Tag Archive for MDM

| May 26, 2015
Comments Off on Mobile Malware FUD?

Mobile Malware FUD?

Mobile Malware FUD?Just last week, I wondered out loud from my Bach Seat if all the hype around mobile malware was real or just more FUD. Looks like I am not alone, TechCo recently asked a similar question, “Are We Overstating the Threats from Mobile Devices?

mobile threatsThe author cites several recent reports that back up the claim that the actual mobile threats that mobile devices introduce into the enterprise are overstated. The data indicates that the mobile malware threat is statistically small and has even decreased since 2012.

• A McAfee report shows out of all the malware now out there, only 1.9% of it is mobile malware. The author equates the mobile threat to 4 million / 195 million McAfee knows about.
• Another report (PDF) from Verizon (VZ) shows even lower numbers, with only 0.03 percent of smartphones being infected with what is called “higher grade malicious code.”
hit by lighting• But some numbers go even lower than that. Damballa, a mobile security vendor that monitors roughly half of mobile data traffic, recently released a report that claims you have a better chance of getting hit by lightning than by mobile malware. Dramballa found only 9,688 smartphones out of more than 150 million showed signs of malware infection. If you do the math, that comes out to an infection rate of 0.0064 percent.

Even more interesting is that despite the increase in mobile devices, Damballa found the infection rate had declined by half compared to 2012.

Walled gardenThese reports may show mobile threats aren’t as big of a problem as previously thought, but the author asks, why the numbers are so low at all. After all, cybercriminals like to target new platforms and exploit security weaknesses. Why do they seem to be avoiding mobile devices?

The truth of the matter is that mobile users tend to get their apps from high-quality app stores. The stores from Google (GOOG) and Apple (AAPL) work to filter out suspicious apps. If malware is found in apps after they’ve already been on the market for a while, app stores can also execute a kill switch, which takes the app off the store and the devices where they were downloaded. This limits malware’s ability to spread.

remotely wipe devicesThe article concludes that companies that adopt BYOD should just ignore BYOD security; they just don’t have to go all-out as many businesses have done. Most mobile security experts say a mobile device management system remains a good investment to make sure mobile devices are handled appropriately. MDM systems also allow an organization to remotely wipe devices, thus keeping sensitive data safe in the event a device is lost or stolen. But malware really isn’t a factor in those cases, so the overall message from these recent reports is that getting worked up over mobile threats is not necessary. A company can still gain all the benefits of BYOD without having to worry incessantly over what they’re doing to protect every device that connects to their network.

rb-

What do you think?

Is mobile malware over-hyped FUD?

View Results

Loading ... Loading ...

 

Related articles
  • Your BYOD implementation checklist (powermore.dell.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , ,
| October 22, 2013
Comments Off on More Tech Trouble at School

More Tech Trouble at School

More Tech Trouble at SchoolIt’s not a good time for tech in schools. The security woes at school are not limited to the iPad debacle at LAUSD. (rb- You can see my coverage here – Updates since the first article – LAUSD started confiscating the iPads and delayed the district-wide roll out one year until 2015.) GigaOM’s Ki Mae Heussner writes that Guilford County Schools in North Carolina has suspended its tablet program with Rupert Murdoch’s News Corp’s Amplify after reports of faulty equipment.

NC school district suspends tablet program

uspended its tablet programThe district reportedly spent $16.4 million ($299 / device + a 2-year subscription at $99 per year) of a $30 million Race to the Top grant to pay for the tablets and content. The device is a 10-inch ASUS (2357) tablet running the Google (GOOG) Jellybean Android operating system. It comes pre-loaded with content and apps curated by Amplify. It enables teachers to distribute content across a class or grade level and control the content on students’ screens.

GigaOM cites the school district’s website, which says they have sent 10% of their 15,000 devices back to Amplify because of broken screens. About 2,000 cases have also been problematic. In one instance, a student returned a defective charger, reporting that overheating caused the plastic to melt. While the district said it expected a few glitches with the rollout, school officials decided to pause the program for safety’s sake. GigaOM claims the pause is a big setback for Amplify, which launched its education-optimized tablet at hipster South by Southwest earlier this year.

NewsCorpSince its launch, skeptics have wondered how schools would respond to the privacy questions and the prospect of doing business with Amplify’s parent company News Corp. (given its phone-hacking scandal). Ms. Heussner speculates that the suspension could give schools more reason for pause when it comes to embracing the new technology.

Asus told GigaOM that out of 500,000 chargers of its kind that they have shipped globally, only the one in Guilford overheated and melted. Justin Hamilton, Amplify’s SVP of corporate communications seems to be blaming the customer. He claimed the broken screen rate in Guilford is higher than in other school districts. “We’re working very closely with the district on this and hope to have things resolved and the program back up and running very soon,” Mr. Hamilton said.

Indiana mobile security fail

circumvented the security on district-issued Apple iPadsIn Indiana, Education Week reports that between 300 and 400 students in the Center Grove school district circumvented the security devices on district-issued Apple (AAPL) iPads within hours of receiving the devices according to a report last week in the Daily Journal.

Apparently, students found ways to reprogram the iPads so they could download games and apps for social media sites, according to the report. Center Grove officials attributed the problem to their security program not being able to handle the 2,000+ devices they distributed.

spread like wildfireKeith Krueger, the CEO for the Consortium for School Networking, said such problems are increasingly common as districts deploy an increasing number of devices. “Kids and adults find ways to hack through things, and it can spread like wildfire,” he said. “It’s frustrating, and it’s a huge challenge for any district.

Data center failures

In addition to the tablet troubles, Data Center Knowledge’s Rich Miller reports several school data center failures. According to DCK, two public school systems suffered data center failures that crippled their IT systems.

data center fire suppression systemIn Oregon, the Beaverton School District experienced several days of disruption after an errant alarm set off its data center fire suppression system. The fire suppression system damaged hard drives and servers. That left Beaverton schools unable to use email or access class lists, student schedules, and online textbooks. “It knocked all of the systems in the data center off-line,” said Steve Langford, chief technology officer. “All of the systems that staff needs to do their jobs.” District IT staff worked over the Labor Day weekend to replace the damaged systems.

In California, the Davis Unified School District started school without key IT services after the district’s servers overheated. DCK reports an air conditioner unit failed, allowing the temperature in the server room to rise to 120 degrees F. “There’s an incredible impact on everyone in the whole organization,” says the district’s Kim Wallace. “Students can’t access computers. Teachers can’t take attendance. Parents can’t email. We can’t email out.” The DCK article said staff were still troubleshooting damaged equipment and lost data.

rb-

The best strategy, COSN’s Krueger said, is to combine the best possible security filters and other technical measures with a comprehensive responsible or acceptable use policy that students and families must sign and a commitment to enforcement. “It’s not surprising that a school district would have some breaches,” he said. “The question is how do you leverage it into a teachable moment?”

Who needs the teachable moment? Sure the kids need to understand there are real consequences for their actions but, can the politicians administrators be taught to be serious about IT? Seems to me that most of these failures are management failures. It is probable that these failures could have been reduced with proper project management.

proper project managementIt is my experience that many administrators do not recognize project management professionals. It appears they would stick with the good ole boy network and hire their less qualified friends or the professional BSer’s.

Now about project management? Modern backup system? Disaster Recovery plan?  BCP?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , ,
| October 8, 2013
Comments Off on LA Schools iPads Hacked In A Week

LA Schools iPads Hacked In A Week

– UPDATE 08-28-2014 – Just in time for the start of School reports surface LAUSD is “re-opening” bids for its controversial billion-dollar contract with Apple and Pearson to give all students, teachers, and administrators iPads.

LA iPads Hacked In A WeekThe second-largest school district in the US is spending at least $1 Billion to complete a 1:1 tablet initiative. The Las Angles Unified School District (LAUSD) plans to deploy 650,000 Apple (AAPL) iPads, one for each student in LA county. The project slated to be completed by December 2014, has had problems that may prevent if from reaching that goal.

Las Angles Unified School DistrictThe project includes 500 million dollars for iPads and 500 million dollars for Wi-Fi and related infrastructure. The initiative is funded mostly by voter-approved school construction bonds, which taxpayers typically pay off over 25 years which the LA Times says “has sparked some concerns and legal and logistical hurdles.”  (rb- I first noted the project here)

The project has run into a series of issues. The first issue focused on the 25 year payback period on a $500.00 device. A second issue emerged in September 2013 when the district recognized that it may need to buy Bluetooth keyboards for the iPads. The LA Times estimated a bill of $38 million for the oversight. The LA Times reports that the included software keyboard on the iPad might not satisfy the needs of older students writing term papers.

650,000 Apple iPads,Also, LAUSD has planned to use the iPads for testing based on new Common Core English and math learning standards. The article contends that the iPad’s touch screen could frustrate students and even obscure portions of a test item that would be visible in its entirety on a full screen. (rb- I talked to many school districts about the SBAC keyboard testing issue, who is going to configure Bluetooth on and off? What about power? Does Bluetooth decrease the battery time on the iPad? Do you have enough electrical outlets to plug in 30 iPads? How is your Wi-Fi?)

In late September 2013, the LAUSD iPad project ran into a bigger problem as they deployed the iPads to high school students. According to the LA Times, it took exactly one week for nearly 300 students at Theodore Roosevelt High School to defeat the LAUSD installed device security. Following the news that students were using the hacked tablets for personal use, district officials halted home use of the Apple tablets until further notice.

Common Core English and math learning standards.Students told the LA Times once they had the iPad home they could not do anything with the $678 device. Apparently, the students began to tinker with the security lock on the tablets and soon discovered all they had to do was delete their personal profile information. With the profile deleted, a student was free to surf, tweet like, and stream music.

The new found freedom prompted L.A. Unified School District Police Chief Steven Zipperman to suggest that the district might want to delay the distribution of the devices. The chief said in a memo obtained by the LA Times, I want to prevent a ‘runaway train‘ scenario when we may have the ability to put a hold on the roll-out.

I want to prevent a 'runaway train' scenarioAccording to a March 2013 blog post from Roosevelt HS, LAUSD chose AirWatch as the provider for the mobile device management system. And that when students first get their iPads they will have AirWatch already installed. The district posted an update on their website that indicated they have turned to AirWatch and Apple for better solutions to their iPad problem.

rb-

This really is a story of mismanagement from the top down. A billion-dollar project for consumer devices financed over 25 years – Really? Are the students of LA’s class of 2038 going to have to use the iPad’s from 2013? Where is the refresh program? How are they getting the money to buy 650,000 iPad 9’s in 5 or 6 years?

If the iPads are to be used at home? how is LAUSD addressing the digital divide in LA?

Did the big-wigs consider the equity of using iPads for high-stakes nationwide common core testing? Not only will LA students be compared against each other and the rest of California but also students in 44 other states.  It is my understanding that the current SBAC test is not optimized to display well on small screens. Will the tablet form factor handicap LA students or others across the US using tablets when competing against others using large screens and real keyboards in ergonomically proper positions? Will LAUSD show the test takers how to see the entire question, or how to easily switch between back and forth between screens to review a passage and then write a response.

Call me cynical after working in K-12 and living in the Detroit area, but a public $1 Billion dollar government project seems like a magnet for mismanagement, fraud, waste, and pay-to-play scams. It already seems to be at least $20 million over budget to buy keyboards even at K-12 discounts. Hopefully, the iOS and AirWatch updates are already included in the existing contracts.

While the headline-grabbing hacking story may be resolved in Apple’s iOS7. AFAIK Apple does not let anybody into its BIOS or whatever chip it is on an iPad. That is why students can easily delete the AirWatch agent. LAUSD still has a task on its hands to get all the deployed devices up to iOS 7.

LAUSD is missing 71 iPadsIn more signs of mismanagement, The LA Times reports that LAUSD is missing 71 iPads. They deployed 69 of the missing iPads last year at the Valley Academy of Arts and Science. PadGadget reports that after the fact, the District ramped up its tracking efforts by adding stronger safeguards. Global positioning can now be activated for every tablet. Plus, an electronic inventory system registers who is now responsible for a particular device, and District officials can remotely shut down iPads reported stolen.  Lt. Jose Santome of the school district’s Police Department stated, “We know what’s going out and deployed on every campus.”

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| September 24, 2013
Comments Off on BYOD Love Affair Waning?

BYOD Love Affair Waning?

BYOD Love Affair Waning?Tom Kaneshige at CIO.com warns that the “Bring Your Own Device” love affair is coming to an abrupt and bitter end, and the lawyers are circling. He argues that in the early days of BYOD, say, last year, employees, especially Millennials, fell madly in love with the idea of using their own Apple (AAPL) iPhones, Google (GOOG) Android smartphones, and newfangled tablets for work. Finally, they could finally ditch corporate-issued BlackBerrys (BBRY).

Bring your own deviceBYOD ushered in a new era of consumer tech in the enterprise, one that promised employees and employers will live happily ever after. But the BYOD romance has suddenly turned sour. Employees are questioning corporate intrusion on their personal devices. Did IT turn their beloved smartphone into a spy that tracks their whereabouts? The article says employees are beginning to sense companies taking advantage of BYOD by intruding on personal time to get free work time.

Now they’re thinking about suing. John Marshall, CEO at AirWatch, an enterprise mobile device management (MDM) vendor with 6,500 customers, told CIO, I anticipate a bunch of little [lawsuits], then something big will happen that’ll be a class action and become headline news.

Air Watch logoCEO Marshall reports that the suits have already started. A federal case in Chicago is winding its way through the courts which claims that the city owes some 200 police officers millions of dollars in overtime back pay. The case centers on allegations that the city pressured officers into answering work-related calls and emails over department-issued BlackBerrys during off-hours.

There’s no question BYOD blurs the line even more between work life and personal life. The Airwatch CEO not surprisingly recommends a Mobile Device Management (MDM) application to control email delivery to BYOD devices. This way an employer can set a business rule that won’t allow delivery of corporate email to a subset of users during off-hours. Or a CIO can address this issue in the BYOD terms-of-use agreement. (rb– Both would be best)

Smashed BYODThe CIO article offers up another legal nightmare scenario: Lacking MDM tools to block out what can and cannot be seen on a BYOD smartphone, a help desk technician notices that an employee’s device has a lot of personal apps about a health problem—and mentions his concern to the employee in the cafeteria.

The employee can say, ‘How in the world did you know that?‘” Mr. Marshall says. “All of a sudden, something that’s very benign and innocuous turns into something that’s blown out of proportion.” (rb- Help Net Security cites recent U.S. DHSS seven-figure settlements from healthcare institutions that failed to protect patients’ health information under HIPAA regs.)

terms-of-use agreementMr. Marshall recommends a comprehensive BYOD terms-of-use agreement, along with transparency about the capabilities and limitations of the technology, will help ward off such scenarios. The IT staff also needs to be educated about their role in a BYOD environment.

However, this doesn’t mean problems won’t crop up. Part of the problem, the article indicates, is that BYOD often puts business unit managers who aren’t well-versed in technical user agreements in a leadership position with mobile apps. They’re likely to give the green light to rogue mobile apps that violate such agreements.

location-based servicesFor instance, employees are chiefly concerned about privacy and especially location-based services with BYOD, and so many user agreements stipulate that apps will not collect location-based information. But someone who wants to be helpful, builds a map app for the corporate campus that allows employees to schedule conference rooms and find safety information, such as where to go if there’s a tornado. Airwatch’s Marshall explains:

Maybe there’s also a button on there that says where you are in the campus … All of a sudden people wake up and realize that every single device using that app is collecting location-based information—that’s an issue. These are really plausible scenarios … There’s so much copy and paste and reuse of all these components that these things can happen very innocently.

remote wipeThen there’s the dreaded remote wipe, which can land a company in some legal hot water according to the article. Help Net Security says there is little to no case law in this area. CIO.com reports that just last year, CIOs said they felt comfortable with BYOD because they held security’s holy grail: remote wipe, a scorched-earth capability for wiping all data on a mobile device.

But employees weren’t happy with the idea that the company can wipe personal data on their personal device. Some employees refused to take part in the BYOD program for this reason. Others waited days or weeks before reporting a lost or stolen device so that IT wouldn’t wipe it.

waited days or weeks before reporting a lost or stolen deviceMDM software advanced quickly and seemed to come up with a fix. Now companies can wipe only corporate apps from a BYOD smartphone or tablet, leaving personal apps untouched. In fact, AirWatch won’t even allow a full device wipe anymore for legal reasons. While this helps tremendously, it doesn’t completely solve the problem.

Mr. Marshall proposed a scenario where a company buys the popular productivity app, Evernote, for employees to put on their BYOD smartphones. Since the company paid for the app, the company can remove it at any time. The note-taking app collects company data but also might store personal data, too. An employee can use Evernote to create a shopping list, recipes, vacation plans, or perhaps something more critical to their job.

Finger pointingGuess what happens to this personal data when the employee leaves the company? The app, along with all the data, is wiped from the device and account. If the BYOD terms-of-use agreement about Evernote wasn’t spelled out clearly, who is liable for the lost data?

The bloom is off the BYOD rose, and so companies had better add protections against employee lawsuits in the BYOD terms-of-use agreement and leverage MDM to make sure the agreement is followed.

Truth is, employees tend to get a bit emotional when their privacy is violated or their location is tracked via a mobile device that they personally own. They don’t like their personal data to be wiped, either. When these things happen, companies can expect the wrath of a scorned employee. “That’s where it gets tricky,” Mr. Marshall told CIO.com.

Tony Busseri, CEO of Canadian digital security firm Route1, told Help Net Security:

Angry BossAlong with security concerns, BYOD has brought the potential of major legal issues for the Enterprise … Many current BYOD corporate policies leave enterprise data unprotected in the event of a security breach and during an employee’s exit from the company. The policy of tracking and wiping an employee’s personal device opens the enterprise up to the potential for mass litigation.

rb-

Misco in the UK reported that the majority of employees will not cooperate with employers’ BYOD efforts. According to the data:

  • 82% of the survey participants viewed their employer’s ability to track their location as an invasion of privacy;
  • 82% are concerned or extremely concerned about having their browsing history monitored;
  • 76% stated that they would not allow their company to view the applications installed on their personal mobile devices;
  • 75% said they would not go along with an installation made by their employer;
  • Only 15% had no concerns about employers tracking activities.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| December 13, 2012
Comments Off on Top Five IT Trends for 2013

Top Five IT Trends for 2013

Top five IT trends for 2013Ian Kilpatrick, who has the longest job title I have ever seen, chairman of international value added distributor, specialists in market development for secure IP infrastructure solutions and convergence at Wick Hill Group shares his vision of the top five IT trends for 2013. In the article, Top five IT trends for 2013 at ITnewslink he shares his predictions.

BYOD Man1. BYOD – He says the first IT Trend for 2013 is BYOD. BYOD is now an unstoppable, user-driven wave that will continue to make a major impact on the IT world in 2013 and beyond.  2013 will see companies trying to integrate BYOD into their networks.

He also speculates that we can expect to see the growth of Microsoft (MSFT) Windows to Go secure USB sticks based on Windows 8, which provide remote users with the supported version of the corporate desktop. These are available from a limited number of suppliers authorized by Microsoft and include Imation’s IronKey Workspace for Windows to Go.

Mobile Device Management2. Mobile Device Management – The next IT trend for 2013 is that Mobile Device Management solutions growth will accelerate in 2013. The growth is due to the rapid growth of mobile devices such as smartphones, tablets, and laptops, but particularly smartphones.

Growth will be strongest for MDM solutions that offer features such as ensuring mobile device usage complies with company security policies, allocating access rights, managing configuration, updating policies, dealing with data leakage issues, and dealing with lost or stolen devices.

A crucial component for the continued growth of MDM solutions will be the clear separation between the management of business and personal data on devices. There are over 100 suppliers in mobile device management many of them are good but niche solutions. The Gartner (IT) Magic Quadrant identifies the strategic leaders, which includes Zenprise.

High density wireless3. High density wireless – Wireless requirements have been significantly incrementing over the last year making it the third IT trend for 2013. The firm says BYOD has changed both the data transfer and performance expectations of users. However, these expectations have not been met, with many networks still inadequate in their coverage and performance.

The new 802.11ac standard, with 1 gigabit per second throughput rates, will be a key driver in organizations moving to high-density wireless in 2013. High density wireless will provide companies with high coverage and high performance, supporting business-critical applications and delivering complete site coverage There will continue to be a shift from niche solutions towards more strategic solutions. The Gartner Magic Quadrant identifies Xirrus, which will continue to experience stratospheric growth.

Data back-up and recovery4. Data back-up and recovery – 2013’s fourth IT trend for 2013 deals with data back-up and recovery. Organizations have been under immense pressure from ever-increasing data volumes, archiving, and compliance requirements.

At the top end, new data replication technologies will have a major impact on data centers in 2013. For smaller organizations, the shift from tape will continue apace. For conservative organizations, the move to disc (and, in particular, RDX technologies that combine the best of tape and disk) will accelerate. Hybrid back-up to RDX and then the cloud will increase. In volume terms, the lowest move (but in market-hype the biggest) will be significant growth in direct back-up to the cloud. RDX, hybrid, and cloud data backup solutions are available from vendors such as Imation and Barracuda Networks.

Data leakage protection5. Data leakage protection – The last Wick Hill Group IT trend for 2013 says that with the growing volumes of data and regulatory bodies’ willingness to levy fines for non-compliance, data leakage protection will continue to be a major cause for concern during 2013. Companies will be looking closely at how to secure and manage their data as their network boundaries spread even wider, with increased use of social networking and BYOD, increased remote access, the rapid growth of wireless, increased virtualization, and the move towards convergence.

Increasingly, organizations will couple DLP products with SIEM (Security Information and Event Management) solutions. DLP concerns will also continue the growth curve for authentication (much of it hosted in the cloud) and encryption, to protect data, both in motion and at rest. Some companies will look to hosted security services and the cloud to cope with an increasingly complex security situation. SIEM and authentication solutions are available from companies such as LogLogic, Check Point VASCO, and SafeNet.

rb-

So these are not really earth-shattering predictions for 2013, BYOD, MDM, and Wi-Fi are already part of my world. We are doubling our backup capabilities and will be updating from our current McAfee to some sort of DLP

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,