Many government agencies have mastered the basics of mobile device management (MDM), but the growing number increasingly powerful devices is changing the mobile threat landscape, and bringing a whole new level of complexity as security concerns shift from apps to data.
GCN spoke with a range of experts about the evolving challenges. The following tools and tactics are worth watching as agencies seek better ways to secure their data:
Data loss prevention
Look for DLP solutions to become location- and destination-aware, said Brian Kenyon, chief strategy officer for cybersecurity firm Blue Coat Systems. “We're starting to realize that data is going to [mobile] devices, so rather than saying we need to prevent it, we need to move to a model [where] is this okay… so we know what data is going, what devices it's going to and if we're comfortable with that or not.”
The federal sector is increasingly interested in extending data loss prevention (DLP) capabilities -- beyond data center and PC controls -- to the mobile world, added Rob Potter, vice president, public sector, Symantec.
Because most agencies need some kind of hybrid cloud environment, he said, they must expect data to become portable from the cloud to an on-premise environment and then to a mobile device. Expecting to secure data through virtualization or having it never leave the data center is a false hope, considering the amount of information sharing that takes place in government and the intra-agency dependencies that go along with that sharing, he said.
Therefore, Potter recommended that government agencies move toward a comprehensive method of DLP, including:
•Know that agency data is going to move
•Put controls around agency data that identify who is try to access it
•Place protections around the data
Derived credentials: CAC and PIV for a mobile workforce
“The part I think that is starting to become more of a challenge these days is around the access control piece,” said Dan Quintas, solutions engineer, AirWatch. “We know that as of a few months ago, the concept of using a username and password to access resources is essentially off the table for any federal agency. What that means is we're looking at alternative forms of authentication.”
It can be expensive to deploy CAC and PIV readers to a mobile workforce, according to Quintas. Nor are they necessarily the right answer for mobile authentication.
“Where people are starting to look now is around the concept of derived credentials,” in which a soft certificate – derived from the user’s CAC or PIV certificate -- is installed on a mobile device, Quintas explained.
However, derived credentials and single sign on are independent of one another, Symantec’s Potter stressed. Having a derived credential infrastructure will simplify the sign-on process, but agencies must drive SSO across applications, multiple devices, and inside their infrastructure.
He acknowledged the hesitation among agency IT managers who say, "I'm never getting derived credentials so I have single sign on,” but pointed out that derived credentials are about trusting multiple components in an enterprise environment. Once you achieve that trust, Potter said, SSO becomes much easier for a federal agency.
Common criteria
Citrix's Rajiv Taori, who vice president for product management in that firm's mobile platforms group, echoed Quintas’s observations about derived credentials and sees Common Criteria security standards as another option for agencies to protect their data on mobile devices. With every agency doing something different for security, he said, standardization is an important next step for improving data security.
Windows 10
Sean Ginevan, MobileIron's senior director for strategy, predicted Windows 10 will change how federal agencies manage their mobile devices. He sees federal customers asking whether to treat Windows 10 devices like desktops, “where the security model is, I'm inside the network, and I join the Windows domain, and I get my security policies and update that way,’ or do I treat them more like mobile devices?"
Ginevan wasn’t the only expert to mention Windows 10's place in the agency toolbox. Chuck Brown, a product manager for FiberLink, an IBM company, said his company is also getting inquiries from some federal customers about the new operating system. Windows apps are in place, and users would require little to no retraining.
Windows 10 could enter the “side door” to mobile device management as agencies change out Windows laptops for Windows 10-based tablets like the Microsoft Surface, according to Brown and others.
Mobile app vetting
Mobilegov President Tom Suder said app vetting will become increasingly important. Mobile app developers don’t necessarily think about how an app’s security affects backend systems, he said, which can open data centers to potential attack. Agencies need to secure and authenticate both the app and the mobile device, he said, to ensure that it’s not doing anything you don’t want it to do.
Adam Salerno, Veris Group's manager for federal programs, agreed, and sees agencies adopting app vetting as another layer of security beyond MDM. He explained that the app vetting process runs mobile apps in a sandbox where security specialists look at the mobile app’s code -- and at the static and dynamic natures of the app.
“We can observe the [app] behavior and notice if contacts or data and other things are being exfiltrated in ways that are not obvious to a user,” Salerno said.
Cloud services
Cloud services are part of the evolving tactics that will take agencies beyond traditional MDM. As more cloud vendors achieve certification through the Federal Risk and Authorization Management Program, Salerno sees more questions for agencies to resolve around VPN access, data flow between the cloud and mobile devices, auditing tools on the cloud service side and the potential requirement for a hybrid cloud with data being synced to a virtual appliance residing behind an agency firewall.
Suder mentioned that mobile backend as a service (MBaaS) could help agencies link their mobile users to legacy backend databases and systems. Because MBaaS provides easy-to-use developer tools including user authentication, he said, it could prove to be an economical option for agencies mobilizing their data.
Containerization (or not)
Agencies' use of secure virtual container technologies beyond MDM seems uneven, based on the interviews conducted for this article. FiberLink’s Brown sees containerization alive and well with agencies making secure containers the next step beyond MDM along with implementing DLP. And Salerno added that agencies can use secure containers, because they apply an additional level of encryption security above and beyond what’s on the device. Containers can work on agency-owned and BYOD devices alike.
Quintas from AirWatch, however, sees containers differently. In his company’s conversations with federal agencies in particular, he said, IT managers report that while the concept of using the email container is a very strong security solution, end users are starting to revolt against it.
“Those mobile IT teams in federal are starting to wrap their arms around [the idea that] maybe the email container's not the answer for everything,” Quintas explained. "Maybe you can achieve security using the native protocols that are there today."
Source: Adam Salerno, Veris Group's manager for federal programs, agreed, and sees agencies adopting app vetting as another layer of security beyond MDM. He explained that the app vetting process runs mobile apps in a sandbox where security specialists look at the mobile app’s code -- and at the static and dynamic natures of the app.
While the likes of Steve Jobs and Mark Zuckerberg are the icons of a male dominated tech industry, women are rapidly entering both regular and high level positions. Data from the top 8 tech companies reveals a rate of growth 238% faster than men, with no sign of slowing down.
Inspired by the rising trend of women in the tech, we have aggregated the data from 30 trusted sources and looked at the most successful women in the industry and their roles as founders, leaders and venture capitalists.
Look at the most interesting facts in this infographic!
- See more at: http://www.coupofy.com/blog/infographics/the-238-percent-faster-growth-of-women-in-the-tech-industry-than-men-infographic#sthash.2UOBzwN8.dpuf
A new rash of socially engineered security threats are using emails to trick victims into sending money to attackers by posing as vendors, clients or anyone you might know asking for payment for an invoice via wire transfer.
The FBI has dubbed these attacks “Business Email Compromise” (BEC) scams. According to the FBI, BEC scams have been running since 2013 and have affected users from over 80 countries worldwide. In the US alone, 7,000 businesses have reported a total of $747 million in losses.
“For victims reporting a monetary loss to the IC3, the average individual loss is about $6,000,” said Ellen Oliveto, an FBI analyst assigned to the center. “The average loss to BEC victims is $130,000.”
While there are solutions to prevent such emails from reaching your company, they’re not 100% foolproof. For this reason, use the below recommendations to ensure your company does not fall victim to this crime.
Here are some recommendations:
Awareness
Ensure employees within the company are aware of these targeted attacks as well as your organization’s processes for dealing with and paying approved vendors. The BEC scam has seen an unprecedented rise since the beginning of 2015, increasing 270%.
“They have excellent tradecraft, and they do their homework. They use language specific to the company they are targeting, along with dollar amounts that lend legitimacy to the fraud. The days of these emails having horrible grammar and being easily identified are largely behind us,” says the FBI.
In some cases, scammers have even used malware to steal account credentials and gain access to private company information to use within their communication increasing the legitimacy of their requests and averting suspicion. For example, they may send emails that appear to come from a colleague, typically within the accounting department, a vendor or supplier asking victims to complete a wire payment transaction to settle an invoice.
Lastly, social engineering attacks are not limited to email. We have documented cases of phishing attacks over the phone with both automated systems and real people on the line asking for account numbers!
Technology
Transactions and conversations often take place over email, so using a solid, secure business email solution, like MS Exchange Server or Office 365, is a great first step. In addition, using a multi-factor authentication system and enabling standard email authentication, such as a sender policy framework (SPF), which most mail servers support, will help protect your email environment.
Anti-spam systems are not just for “junk” mail. Most spam solutions use real-time attack information and other dynamic, intelligent systems to identify and quarantine possible threats, such as BEC attacks.
In addition, consider implementing outbound email filtering to prevent sensitive financial information, such as bank account numbers, from being sent outside of the company.
Internal Processes
Establish a system of checks and balances that enable employees to authenticate and validate payable requests. Things such as requiring multiple approvals for wire transfers, stricter controls over changes in vendor or supplier payment details, and using additional forms of verification (such as voice calls or physical documentation) will help ensure that you are conducting a legitimate transaction.
The FBI’s Advice
Verify changes in vendor payment location and confirm requests for transfer of funds. Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
Be careful when posting financial and personnel information to social media and company websites.
Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
Consider financial security procedures that include a two-step verification process for wire transfer payments.
Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
If possible, register all Internet domains that are slightly different than the actual company domain.
Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.
Microsoft recently released Skype for Business for Android. The company has been testing the app on Android for a little while, and it’s finally available for the public. With the new Skype for Business app, Microsoft is offering a new dashboard design which offers a Skype for Windows-like experience on tablet devices. Microsoft states:
A new dashboard design brings the contact search bar, your upcoming meetings and most recent conversations to one place. Simply tap the Quick Join icon to the right of your appointment name to join your meetings with one touch, or tap the name of the meeting to see its details. Your recent conversations are at your fingertips, no matter which device you had the conversation on. Additionally, full-screen video as well as larger call-control buttons to mute and add participants to a meeting make it easy for you to collaborate on the go.
Additionally, Microsoft is also offering a better contact management experience with the new Skype for Business for Android app. In the new app, users can easily search for a contact within groups, etc. The app also brings a “modern” authentication experience for users, which is also pretty nice to see.
[vc_row][vc_column][vc_column_text]
OneDrive for Business update on storage plans and Next Generation Sync Client
By Jeff Teper, corporate vice president for OneDrive and SharePoint as written on blogs.office.com
Today, I’d like to share an update on our OneDrive for Business storage plans, the availability of our Next Generation Sync Client and several other new capabilities we’re delivering in our December update.
Storage plans
Office 365 customers on our premium Enterprise, Government and Education plans will receive OneDrive for Business unlimited storage. Specifically, this includes unlimited storage for individuals in organizations with more than five people subscribing to one of the following plans:
Office 365 Enterprise E3, E4 and E5
Office 365 Government E3, E4 and E5
Office 365 Education
OneDrive for Business Plan 2 and SharePoint Online Plan 2
We will begin rolling out increased storage to these customers by the end of this month, starting with an automatic increase from 1 TB to 5 TB per user. We expect this rollout to complete by the end of March 2016. After this point, customers who want additional storage can request it as needed by contacting Microsoft support.
Customers on all other Office 365 Enterprise, Business and standalone plans that include OneDrive for Business will continue to receive 1 TB of storage per user. While customers on these plans will not receive the full unlimited benefit, we expect it will serve the vast majority of users. Today, most OneDrive for Business users consume significantly less than 1 TB.
Overall, we have taken too long to provide an update on our storage plans around OneDrive for Business. We also recognize we are disappointing customers who expected unlimited storage across every Office 365 plan, and I want to apologize for not meeting your expectations. We are committed to earning your business every day by delivering a great productivity and collaboration service and improving our communication approach.
Next Generation Sync Client for Windows and Mac
After a successful preview program, we are happy to report that the OneDrive for Business Next Generation Sync Client is now available for deployment. Our top priorities for this release were improved reliability and performance, as well as delivering core capabilities such as selective sync, support for large files up to 10 GB in size and removing the 20,000 file sync limit. For IT Professionals, we’ve provided the ability to silently deploy and configure the client on behalf of your end users. The OneDrive for Business Next Generation Sync Client is available for Windows 7, 8 and 10 (8.1 support will be added in the first quarter of 2016) and Mac OS X 10.9 and above. The Windows client is available today with the Mac client being available before the end of December 2015.
With this first release, the Next Generation Sync Client supports OneDrive for Business only, but we will add support for SharePoint document libraries in future releases. In the interim, if customers require sync for both OneDrive for Business and SharePoint document libraries, the Next Generation Sync Client is designed to work side-by-side with the existing sync client.
Additionally, we are actively working on other important features including Office integration to support the co-authoring of documents and sharing scenarios (planned for the second quarter of 2016), as well as a more seamless experience for users who are migrating from the existing sync client (planned for the first quarter of 2016).
Mobile updates
In addition to updates on our desktop offerings, we have several improvements for our mobile apps. First, we recently released a new OneDrive app for Windows 10 Mobile. This app offers all the essential capabilities to view, edit, delete, share and upload files onto both your personal OneDrive and OneDrive for Business storage services.
Users can easily manage their files and folders on their Windows 10 Mobile device.
A range of required actions such as view, edit, delete and share are available for the user.
We are also happy to announce the OneDrive for iOS app will support offline storage. You can selectively flag files for local availability and open them when disconnected. The updated app will be available before the end of December 2015. We first released offline storage on Android in September 2015 and will take this same capability to Windows 10 Mobile in the second quarter of 2016.
You can select one or more files to take offline.
All offline files can be accessed through a single view.
Lastly, Office Lens for iOS now supports uploading your content directly into OneDrive for Business. Office Lens is essentially a mobile scanner that lets you to take pictures of printed documents, business cards, expense receipts and even whiteboards, with automated cropping, trimming and searching of those images. We will add OneDrive for Business support to Android and Windows 10 Mobile in the first quarter of 2016.
Use the whiteboard capture feature to store all meeting notes in OneDrive for Business.
Access whiteboards, business cards and photos quickly and easily.
New capabilities for developers
We are also releasing exciting new value for developers. First, we created a new OneDrive for Business API that allows developers to programmatically access OneDrive for Business files. The API includes support for thumbnails, search, large file upload and sync changes. Developers can write directly to the OneDrive for Business API or access it via the Microsoft Graph. We also provided new tools and SDKs for Universal Windows, iOS and Android—including support for simple “file picker” integration that enables import and export of OneDrive for Business content. Finally, we released an updated preview of a JavaScript Picker SDK for web app file management. All developer tools and documentation can be found on the new OneDrive developer portal.
[/vc_column_text][/vc_column][/vc_row]
On December 8, 2015, Managed Solution hosted a Job Shadow Event for 60 students from Clairemont High School to learn first-hand critical IT skills through Junior Achievement's job shadow initiative. The collaboration kicked off Computer Science Education Week (Dec. 8- 11) which encourages students to pursue careers in STEM-related industries.
Sean Ferrel, CEO and founder of Managed Solution welcomed students, told them about the fastest growing IT company in Southern California and shared his journey of how he got to where he is today. After Ferrel answered career questions, students were split into groups to visit six project-based activities led by Managed Solution employees.
The educational job shadow program included sessions/activities on app development, coding/web design, channel partner marketing, project management, technical cloud development and video production.
Clairemont High School Information Technology Academy students had fun naming their groups and contributing to the filming, photographing and editing of the video recap from the event.
View more photos from the event on our Facebook page here.
The Future of Tech: See how Women in Tech are Inspiring Great Minds
The Future of Tech: See how Women in Tech are Inspiring Great Minds held on December 10, 2015 at the Microsoft Stores in San Diego, CA and Scottsdale, AZ were both special evenings for women leaders in technology who are passionate about changing the ratio of women in tech. Several guests brought their daughters and together we shared our knowledge and resources to help young women understand and expand their potential as future leaders in technology - from the classroom to the boardroom.
The events both featured a movie screening of Big Dream and success stories and networking opportunities for women technology professionals. The San Diego event featured a panelist of two women leaders who spoke about the unique perspective and innate skills that women bring to traditionally male dominated positions in technology and leadership, such as communication and a desire to help everyone on their team be successful.
Alicia Fettinger, IT Director at VOXOX, and Leslie Jeffries, CIO at California Coast Credit Union, both gave some practical advice and encouragement for women looking to break into careers in technology. They also spoke about overcoming limiting beliefs that women may face and shared personal stories about how they were able to overcome those challenges.
Big Dream follows the intimate stories of seven young women who are breaking barriers and overcoming personal challenges to follow their passion in science, math, computing & engineering. From small town Iowa to the bustling streets of the Middle East, Big Dream immerses viewers in a world designed by and for the inspiring next generation of girls.
For more information on scheduling a similar event, please call 800-236-6012.
Future women leaders from Hoover Academy of Information Technology enjoy a Women in Tech event at the Microsoft Store
Today from 11am - 1pm, Managed Solution hosted a Women In Technology event for young women from Hoover Academy of Information Technology. Students who are interested in pursuing careers in technology enjoyed the screening of Big Dream, hearing success stories from women leaders in technology and playing some fun games at the Microsoft store including Just Dance.
Tina Rountree, Business Development Manager of Managed Solution and President of the San Diego Women In Technology Community kicked off an interactive panel session with Rocio Uriarte, VP of IT at Hyundai Translead, and Melissa Pike, whose career includes high profile technology and management positions at her current company Sempra Energy and her past company, IBM. These two women leaders shared their success stories with the young women and answered questions on how they got where they are today. Rocio shared her experience getting started in technology and the steps necessary to get there, as well as become successful in the field. Melissa inspired the girls to follow their dreams and encouraged goal setting as an important element to achieving success. Both woman also stressed the importance of teamwork and collaboration. The dialogue was interactive throughout the panel session and students were asking and answering questions related to working in the field the entire time.
What Is Big Dream?
Big Dream follows the intimate stories of seven young women who are breaking barriers and overcoming personal challenges to follow their passion in science, math, computing & engineering. From small town Iowa to the bustling streets of the Middle East, Big Dream immerses viewers in a world designed by and for the inspiring next generation of girls.
Contact: Tina Rountree, VP of Sales & Marketing, Managed Solution
Phone: 800-236-6012
Email: trountree@managedsolution.com
Contact us Today!
Chat with an expert about your business’s technology needs.
