

This needs to be flipped around. Enterprises need to build rugged security programs and build the reporting on top of those programs to feed into their regulatory compliance efforts.

2. Hire and cultivate the right security talent

In my interviews with CIOs and CISOs it’s clear, across the board, enterprises are hurting when it comes to finding skilled information security professionals. If you know device security, enterprise security architecture, are a pen tester, can manage or build a security program – you are not in want to job opportunities.

The challenge for enterprises is that technology and attack methods are moving so swiftly, that traditional education and corporate training programs don’t keep up. And, quite frankly, many HR departments in large enterprises don’t know how to hire well for information security positions. They rely too heavily on certifications and not enough of security problem solving skills. Traditional training doesn’t keep pace producing security skills needed with constant changes in mobility, cloud architectures, virtualization, containerization, Internet connected devices (IoT) and others.

Skilled security pros also tend to come from non-traditional backgrounds. They are liable to be the men and women with purple hair, lots of tattoos, and a scattered college history: but they know how to hack and many know how to help defend against hackers. But they are overlooked. This needs to change, and government and corporate enterprises need to rethink how they vet and view security talent. They need to consider training in-house talent that has an affinity to this field and wants to be trained.

3. Communicate in terms the business cares about

Today, too many security professionals think, and speak, in technical terms. Such as when they see a certain attack vector, they see a technical problem. And they are right, it is in fact a technical problem in most cases and can be remedied technically. But to business leaders and management it is a business risk. And business people want to understand things in business terms and business risks.

When most people suffer say, a car breakdown, they care more about losing the utility of the car than they care about the technical reason for the breakdown. When they ask technical questions about the nature of the mechanical failure, what is really going on in most people’s minds about the car is how the nature of that mechanical breakdown will impact the cost to fix. So that’s loss of utility and cost to get that utility back that matters to us most.

Business leaders, when it comes to IT, think no differently.
What is at stake with the risk, from a business perspective. How much will it cost to remedy. What is the cost of losing the utility? These are the terms more security people much speak in.

4. Shift some security focus to breach detection and response

With good reason, tens of billions of dollars have been invested by public agencies and private enterprise into traditional security defenses: the stuff geared to keep bad guys and things out. I’m not sure if enterprises have spent enough, or too much. That is certainly an interesting and debatable question. But I am sure we can’t count on it to work all of the time, every time.

Attackers are going to get through. There will be a misconfiguration they find, or there will be an employee who clicks on something they shouldn’t, or a trusted web site will serve malware and that breach will go undetected. Bad things are going to happen to enterprises that strive to protect themselves and do the right thing.

This is why more resources and effort needs to be focused on the ability to detect and respond to successful breaches. It makes sense to want to stop attacks. But like in American football, good defense wins games but it doesn’t win every game and even the best defenses are scored against.

Your information security defenses and efforts are no different.

Plan and put the resources in place to rapidly respond. It will mitigate the damage of successful breaches, and hopefully keep the costs of those breaches down, too.

5. Shift to data-driven security decisions

An important shift is one that has been widely talked about in security, but not always very pragmatically acted upon. Security pros need to stop working from a position of what they knew to work in the past, or their personal hunches, or providing the types of defenses the business thinks it needs.

To date, this hasn’t worked so well. We need to start making more data-driven decisions. If the business wants to invest in certain areas of security spending, perhaps that is the wisest move or perhaps it is not. Collecting the right data about the nature of the security controls in place, how well they are performing, as well as what has not been working well may provide better answers. Certainly the final decision about what spending will get done is up to the business, but by providing the right data you can help them make better decisions.

All the data needed is out there: the nature of the adversarial threats, the technical vulnerabilities, the value of the business data and services provided by critical applications, as well as the goings-on within the network and applications. It’s time this information be better collected, analyzed, and put to use to make the best data driven decisions possible.

 

censornet logo

Originally published by CensorNet

The poor old IT department, if there were ever an Olympic sport where you could count the moments between suggesting that technology could change the world and then having it bite you on the backside by an unruly mob, well, they’d be gold medallists.

Naturally, an IT team is predisposed to focus on the challenges and risks that a BYOD culture can bring, which is not a bad thing.  In the IT world, BYOD makes the world a more complex place rather than a simpler one. A fixed desktop located on an internal network is always going to be simpler to deploy, easier to manage, easier to secure and much easier to monitor. The risks can be easily identified and mitigated.

The problem with Browsers

With a few exceptions, the main browsers tend to be Chrome, Internet Explorer, Firefox & Safari. The problem arises when every user’s personal device needs its browser software up to date. Take your fixed, standardised, controlled infrastructure away and it’s not quite as easy. Some applications will simply not work on older browser versions or even with specific browsers. The quality of user experience may be compromised if the right browser is not selected. It can be a fickle, inconsistent way of working.

More importantly, not keeping a browser up to date may expose security flaws that place the device and its content at risk. Many have learned that particular lesson the hard way.

Our old nemesis ‘Malware and spyware infection’

The natural by-product of an increasing tech savvy world is that the bad guys are getting smarter and the users are more ‘click-happy’, particularly on mobile devices.

Users are seldom intentionally malicious, although clearly it happens. However it is often more a case of due diligence when time is a constraint. Not all will adopt sensible security protocols to ensure they are free of Trojans and other malicious autobots that might be hiding within what, at the time, looked like a cool free widget or an article containing a part of Kim Kardashian that broke the internet.

In 2013, a study by Alcatel-lucent in 2013 estimated that 11.6 million devices were infected; a number that is simply likely to grow. The fastest growing infection rates was on Android with Windows and Android being the primary operating systems likely to be targeted.

In Wi-Fi we (Don’t) trust

All mobile devices will invariably hop on and off Wi-Fi with reasonable regularity. The bandwidth and access point will play a role in mitigating the risk of contamination. Using unsecured hotspots increases the risk, not only to the user but potentially the corporate network. The bad guys are smart and unsecure access channels are a happy hunting ground. An experiment by Jonny Milliken, Valerio Selis and Professor Alan Marshall proved that an airborne virus could be transmitted via WiFi from router to router and hence from one device to another. The attempts to access precious data are unrelenting on the increase.

Even on-premise WiFi can be problematic. The strength of any WiFi and available bandwidth may well dictate how usable a commercial application is on any given mobile device. It should be remembered that not all devices have the same capabilities when it comes to transmission and reception.

Authentication

The mechanism of accessing corporate applications, network and resources requires a method of authenticating that the user is who they say they are. Inadequate mechanisms open the door to abuse.

Legal constraints

It may not immediately spring to mind, but a business cannot control the peccadillos of its employees. A personal laptop that has been used for social activities that cross legal boundaries is one that can compromise the integrity of the business and all that could entail. Reputation is as much a protected treasure as any other business asset, as is consumer confidence in who they are buying from.

Data loss

The most precious asset of any organisation is data. Sales prospects, agreements, policies, goals, strategies, Financial Information, Shareholder reports, whatever information an organisation has must be kept secure. The ramifications of data loss can be severe. A user’s device can compromise data in a variety of ways and not just from pernicious access. How much and where on a device is corporate data going to reside? What degree of sensitive data can be trusted to be on a specific users’ device? What about access codes? Is a user storing key account details in plain text somewhere? What happens if a device is lost or stolen, can data leakage truly be prevented?

Device control

If the device belongs to a user, do they have complete administration rights over their device? The owner tends to know how to use their device and how to change configurations. One potentially  damaging scenario is if a user decides to jailbreak their own device so they can access areas that companies like Apple would rather they did not. Android also has its challenges, although not exactly open source, it naturally lends itself to modification and user changes, given its Linux roots. There is an ever-growing community that seeks to either legitimately change code or simply break it because it can be broken and compromised.

Application conflict

What a user downloads onto their own device is by and large a matter for them. Some applications however, particularly apps for smartphones and tablets, can interfere with commercial applications. There is no way that an IT department can track and recommend, from the hundreds of thousands of apps available, which ones are suitable or which could cause cross-application contamination i.e. result in sub-optimal performance or use.

Human error

No matter what technology is used, there is no way of avoiding simple stupidity or oversight by human beings. A human interface is a flawed one simply because we make mistakes and because the users own their devices; mistakes will inevitably happen. Human error will always be the one true constant why there is no such state as 100% secure.

From an IT standpoint, BYOD presents a raft of obstacles. They are challenges that can be met but the solutions are not fool proof and an element of risk will always remain.

selective swip 1

 

 

 

 

Originally published by AppRiver

New Mobile Device Management (MDM) features are coming home to AppRiver Office 365 Plus, including the ability to selectively wipe mobile devices. Selective wipe of mobile units allows an administrator to revoke access to and delete corporate email that has been synced to a device, as well as specific data associated with Office 365 apps on the device, while retaining any unassociated personal data.

admin 1

Selective wipe will work across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices and is included at no additional cost for all AppRiver Office 365 Plus plans. The addition of the selective wipe capability and MDM features listed below to the already robust Office 365 Plus arsenal ensures that your Office 365 experience remains easy, effective and affordable

mobile device management 1

Mobile Device Management options include:

Selective wipe

Ability to perform either a full remote wipe of a corporate smartphone or tablet or a selective wipe of Office 365 company data from an employee’s device while leaving any personal data in place.

Conditional access

Set up security policies to ensure that Office 365 corporate email and documents can be accessed only on phones and tablets that are managed by your company and that are compliant with your IT policies.

Device management

Set and manage security policies, such as device-level pin lock and jailbreak or root detection, to help prevent unauthorized users from accessing corporate email and data on a lost or stolen device. 

Mobile Device Management Options introduced to AppRiver Office 365 Plus

Cloud-based management for devices that run on iOS (iPhone, iPad), Android and Windows Phone will be supported and the roll out for these capabilities will be completed in 4-6 weeks. All features will be included with all AppRiver Office 365 Plus and bundle licenses.

Contact our Sales Team today on  0118 9898 222 to find out more about Office 365

comptia-logo

The managed service best practice offerings template is intended to provide a list of the most common offerings that are currently being deployed by newly formed managed service practices.

The list has been developed based on the experience of IPED consultants, research conduct with numerous channel partners and direct discussions with partners that have successfully built an MSP practice. Although the customer offerings vary from MSP to MSP, most of the solution providers that have built a successful MSP practice have started their practice with one or more of a variety of managed services.  You can read the CompTIA Managed Service Best Practice Offerings study here.

Need more help with finding the right solutions for your MSP business? Call our sales team today on 0118 9898 222.

 

 

CompTia Banner

We joined industry leaders and professionals at the CompTia EMEA Conference on 5th and 6th November. This event gave our team a good opportunity to meet with our current and new Resellers and other industry professionals.

Throughout the day, our team were busy talking to MSPs and Resellers about the best technology to run their businesses, covering I.T. automation, disaster recovery, anti-spam and malware solutions.

Nicola and Janet CompTiaThe event was also a great opportunity for us to join two of our vendors at their stands - StorageCraft, a data backup and disaster recovery vendor and AppRiver, provider of email messaging and Web security solutions. Our Product Manager, Nicola Boswell is pictured left with Janet O'Sullivan, StorageCraft Marketing Manager. We also met with Western Digital, who will be joining our portfolio to enable us to provide end-to-end solutions for Resellers.

We'll tell you more about that soon...

Our Sales Manager, Emma Wale, who attended the two day event commented “being at CompTia puts us among our industry peers and shows we are committed to providing the best service and leading solutions for MSPs and Resellers”.

If you missed our team at CompTia, you can contact us on 0118 9898 222 and speak to our product specialists or visit our website.

bluesolutions_logo-colour

It's been a busy time at Blue Solutions and we wanted to keep you up-to-date with some of our changes, especially when it's good news for our MSPs and Resellers.

We've recently welcomed a new team member

We've expanded our technical team and Deane Mallinson, our new Sales Engineer joined us in September. Deane's wide ranging role will be to focus on the support function offered by Blue Solutions.

With 20 years' experience, in the I.T. industry ranging from first line support to management, Dean PictureDeane will be managing our internal, external, pre and post sales support helpdesk, while mentoring our team.

As Deane's qualifications include MCSE, MCSP, KLCT, KLCSA and GCT, he is well equipped to ensure our customers get the support they deserve.

As part of our continued commitment to supporting and investing in I.T. graduates,  Chris Kudzin has joined Deane's team as our I.T. apprentice.

 

Other changes

Emma at Blue SolutionsEmma Wale (pictured left), a long-standing member of the Blue Solutions Team was recently promoted to being our Sales Manager. With extensive experience in the I.T. and software channel distribution industries, Emma's main focus will be to manage sales growth and overall profitability for Blue Solutions.

While continuing to work as the main contact for DataFortress, the online backup solution (powered by Attix5), she will support and develop our sales and product specialists on a daily basis.

What's happening with our other team members?

Our product  and sales specialists roles have changed too.  Our sales team (pictured below) will be available to manage your orders and help with any queries on a daily basis.

Blue Solutions Team Updated

We also now have a team of vendor specialists, who are available to help you develop your business, with solutions for the channel. You can view our key vendors at our website.

Why have we made these changes? As parts of our business have moved into the managed services sector, we have restructured our sales team to ensure we continue to provide the best service for all of our customers. Your contacts are:

nicola-ImageNicola Boswell (pictured left) is our Specialist for AppRiver and StorageCraft

 

 

 

Sharon Pace has been appointed as our Blue Solutions Key Account Manager and Tom Mangion is our Trend Micro Renewals Specialist.

If you need any questions about our vendor products, please contact out sales team on 0118 9898 222.

 

We already said that BYOD is one of the most significant trends affecting enterprises. It brings many new challenges but it also comes with a bunch of opportunities, and a lot of advanced tools to help the IT people embracing it having efficient implementations today.

This is not about making the company more social, it is that BYOD has the potential to change the nature of the companies for the better giving them the ability to offer a variety of mobile apps to ALL employees, regardless of their position, OS, and device that would enhance, accelerate an make them more productive. This would be the environment where an IT manager would be running a “New Age Company”.

This kind of company , transformed by the mobile applications, changes from every angle and every area. Even the perpetually busy teams usually not fond of social technologies like the legal ones would use the mobile apps and become more productive.

byod_common

When they realize the possibilities, all these departments will be coming to IT. Then, You, the IT leader, will stand out for your ability to initiate innovation within the organization. By enabling all departments to connect more closely with employees and customers, IT will be the team driving increased productivity, as well as improved customer and employee experience.

Today we will explore different apps scenarios in several departments, this may provide you with some Tips & Tricks that you may apply in your own working environment. This may be specially important because despite the fact that employees started the BYOD trend, some have mixed feelings about their being connected with their teams and bosses 24/7. Mobile capabilities let the managers have more control over the work force, so it becomes important to come to a work-life balance.

Let's analyze the BYOD performance, benefits, and issues in some of the key areas in enterprises.

Human Resources: A lot has been said about using mobile apps to streamline processes, increase productivity and enhance the client experience. But what about improving the working environment making employees feel connected, supported and empowered. Using applications such as short surveys, it is possible to measure the employees sentiment. Some others to help automating and accelerating the processes. A New Age Enterprise enables HR to creat a strong connection with employees, empowering their communication and performance even if they are remote or home office workers. HR can easily interact with employees and manage the relationship with them, this creates loyalty bonds. Loyal satisfied employees make a more productive team that also attracts other high quality possible employees.

Marketing: Marketing is already one of the biggest consumer of technology in the organizations, also is the one of the areas with a stronger BYOD activity. According to a recent article in Information Week US, Marketing is the area that is using a self IT budget. Marketing has already jumped to mobile and their success depends on the company's ability to help them operating and moving key corporate information in a secure mobile environment. They will be grateful when there are guidelines procedures to allow this New Age Company to move full steam ahead.

"Marketing is a peculiar area where the creativity temperance and the pragmatical business parameters mixed together towards competitiveness. Amongst many other things marketing wants employees to

byodidentify with the brand and products, so a set of apps may be developed to create brand awareness both inside and outside the company. Moreover marketing managers want whole access to important company data in dashboards and reports; as well a full access to social media. That could be a dangerous combination if not subject to policies and procedures." Stated John Timko, Marketing Director  in LabTech Software.

Finance: CFOs are also finding that apps make their lives easier according to the article entitled Apps Make Everyday Life Easier for CFOs in CFO-Insight Magazine. CFOs want  apps to get the latest news from the financial world, compare interest rates and view the financial figures of their company – and perhaps compare them to competitors, quickly, before they even get to the office. It's true that financial apps started to procure information; however they have become  way to  optimize financial processes. For example, a "New Age Company" may have apps for finance to make it easier to managers to analyze data and take quicker decisions. There could be also apps for clients, so they can easily apply for loans, or credit cards. With the help of IT, the "New Age Companies"  can create secure access to corporate back-end corporate systems from any where in the world allowing them to give continuity to the financial processes that sometime stops when the manager to authorize is not present.

Sales: Sales can become more productive and efficient when they have mobile access to integrated back-end applications like CRMs and ERPs that give them a 360 degree view of the products' and services' performance and the clients' purchase trends and cycles; as well as their credit and payment  history.

BYOD gives IT a springboard to lead the New Age Companies revolution. Once the managers and all departments understand the possibilities, they will go to the ITs to develop and deploy multiple applications, big and small.

By Monica Paul, Marcomtec Group

In our first part I talked about the considerations when defining BYOD policies, I provided some statistics of the BYOD trend worldwide. But the last word I not in the organizations’ side but in the employees and devices’ owners’ side.

Considering that the main company principle goal toward the mobile devices is intended to equip the workforce with the most appropriate mobile devices to enhance their productivity and performance in the role they play, the BYOD users should take on account that this is not including them performing their work in the most comfortable way or having the tools they want for their personal activities and amusement.

Everybody talks from the company’s perspective, but what about the employees’ view? Employees using their own devices to perform work tasks are doing this to have a more comfortable work environment, since the mobile device allows them to execute some activities in less time, making them more productive and maybe giving them more time to enjoy with their families or in personal activities. The other day, I invited a friend I’d not seen in a long time to have a drink, she’d be regularly attached to her office at that time, but loading the CRM app in her iPad allowed her to go to have a drink with me instead of being alone in her office just waiting for the information to perform a task in the CRM, that – by the way – took her not long that five minutes.

From our perspective, she spent her time in a better way, she was able to avoid stay late in at work, and instead he had some fun and relaxed herself; after doing her work through her iPad, she posted some funny pics in Facebook, sent a message to her teenage son, and we even check on some stuff in the internet. We would buy some tickets to go to the movies that weekend.

The company where she works is not giving her an iPad or any other tablet to do her work in a remote way; they are not interested in having her leaving the office early and having a more relaxed yet productive life.

According to John Timko, LabTech Software Marketing Director and expert in mobile monitoring and management, the MDM tools would be only monitoring the corporate apps and data. This sounds great from the technological perspective, if an agent was installed in my personal smartphone or iPad, my device would be even safer.

Yet, some questions about the companies’ policies pop up now. What if the carrier and plan I want is not included in their policies? What if apps I want to install in my mobile device are not allowed by their policies? What if I want to have different roaming or international configurations?  I assume that if the company is going to save some money instead of giving me a device because I am using my personal one, they would at least share some of the expenses with me. If I don’t agree to use my own device, is the company going to give one without deteriorating my life quality? Or, am I obligated to accept the company’s conditions to maintain this life quality and productivity levels, or do I have to choose between having a good life and being productive, when I know I may have both?

BYOD is not only for companies to consider and define policies, it is also for the owners of the devices to decide whether they want to give this benefit to their employer, if it is going to be appreciated, or if they would just ask to be given a mobile device for work purposes. This negotiation and decision is a consideration for the mobile devices owners.

Monica Paul, Marcomtec Group

BYOD-program-diagramMany opinions have been given about the policies and decisions that the companies have to take regarding the BYOD mobile phones and even company owned ones. Statistics tell us that BYOD is a growing trend.

The firm Gartner for example states BYOD as a “disruptive phenomenon” where employees use their own mobile devices in the company and demands to be connected to servers, etc. without the proper oversight. According to the firm, 70% of mobile professionals will conduct their work on personal smart devices by 2018.

According to Magic’s State of BYOD Infographic there are already 1 billon smartphone users around the world, with 1.3 billion smartphone and tablet sales expected in 2013. Of course this attracts the IT department’s attention as they would need to provide support to all these devices connecting to their corporate networks.

While most networks have been supporting the corporate BlackBerries, the trend is drastically shifting towards Apple and Android devices. IT departments report mobile apps being used not only in mobile email and web browsers, but social media, task and project management, CRM, and other apps that interact with corporate information.

No doubt that embracing the rise of BYOD represents the opportunity for IT to change their role from service providers and technology partners to leaders and business strategists. However taking this initiative requires identifying particular needs and setting clear policies as well as a powerful remote monitoring and mobile device management to have full control of the network. This can lead the company to a New Age of enterprise mobility enabling increased productivity and operational efficiencies, securely and cost-effectively.

Defining the rules may involve various factors in the company.

  • The mobility policy guiding and principles
  • Repercussions if policy is breached
  • The definitions – mobile device either smartphones and tablets
  • The corporate liable devices
  • The employee liable devices – BYOD
  • The liable carriers and rate plans for both the company and the employee devices
  • The international and roaming rules
  • The liable carrier features / services
  • The handset features / functions
  • The mobility management and monitoring of both the company and employees devices
  • The expense management either for company and employees devices
  • The applications and information management in both smartphones and tablets
  • The security of the mobiles and the network
  • The mobile data access
  • Help desk and support

This is said about the companies but what about the devices’ owners?

Monica Paul, Marcomtec Group