Mobile Security: Why You Need to Go Beyond the Basics
used with the permission from Symantec

Just how quickly are enterprises adopting mobile applications?

Very, very quickly.

According to one recent survey, as many as 71% of organizations are using or planning to use custom mobile applications.

“We have reached a tipping point in the business use of mobile devices,” concludes Symantec’s 2012 State of Mobility Survey. “Most organizations are making line-of-business applications available [to mobile devices].”

The reasons for this, of course, are clear: Businesses want to improve agility, increase workplace effectiveness, and take less time to accomplish business-critical tasks.

But there is a price to pay. Survey respondents said they are keenly aware of the potential risks mobility can pose, ranking mobile devices as one of their top three IT risks. Specifically, they’re worried about losing devices, data loss, and malware infecting the corporate network through smartphones and tablets.

Continue reading to learn how this mobility tipping point is affecting IT and what steps organizations need to take to improve the effectiveness of their mobile initiatives.

Mobile devices now considered critical business tools

The State of Mobility Survey underscores just how rapidly mobility has gone “mainstream.” For example, it wasn’t long ago that organizations routinely banned mobile devices from the corporate network or restricted them to accessing email. Today, nearly 60% of organizations are making line-of-business applications accessible from mobile devices. And nearly three-quarters (71%) of them are even looking into implementing a corporate “store” to distribute their mobile applications.

At the same time, the survey found that mobile initiatives have a significant impact on IT resources. Nearly half of the organizations surveyed (48%) see mobile computing as “somewhat to extremely challenging,” adding that their top priorities are security, backup, and dealing with lost or stolen devices. On average, nearly one-third of the IT staff (31%) is involved in some way with mobile computing.

While IT organizations recognize that mobile adoption is not without risks, fewer than half of the respondents have implemented such security measures as antivirus software and remote disabling of devices.

That could pose a serious problem, particularly as cybercriminals are now turning their full attention to mobile technology. The recent increase in mobile malware—especially that targeting the Android platform—is most likely only the beginning of the story.

Case in point: A recent research report from Symantec, “Motivations of Recent Android Malware,” sheds light on the current monetization schemes behind the growing wave of malware focusing on this new mobile computing platform. The report suggests that the Android’s open platform and surging popularity provide attackers with more than ample motivation to concoct increasingly sophisticated revenue-generating schemes.

Regardless of the operating system they deploy, organizations large and small are seeing damages mount due to mobility-related security issues, according to the State of Mobility Survey. Over the last 12 months, mobile incidents for enterprises—including data loss, damage to the brand, productivity loss, and loss of customer trust—averaged $429,000.

Despite these very real losses, most organizations still feel that mobility continues to be worth the challenges and risks involved. Nearly three-quarters (71%) said they at least break even when it comes to risks versus rewards.

Don’t choose between productivity and security

The dramatic shift in the nature of mobility, from being an email extension to a core business enabler, means that enterprises must begin thinking beyond the simple case of lost or stolen mobile phones. Symantec recommends the following steps:

• Enable broadly. Plan for line-of-business applications that have mainstream use. Employees will use mobile devices for business one way or another—make it on your terms.
• Think strategically. Think beyond email. Explore all the mobile opportunities that can be introduced and understand the risks and threats that need to be mitigated.
• Manage efficiently. Mobile devices are endpoints that require the same attention given to PCs and laptops. The management of mobile devices should therefore be integrated into your overall IT management framework and administered the same way. Don’t treat mobile applications as a separate “silo.”
• Enforce appropriately. You need to enforce acceptable usage policies that accommodate both corporate-owned and privately owned devices. Plan for this legally, operationally, and culturally.
• Secure comprehensively. Look beyond basic password, “wipe,” and application-blocking policies. Focus on the information and where it is viewed, transmitted, and stored. Integrate with your existing data loss prevention, encryption, and authentication policies.

Symantec advances enterprise mobility strategy

Symantec recently announced several advances in core areas of its enterprise mobility strategy, with enhancements specifically for the Android, iOS, and Windows Phone 7 platforms. Symantec’s mobility strategy addresses enterprises’ concerns by stressing the application of corporate security policies uniformly on all mobile devices, endpoints, and applications. The aim is to help organizations secure mobile data and enable business productivity for both corporate-managed and personally owned, unmanaged devices. This enhanced support is intended to give enterprises the visibility and control they need to confidently embrace the proliferation of mobile devices.

Conclusion

A tipping point has been reached in the business use of mobile devices. That’s why it’s more important than ever that the hundreds of millions of employees throughout the world who use mobile devices such as smartphones to access corporate information do so securely. Organizations that want to realize the competitive advantages offered by mobile computing need to apply corporate security policies uniformly on all mobile devices, endpoints, and applications.

Get Real About the Security of Employees’ Tablets, Smartphones
used with permission from the Cisco Small Business Resource Center

How many iOS, Android, and other mobile devices are using your company network?

Hint: The numbers are higher than you think.

“A client thought that they only had two or three iPad users on their business network,” says Clay Ostlund, senior systems engineer at Marco, a Cisco Premier Certified Partner.

“When we polled the network with a Cisco Identify Services Engine ISE, it showed there were 100 iPads active.”

Welcome to the new work culture of bring-your-own-device (BYOD).

Many people will use their personal smartphone, tablet, or other mobile device on their employer’s network. No matter what the IT policy is.

As a leader of your business, it’s time to protect your company with BYOD security strategies. Here are seven ways to do it.

1. People First: Raise Awareness

Create a current acceptable use policy, communicate it to employees, and enforce it. An employee’s ignorance, carelessness, or insubordination about security can pose a greater risk than a hacker does.

Also ensure that your IT staff is up to speed on security technologies and techniques for mobile devices. Techies who read on the subject, undergo training, and apply the expertise of Cisco Certified Partners can efficiently power up your protection.

2. Control Access to Your Network

“The simplest strategy is ‘put in a firewall, set it, and forget it.’ But that won’t do the job,” says Derek Bell, president at CMS IP Technologies, a Cisco Premier Certified Partner whose technical services specialties include wireless networking.

“The firewall must include an intrusion prevention system (IPS) that inspects what’s entering, and be continually updated because security risks are ever changing,” Bell says. “Users’ devices, apps, and locations change a lot. You’ve got to continually monitor and tune all your security systems.”

Simplicity and security can unite in an integrated solution. Cisco TrustSec technology integrates IPS, ongoing security updates, and centralized identity management, as well as new context-aware firewall appliances that don’t slow the performance of users’ applications.

3. Apply Web Application Security

“Web security technology now lets you go beyond the URL level to tailor the web content that you want to block, “says Ostlund. His company, Marco, provides data, video, and voice solutions and managed services; its specialties include network security.

“For example, you can allow your users to view specific Facebook pages, but not post or play games on them.” Cisco web security solutions include an appliance and a cloud service.

“It’s especially cool paired with other TrustSec components,” says Ostlund, “because then you can control web usage by user and by device. For example, a school can let a student access YouTube when using a school-issued device, but not when using BYOD. You can also limit the bandwidth that a person can use on your network.”

New Cisco® technology offers specific access controls for Facebook, Google+, LinkedIn, Twitter, iTunes, and 1000 other applications.

4. Secure the Wi-Fi Connections at Your Site

When BYOD users at your site try to connect to your network, you are clearly in control. Apply VLANs to segment your mobile device traffic, including a VLAN for guests. In addition to supporting multiple VLANs, some new access points have an antenna design that doubles the range of high-speed 450 Mbps rates, Ostlund says.

Consider a network access controller that streamlines the authentication of users and devices–whether their access is wireless LAN, cellular, wired, or virtual private network (VPN). Lacking this centralization, you’ll have separate controls that cause higher IT overhead for system monitoring and management.

5. For Access from Anywhere, Use VPNs

When users are offsite–at home, in a coffeehouse, or traveling–a VPN can secure their connection to your network. To make it easy, you can provide users with a standard VPN interface for all their mobile devices, including iOS, Blackberry, and Android.

6. Use Mobile Device Management (MDM) Software

To maximize security policy compliance, implement an MDM application. Cisco has partnered with several leading MDM vendors for integrated solutions.

7. Activate Security Features in the Devices

With or without MDM, you can require that mobile devices connecting to your network have activated their internal security features, including screen protection, software updates, and remote-wipe capabilities to erase data when the device is lost or stolen. In your acceptable use policy, address issues related to the ownership of data on devices.

When you’re ready to say “yes” to the inevitability of BYOD–and the necessity of protecting your business–you can call on Cisco Certified Partners for security expertise, streamlined security solutions, and award-winning support.

BYOD, Are You Prepared? Questions You Should Ask.
by Jack Safrit, CEO of Axxys Technologies

No, I’m not talking about having a party but rather one of the hottest topics in technology today. Bring Your Own Device (BYOD) is becoming an absolute factor in almost every business today. Your employees, vendors, and guests all probably bring some type of personal communication device or their own notebooks to your workplace every day. Many employees are using their own devices to connect to your business networks, if for nothing more than the receipt of your corporate email. So why is BYOD a hot topic?

Many companies provide their employees laptops and smartphones to serve as their business computing and mobile communications devices. The business owns those devices, and as a result, the business can control the security of those devices and any business data that the user had downloaded to them. When Blackberry was a standard, Blackberry server handled many of the business security concerns present in mobile devices. Today, we see that burden of security falling back on the business and their IT departments as many employees are bringing their own smartphones, tablets, and notebooks to the office or are connecting to your business network remotely to do their work. And while that ability has certainly may potentially make them more productive, it certainly has made it more difficult to control access.

Questions you need to ask about BYOD at your business

• What happens when a user loses their smartphone or tablet? Have they lost your vital, business confidential information also?
• Are your employees using more and more of your bandwidth by connecting to the Internet with not just their computer, but also their smartphones and tablets?
• Are they using their personal devices to text, to listen to music, or to surf the Internet – activities not related to their business role?
• Is your IT department receiving more calls from employees asking for help to connect those devices to your network or to fix a problem with those devices? How many different types of devices is IT having to support?
• Are you responsible for the non-business information that is on those devices or flowing through your network if your policy is to allow employees to use them in business or if you reimburse them for some of their cost?
• Do you have a policy in place that allows your IT department to remotely “wipe” those devices if lost or stolen to protect any corporate data like contact info, confidential emails, executive schedules that your employee may have downloaded?

Consider these solutions

• Decide what you want your IT providers or IT department to support. Their time is valuable and working on personal devices can be a distraction to business critical work.
• Establish a policy for personal devices and let users know that your business information is yours and you will take steps to protect that information – no matter where it resides. Axxys has all employees agree to allow the company to do a remote wipe of any device they use. This permission is a condition of employment and is designed to protect our information and the information of our clients.
• Make sure your company has appropriate Internet usage rules in place and that all employees understand proper Internet behavior and usage.
• Consider standardizing or which devices are allowed for business use. Some are more secure that others and the shorter the acceptable list is, the more efficient IT can be.

Finally, the November 15, 2011 issue of the Wall Street Journal dedicated an entire page to the BYOD concern. (See link: Is It Better for Businesses to Adopt Open or Closed Platforms?)

A Business Continuity Plan Gives You One Less Thing to Worry About
used with permission from HP Technology at Work

When a business’s data is compromised, it’s just a matter of time before things begin to fall apart. As a result, the importance of having a business continuity plan in place is never clearer than during times like these. Sometimes known as a disaster recovery plan, a business continuity plan not only prepares your business for how to protect its data, but also how to prepare itself in the event of a catastrophic power failure or natural disaster.

As far as protecting your business is concerned, a business continuity plan is also the least expensive option for small companies because it costs virtually nothing to produce. Utilizing tools such as HP Business Continuity and Recovery Services, and putting the plan into practice, will dramatically improve your chances of continuing operations during a significant event.

Putting a plan in place

In layman’s terms, the plan details how employees can go about their daily jobs and communicate in the event of a disaster or emergency. Here is an abbreviated look at how a small or medium-sized business can establish a business continuity plan:

• Document and backup key internal personnel
• Identify employees who can telecommute
• Document external contacts and critical equipment
• Identify critical documents, contingency equipment options and secondary office locations
• Make a list of who should do what and when
• Communicate and test the plan
• Review, revise and revise again

Where did it all go wrong?

Like it or not, small and medium-sized businesses are more susceptible to catastrophic data loss. Not because they’re necessarily unprepared for a disaster, but because they’re inappropriately prepared.

And it’s not all about fires and tornados, either. A simple errant keystroke could lead to the introduction of a virus or worm, in turn, leading to the corruption or deletion of thousands of files.

Limited budgets often mean that businesses are coming up with insufficient ways to keep their data stored—if they’re storing it at all. External hard drives, USB/flash memory sticks, and even CDs and DVDs are just some of the ways that small and medium businesses are storing data. The obvious problems with these “solutions” is that few—if any—are satisfactory methods should a disaster occur.

USB drives and CDs/DVDs are acceptable in the event of a hardware or software failure, virus, or accidental deletion, but they will offer little to no protection in the event of a catastrophe.

If a disaster were to hit the office, the benefits of cloud-based data storage become immediately recognizable. You don’t have to store your data exclusively in the cloud to appreciate the benefits, either. Used in conjunction with a common approach such as using an HP ProLiant Gen8 DL380 as a file server, backing your data up in a cloud environment gives you peace of mind should the unthinkable happen.

Stop it before it happens

The key to preventing data loss is stopping it before it happens. The most important thing a small or medium-sized business can do is make multiple backups of the information and keep those backups off-site. And keep in mind that syncing data is not the same as backing it up. Syncing is a nice complement to backing up data, but it’s not a substitute.

Lastly, most backup systems retain copies of deleted files for 30 days, but most experts agree that they should be retained indefinitely. This will help to avoid the loss of files that weren’t identified until after the 30-day timeframe.

Safer in the cloud

Below are a number of ways small and medium-sized businesses can benefit from cloud storage:

• Physical and virtual security—whether it’s protection from a physical office break-in (your data won’t be in the office), or protection from malware in your office’s network, storing your data in the cloud keeps it safe.
• Ease-of-use—the best cloud solutions offer continuous data syncing, making data backup duplication easier than ever.
• Cheap and easy redundancy—keeping critical files and databases backed up isn’t as expensive as you think.

When an organization’s systems and data are at risk, the consequences can be severe. Having a business continuity plan in place—and putting it into practice—can not only moderate risk, but can ensure that your business continues to operate through a disruption.