Sunday, January 27, 2013

Thought had control (over smart devices) via ActiveSync, but found out that’s not entirely true. How is that?

I was at a big IT products company recently and was talking to the IT head and his philosophy is that he doesn’t want to allow smart devices be it phones or tablets or phablets into the system other than accessing emails. He is using Microsoft Exchange ActiveSync (EAS) for the same and he felt very safe to do so and he has put a lot of controls via EAS including passcode restriction and no access to intranet or internet and even wipe out if the device is lost, and he felt is enough for now and everything is secure for now.

But he was shocked to learn that some of the employees were accessing all emails and clubbing them and their personal emails into one inbox and not sure whether they had bypassed all security that he had set and wasn’t even sure whether it was true and was worried. Worried also about if they have bypassed security and if any device is lost, he cannot possibly wipe out the device and the email data and the attachments (which are very sensitive in nature) might get onto wrong hands.

I met him at this juncture and he was a worried man and I had to explain how devices can be rooted and jailbroken easily and install apps which can access emails and easily bypass all restrictions.................. 

Manjunath M Gowda
CEO, i7 Networks Agentless BYOD Control”, @i7networks

Monday, January 21, 2013

Cambrian Explosion Era of smart devices and what does it mean to the CIO?

Around 530 million years ago there was a relatively very rapid appearance of major animal species by an order of magnitude. This explosion of species is called the Cambrian Explosion. Before 580 million years ago, most organisms were simple, composed of individual cells occasionally organized into colonies. Over the following 70 to 80 million years, the rate of evolution accelerated by an order of magnitude and the diversity of life began to resemble that of today. (Copied form Wikipedia)

Charles Darwin considered this sudden appearance of many animal groups with no known antecedents to be the gravest single objection to his theory of evolution. In On the Origin of Species, he reasoned that earlier seas had swarmed with living creatures, but that their fossils had not been found due to the imperfections of the fossil record.

Turn the clock back to 2013 and suddenly people are talking about explosion of all sorts of computing devices of all sizes and shapes and form factors and all different OS’es and models and worth comparing to the Cambrian Era and the explosion. This is what I call the Cambrian explosion of devices!!

Just did a quick check on the internet on all types of mobile OS that are available. Please note that the rule I used was that whatever I found in the next one minute will make my list and in no means this list is exhaustive. Here is what I found:

     1.        Apple iOS
     2.        Google Android
     3.        Nokia Symbian 
     4.        Windows 8 Mobile OS 
     5.        Windows RT (only for Tablets)
     6.        MeeGo OS – first Linux OS by Nokia, Linux & Intel
     7.        Blackberry OS
..   ............................
   Manjunath M Gowda
   CEO, i7 Networks Agentless BYOD Control”, @i7networks

Wednesday, January 16, 2013

Popular MDM vendors and their SWOT analysis

Popular MDM vendors and their SWOT analysis

MDM in the mobile security world stands for “mobile device management” and is primarily a policy and configuration management tool for mobile devices primarily for smart phones and to some extent tablets too. It primarily provides security, network services and management of mainly devices and to some extent apps and across multiple OS platforms (from Apple iOS to Android to Blackberry and Windows). Solution is usually on-premises but few are coming out with cloud versions too. MDM is one of the ways of helping enterprises to implement BYOD (bring-your-own-device) initiatives.

Generally a full MDM solution has four main components:

      1. Device Management: mainly includes procurement, provisioning, inventory, activation, deactivation, performance etc.

   2.Software Management: mainly includes configuration, patches/fixes, backup/restore, authorized software monitoring etc.

    3.Network Services: mainly includes capturing location, usage, cellular and wlan network information etc.

  4.Security Management: mainly includes remote wipe, remote lock, passcode enforcement, authentication, firewall, antivirus, mobile VPN etc.

More often than not a MDM to do all these four components will install a client on the device to manage it. My strong opinion which one need not subscribe to is that, installing an employer’s software client on an employee owned device is not the right way to manage security of the enterprise. It not only breaches the privacy of the employee especially of what one does during non-office hours but also can potentially know where one is (geo location) when technology  can do the security otherwise (without installing a client on the device, which I call agentless way of managing security). Of course there are many highly regulated industries where MDM might make sense where one needs to control the ability of switching off the camera to removing the ability for the device to act like a USB storage drive. Nevertheless MDM has been widely used in the industry more so as a device (BYOD) management tool rather than a security tool.

I have analyzed some of the popular MDM vendors but please take the whole thing of evaluation with sacks of salt and use your own judgment as this is my personal opinion and based on my personal criteria rather than any industry standard criteria. Please add all the standard disclaimer text here just to be safe J If you really want a full-fledged SWOT analysis of all MDM vendors I think Gartner would have done a thorough analysis along with the magic quadrant analysis and one probably should refer there. This is strictly my opinion and my analysis, and also the vendors I have chosen just some of the popular ones and this list my no means is exhaustive. Ok all disclaimer text over and now onto the real work, evaluating the popular MDM vendors J

Some of the MDM vendors I looked into are:  MobileIron, AirWatch, BoxTone, Zenprise, Fiberlink, GoodTech and Symantec. 

Manjunath M Gowda
Agentless BYOD Control”, @i7networks

Wednesday, January 9, 2013

BYOD: MS Exchange ActiveSync and Mobile device management – how are they related? Find out……

Microsoft’s Exchange ActiveSync (EAS) is a Microsoft Exchange synchronization protocol based on HTTP and XML and lets mobile phones access an organization's information on a server that's running Microsoft Exchange. Exchange ActiveSync enables mobile phone users to access their email, calendar, contacts, and tasks, and to continue to access this information while they're working offline.

Along with all the email and related features, it has a MDM (Mobile Device Management) feature which most people are unaware of!! Many took it as surprise when I informed them that they can get basic MDM features using their already existent MS Exchange!! EAS can easily provide most of the MDM features than an organization wants when it decides to enable the BYOD program. It helps provide mobile device management and mobile data security too for the enterprises such as
·         PIN reset
·         Enhanced device security through password policies
·         Auto-discover for over-the-air provisioning

It also provides controls to manage such as......................

Manjunath M Gowda
CEO, i7 Networks  “Agentless BYOD Control”
(An Enterprise Mobility Security Solutions Company)

Sunday, January 6, 2013

What is Rooting/Jailbreaking a device (BYOD) and how does it affect Enterprise Security?

Rooting is a process where users of smartphones, tablets and other devices which are running the Android mobile operating system (OS) execute to attain what is called the root or admin or the privileged access within the android’s subsystem. Those who are used to Linux or any other UNIX-like operating system, this is like getting the root access.

Jailbreaking is the same process as rooting but executed on Apple devices such as iPhone, iPad, iPod etc. running the iOS operating system.

Why is it done?

What are the issues because of this?

What does US law say about it?
.........officially legal to root/jailbreak a device and run unauthorized third-party applications, as well as the ability to unlock any cell phone for use on multiple carriers.

What does Analysts say about it?
Gartner says ....“Quiet, unassuming smartphone users may actually be dangerous hackers, putting their companies' security in jeopardy without even knowing it.”
............that is all it takes for an attacker to use such a device as a pivot point, often a rouge mobile app, to bounce through firewalls and other defenses right onto the enterprise network.

Read more here……..

Manjunath M Gowda
Agentless BYOD Control”, @i7networks

Thursday, January 3, 2013

BYOD Security - Containerization of apps – 101

In my previous blog I had talked about three different (& complimentary)  types of  security tools to enable BYOD in organizations and one of them was Containerization. Let me explain in detail what is Containerization and what are the different types that exist in the market and what are the advantages and disadvantages of using it.

Containerization is mainly a way of segmentation of information and applications that are used for work and personal use.  The advantage of this method is that organizations that allow BYOD onto their network can now segregate official and personal data and apps and encrypt the data that is work related. So even if the device is lost or misplaced or attacked (malware, phishing, Trojan), the segregation and encryption of the sensitive corporate data ensures its safety.

Containerization comes in three flavors and let me discuss each - how they differ and how it is implemented and what are the advantages and disadvantages in each of these flavors. I don’t have names so I will just go with flavor 1, flavor 2 & flavor 3.

In Flavor 1, you have what is called containerization or segregation at firmware level what is called segregation at bare metal,..........................

Manjunath M Gowda
“Agentless BYOD Control”