Tag Archive for apps

| August 13, 2015
Comments Off on Mobile Apps Leaking Your Info

Mobile Apps Leaking Your Info

Mobile Apps Leaking Your InfoJust in time for Blackhat, San Francisco-based Appthority released its Q2 2015 Enterprise Mobile Threat Report. The big headline from the Appthority report is that enterprise mobile apps are leaking your info. They are sending personally identifiable information (PII) and other sensitive information all over the world often without the enterprise’s knowledge. Your phone is leaking your info all over the web.

Appthority logoFierceMobileIT says that the Appthority Enterprise Mobile Threat Team (EMTT) collected and analyzed security and risky behaviors in three million apps. They found that the top iOS apps sent data to 92 different countries, while the top Android apps are leaking your info to 63 different countries.

Zombie apps are leaking your info

The report found another threat to all data. Appthority’s all-in-one App Risk Management service shows that 100% of enterprises surveyed have zombie apps in their environments. Zombie apps are apps that have been revoked by the app stores and are no longer getting security updates. Zombie apps can give attackers a conduit into the enterprise.

zombie appsThe report estimates that 5.2% of the Apple (AAPL) iOS apps on employee devices in an enterprise are dead apps, and 37.3% are stale Apps. On Google (GOOG) Android devices, 3.9% are dead apps and 31.8% are stale apps.

Zombie apps can leak your info. Appthority explains that malicious third parties could use a man-in-the-middle attack to hijack the update mechanism for these apps to install new malware on user devices.

Threat to the enterprise

Despite the threats, app stores run by Apple, Google, and Microsoft (MSFT) are under no regulatory obligation to tell users of revoked apps anything after release. Including copyright infringements or serious security/privacy concerns.  The report points out. Domingo Guerra, president, and co-founder of Appthority classified this as a stealthy risk; “The ongoing threat of zombie apps and stale apps continues to be an ‘under the radar’ threat to the enterprise.

programmersA third risk to the firm’s data comes from their own programmers according to the venture capital-backed Appthority. The firm says over-taxed enterprise app development teams are increasingly relying on third-party libraries and software development kits. Vulnerabilities in the third-party packages can put enterprise data at risk when they get baked into a corporate app.

The company told CSO that few mobile devices have security applications installed. In particular, only 4 percent of Android devices in use within enterprises had on-device scanning solutions.

Rb-
Firms that depend on mobile solutions as part of a Bring Your Own Device (BYOD) effort need to look after their apps as well as connectivity and hardware and data and governance and reimbursements. Bring your own device hardly seems like a cost saver to me.

I have said this repeatedly, it seems like costs are just being moved around. From spending on a PC in the office that is very less likely to be lost and that can be controlled to a bunch of new enterprise applications like EMM, mobile anti-malware to app monitoring.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| October 31, 2013
Comments Off on IT Departments Gone in 5 Years

IT Departments Gone in 5 Years

IT Departments Gone in 5 YearsIT departments will be done in the enterprise within the next five years according to a group of CEOs and VPs. They predict that consumerization of IT and self-service trends will lead to a restructuring of today’s IT shop, leaving behind a hybrid model consisting of tech consultants and integrators. Brandon Porco, chief technologist & solutions architect at Northrop Grumman recently told a group at the CITE Conference and Expo.

The business itself will be the IT department. [Technologists] will simply be the enabler

IT Departments are targetsComputerworld reports that Kathleen Schaub, VP of research firm IDCs CMO Advisory Practice, echoed Mr. Porco. She said many corporate IT organizations now report to the head of the business unit it is assigned to. “The premise is that wherever IT sits in an organization will dictate what they care about,” she said. “If they’re in finance, they’ll care about cost-cutting. If they’re in operations, they’ll care about process management. If [the company] decides it wants to focus on the customer, they’ll put it in marketing.

John Mancini, CEO of the Association for Information and Image Management (AIIM), agreed with Mr. Porco, saying that in the consumer technology era, it’s the business side that has all the tools, so it will be able to trump IT’s desire to control who uses what and how.

functional business spending will outpace IT's spending.While the business can dictate the service or technology it wants, IT can influence the decision. Nathan McBride, VP of IT & chief cloud architect at AMAG Pharmaceuticals told Computerworld, “We’re not trying to be ahead of the technology curve and we don’t’ want to be behind, but we’re trying to maintain pace to know what they’re going to ask for next before they ask for it.

Help Net Security points out a recent IDC study that found 61% of enterprise technology projects are now funded by the business and not the IT department. IDC says IT spending driven by the functional business areas will outpace IT’s own spending. Today’s business executives who are more tech-savvy, have easier access to technology through the Cloud, and are under pressure to quickly implement new technology initiatives are driving this change.  The Help Net Security article states that today’s line of business employees are looking more and more like an extension of the IT department as, on average, 8% are technical staff.

Center of the universeAnother concern raised is whether IT is losing control as consumer technology becomes part and parcel of everyone’s work in the enterprise, and the data center is left behind. AMAG’s McBride told the audience, that in five years, companies will have to make sure they’re matching their enabling technology to the demographic of that time. He said 75 Fortune 100 companies now use Google (GOOG) Apps along with most Ivy League schools, meaning that the next generation of workers won’t be users of Microsoft (MSFT) Exchange or Office.

While the CIO position will likely stay in an enterprise, his or her role will morph into a technology forecaster and strategist, and not a technology implementer, according to Northrop Grumman’s Porco.

 rb-

This sounds like a solid case for training technical staff in project principles and increasing the number of IT project managers. There have to be clear two-way communications between the business owner and the implementers.

Requirments ?Proper and detailed scope definition is one of the most critical steps for the success of any project. The business team, implementation team, and operations team must get together before the work starts to check the proposed solution and work through all the questions, concerns, and gotchas before the project even starts. This way problems can be discovered. Once the requirements are defined and the scope is complete and everyone agrees, then the project can be signed off and a formal kick-off meeting can be held.

In IT projects, it is important to look beyond the defined project to ensure success. Does the plan consider impacts on end-users?

  • Does the project need new policies or procedures? If something falls through the cracks, they blame your project.
  • Does the PC fleet meet requirements? Do they need more RAM? If they have to upgrade, they blame your project.
  • Does it work with your current server OS? If they have to upgrade, they blame your project.
  • What about the software? Are you locked into IE only? Do you need a specific level of .NET? Does it work on iOS and Android? If they don’t have the right software, they blame your project.
  • How much bandwidth does the new project require? Will it try to send a graphical interface to a remote office on a slow link? If it loads slow they blame your project.
  • Training? If the end-users can work the program, they blame your project.
Related articles
  • IT morphs as tech and users change (networkworld.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| November 24, 2011
3 comments

How-secure-is-my-password Tells You

How-secure-is-my-password Tells YouThe former DownloadSquad points out howsecureismypassword.net. How secure is my password is basically like a full-screen version of one of those password-strength meters websites sometimes use. But instead of showing you a bar going from “weak” to “strong”, it shows you an estimation of how long your password would take to crack. That’s a much more visceral way to understand why your password is strong.

How Secure is My Passowrd

rb-

How secure is my password helps make password best practices meaningful.

For example, when I entered “Detroit”, it came back with “your password is one of the 1090 most common passwords. It could be cracked almost instantly.  “D3troit!” would take 57 days, and “!D3tro1tM!” would take 928 years to crack.

Password best practices include using:

8 or more characters, that is not a dictionary word, which includes capital letters, digits, and a symbol or two.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,