Tag : security policies

Mobile Security

Have you ever thought about mobile security for your business? Well you should? Mobile security is going to be a huge concern for companies in the next few years because of the masses of new smartphones and tablets coming to the market.

According to a Q4 2010 report done by McAfee, cybercriminals have a “window of opportunity” to attack multiple mobile platforms. The biggest of the threats is Nokia’s Symbian OS. The report also included the fact that there is a direct correlation between device popularity and criminal activity.

The new mobile devices are hitting the market months before security software even exists for them. The sheer amount of mobile devices without security could lead hackers to target these devices for botnet infections. According to McAfee there has been a 46 percent increase in the amount of threats than in 2009.

What can you do? Well at BVA, we believe that your network is first priority whether it be your server, workstations, or mobile devices. We suggest that you thoroughly evaluate the devices that you are allowing on your network. Don’t be afraid to do a little research and look into possible security holes that may be found, or if anyone has found issues with the devices. It is not a bad thing to standardize the devices that are allowed on your network, especially when there are so many that it is hard to keep up with them all. It is always a good idea to ask your IT vendor if devices are safe.

Also, establishing a company wide mobile security policy is another great feature. When using ActiveSync, you have the option of setting certain security features on your mobile devices, such as allowing or denying the use of removable storage, cameras, Wi-Fi, internet sharing and more. You can also allow or deny the use of unprovisional devices and enforce password policies. In today’s small to medium sized businesses, these policies are often overlooked and can potentially put your network and data at risk.

Windows Intune – Optimistic View

BVA has been in the cloud for sometime.  Obviously being in the cloud means alot of different things to alot of different people.  Everyone seems to have their own spin on the term.  For some time now we have wondered if Microsoft would come out with System Center for the cloud (BPOS). The overall BPOS solution has been fairly stable and successful yet there have been a few pitfalls but have worked through them with support.

As its core, Windows Intune is a cloud-based version of the desktop management capabilities customers could previously get by deploying Microsoft System Center technologies. For those that do not know that Microsoft System Center, it’s basically a bunch of older product put together via a large suite of applications.  That being said the applications contributed are valid and great products.  It’s basically the old SMS desktop management system and basically MOM.  These are tried and tested application that BVA has deployed for several years, yet all required their own on-premise servers.  Therefore, Window Intune, rather than hosting a System Center server on-premises and managing desktops from the server, administrators using Windows Intune load a client onto the desktops.  Administrators can access, via a browser, the management software and tools in the cloud and manage and secure those desktops through the cloud. In addition to the product features, the monthly subscription will include upgrade rights to Windows 7 Enterprise for every covered desktop and an option to buy the otherwise hard-to-get Microsoft Desktop Optimization Pack (MDOP).

When the first limited beta of Windows Intune arrived in April, Microsoft described it almost exclusively as a midmarket IT-focused offering, with a slightly lower-end core audience than the System Center suite of products reaches. Core capabilities of Windows Intune include the ability to centrally manage the deployment of updates and service packs to PCs, to manage protection of PCs through the Microsoft Malware Protection Engine, to receive alerts that help administrators proactively monitor PCs, provide remote assistance, track hardware and software inventory, and set security policies.  For users familiar with Microsoft’s other product families, Windows Intune combines a Web-based management console with the desktop malware protection and reporting of the Microsoft Forefront Protection Suite and the update management, inventory and software deployment of Microsoft System Center Configuration manager 2007 or Microsoft System Center Essentials. Windows Intune also has the operating system distribution capabilities of Configuration Manager.

After reviewing all the facts it seems that this will be a great offering for our client base.  We are going to try this out at a client next month and we are looking forward to really seeing the real-world applications and cost savings.  I think it is fair to say that I am a little apprehensive about the security associated in imaging desktops through the cloud, but time will tell.  As a collective unit, BVA is staying positive with the security and ease of use.

iPad and iPhone Can Be a Security Risk

BVA has found that these types of mobile devises if not provisioned correctly can seriously be a security risk to your network environment.  Security policies need to be set forth to ensure security at all levels of access.  Apple iPad tablet device as well as the iPhone is slowly becoming a legitimate business tool, your employees will soon have them in hand and invade your business. The reality is that the iPhone changes the playing field for security and really surprised IT consulting companies and their administrators when it got released.   The users needs versus wants changed completely where being able to have a Smartphone that just sync’s calendars, contacts, and emails changes drastically. The iPhone hit the scene and next thing we were getting requests for it to be integrated into a businesses mail environment immediately. These requests were coming from owners and directors, decision makers were being demanding about making it work, totally side-stepping the security protocols set forth by years of experience and best practice.  The bottom line is that the line between corporate tool and consumer gadget has not just been blurred; it has been completely erased.  There have been several studies that have shown that when asked, the iPad and iPhones present the greatest smartphone security risk for IT.  It’s a scary thought that you have locked down your environment but since a new gadget gets releases to the market and owners want it, it diminishes the integrity of the system.

There was recently a few contents by security outfits where they had people hack the iPhone in less than 2 minutes and won a cash price.  This is a scary thought and quite frankly shows how easy it can be for the non-hacker.  Obviously it might take a little longer from a less talented hacker but it can clearly be done.  Apple has little intention to make their OS more secure because it’s not the market that they are targeting.  Again they are targeting the consumer, not the business enterprise.  I am sure there will be a point in time when that day comes but it is not in the near future.  If Apple at the very minimum addressed just the enterprise security, supportability requirements, and new hardware level encryption.  I want to be very clear that the OS on the iPhone is the same as the iPad as well as its security. Apple targeted the iPad primarily as a media consumption gadget for the residential consumer, not the business community but again we have seen this shift.  I am not saying that you should ban the iPhone or iPad but develop policies and procedures that address the rules of engagement for integrating the iPad with your network environment.

As you develop the policies, keep in mind that the iPad is unique and could fall into a few different areas for policies.  Here are some key points to keep in mind:

•    delivers notebook-like functionality
•    smartphone OS platform
•    normally placed in the policy bucket for computer usage and security policies, not recommended
•    a good policy bucket to consider – smartphone usage and security policies (recommended)
•    same smartphone OS was hacked in less than 2 minutes

Make sure that whatever policy selected addresses the most important factor here which is allowing or denying the storage of confidential or sensitive information on the iPad, or how e-mail, instant messaging and other communications conducted through the iPad fit within archiving and compliance requirements.