Bring Your Own Device (BYOD) – Rules for IT Management – Rule 2

Inventory your Devices

Imagine this. You start using an MDM solution under the assumption your company is supporting 100 or so devices. You’ve kept a meticulous spreadsheet of device types and users—there shouldn’t be any surprises. But when you first go to view reporting, over 200 devices appear. This scenario is fact, not fiction. It occurs far more often than you would think.

Don’t live in denial. What you don’t know can hurt you. Understand the current landscape of your mobile device population before finalizing your strategy. To do this, you’ll need a tool that can communicate in real time with your email environment and detect all the devices connected to your corporate network. Remember that once ActiveSync is turned on for a mailbox, there are usually no barriers to syncing multiple devices without IT’s knowledge.

All mobile devices need to be incorporated into your mobile initiative, and their owners need to be notified that new security policies are swinging into action.

 

Advertisements

Bring Your Own Device (BYOD) – Rules for IT Management – Rule 1

We are starting a series on BYOD – allowing users to bring their own devices to the office and access office infrastructure and files. We have come up with topics to help organizations navigate the ever changing landscape. Here’s rule 1:

1. Create Your Policy Before Procuring Technology

Like any other IT project, policy must precede technology—yes, even in the cloud. To effectively leverage mobile device management (MDM) technology for employee owned devices, you still need to decide on policies. These policies affect more than just IT; they have implications for HR, legal, and security—any part of the business that uses mobile devices in the name of productivity.

Since all lines of business are affected by BYOD policy, it can’t be created in an IT vacuum. With the diverse needs of users, IT must ensure they are all part of policy creation.

There’s no one right BYOD policy, but here are some questions to consider:

  • Devices: What mobile devices will be supported? Only certain devices or whatever the employee wants?

According to Forrester, 70% of smartphones belong to users, 12% are chosen from an approved list, and 16% are corporate-issued. Some 65% of tablets belong to users, 15% are chosen from a list, and 16% are corporate issued. In other words, users in most cases bring their own devices.

  • Data Plans: Will the organization pay for the data plan at all? Will you issue a stipend, or will the employee submit expense reports? Who pays for these devices? For smartphones, 70% paid the full price, 12% got a discount, 3% paid a partial amount, and in 15% of cases, the company covered the full price. With tablets, 58% bought their own, 17% got a corporate discount, 7% shared the cost, and 18% were issued and paid for by their companies. (Source: Forrester, 2011)
  • Compliance: What regulations govern the data your organization needs to protect? For instance, the Health Insurance Portability and Accountability Act (HIPAA) requires native encryption on any device that holds data subject to the act.
  • Security: What security measures are needed (passcode protection, jailbroken/rooted devices, anti-malware apps, encryption, device restrictions, iCloud backup)?
  • Applications: What apps are forbidden? IP scanning, data sharing, Dropbox?
  • Agreements: Is there an Acceptable Usage Agreement (AUA) for employee devices with corporate data?
  • Services: What kinds of resources can employees access—email? Certain wireless networks or VPNs? CRM?
  • Privacy: What data is collected from employees’ devices? What personal data is never collected?

No questions are off limits when it comes to BYOD. There must be frank and honest dialog about how devices will be used and how IT can realistically meet those needs.

Microsoft confirms hackers exploiting critical IE bug

Microsoft issued a security advisory that confirmed in-the-wild attacks are exploiting an unpatched bug in Internet Explorer. The software maker is working on a fix.

The advisory addressed the “zero-day” vulnerability — meaning it was discovered and exploited before a patch was available.

All but one supported edition of IE are affected: 2001’s IE6, 2006’s IE7, 2009’s IE8 and last year’s IE9. Together, those browsers accounted for 53% of all browsers used worldwide in August. The only exception was IE10, the browser bundled with the new Windows 8, which does not contain the bug.

The bug exploits the flaw allows hackers to execute code — in other words, plant malware on a machine — and opens Windows XP, Vista and Windows 7 to drive-by attacks that only require getting victims to visit a malicious or compromised website.   Until a patch is available, Microsoft recommended that users block attacks with EMET 3.0 (Exploit Mitigation Experience Toolkit), boosting IE’s security zone settings to “high,” and configuring the browser to display a warning before executing scripts.

We recommend, at a minimum, the last two steps – boost the security zone to high and having the browser prompt for scripts. The patch is expected this week.

BlueToad Was Source of Leaked Apple Data, not FBI Laptop

The little-known app company that lost at least a million Apple Inc. iPhone and iPad identification numbers gathered the data from devices without protecting it and was still sending the data as of Monday.

The information was sent by the company, BlueToad Inc., in “cleartext”—without encryption to hide it—violating widely accepted computer-security practices. The identification numbers, device names and other information were then stored in a database that the company said was recently stolen by hackers.

The BlueToad breach is the latest in a series of events that have raised questions about the security and privacy of the fast-growing app economy. Many apps have been found taking data that users didn’t know about. In 2010, the Journal tested 100 iPhone and Android apps and found that more than half were transmitting identifying details without the user’s knowledge, and some were sending more personal information such as contact lists and location information. Since then, several other apps have been caught transmitting details about users without their knowledge.

The device ID number can allow a hacker to gain access to a user’s social networking accounts and other apps. As a result, Apple has long told developers that “for user security and privacy” they “must not publicly associate a device’s unique identifier with a user account.” And Apple last year began telling developers that it was going to phase out the use of UDIDs, in part because of these concerns.

Apple Plans Web Radio

Recently, a number of rumours have ciruclated concerning a new streaming media project. In a move that could shake up the growing field of Internet radio, Apple plans to develop a service that would compete with Pandora Media by sending streams of music customized to users’ tastes.

Apple, which has already dominated the field of digital music with its iTunes store, is in the early stages of negotiating with the major record labels for the service.

Apple’s service would probably take the form of a preinstalled app on devices like iPhones and iPads and might be able to connect to users’ iTunes accounts to judge their tastes.

By offering streams customized to each user, Apple’s program would compete with Internet radio services like Pandora, Slacker and iHeartRadio, which is offered by the radio giant Clear Channel Communications.

Windows Server 2012 embraces the data center

Microsoft has taken its server OS a giant step forward with Todays release of Windows Server 2012, making this version the first that can be controlled remotely so it is more suitable for data centers.

The first major upgrade since 2009 features a bevy of new features, most designed to make it more suitable for large-scale data-center deployments. This has been  called Microsoft’s “Cloud OS.”

Microsoft’s Hyper-V virtualization can now support up to 64 virtual processors and 1TB of memory for guests, a marked improvement from the old limit of four virtual processors and 64GB of memory. The Server Message Block (SMB) network communication protocol has been updated to handle faster data transfers and the OS’s Server Manager has been updated to handle multiple servers at once.

But perhaps the most significant enhancement is one that may not be noticed among these flashy new features. Thanks to the inclusion of the PowerShell, first introduced six years ago, this will be the first version of Windows Server that can be completely controlled through the command line, making it controllable remotely.

PowerShell provides the Windows similar capabilities that chief competitor Unix has long offered, such as the ability to forward, or pipe, the output of one process to the input of another process. It even adds a few new tricks, such as the ability to handle software objects, which have come about from studying Unix’s limitations.

More on Server 2012 once we start working with it in our operations and locations.

FBI Agent’s Laptop ‘Hacked’ To Grab 12 Million Apple IDs

Three years ago special agent Christopher Stangl appeared in a video calling on people with computer science degrees to join the Federal Bureau of Investigation, saying they were needed “more than ever.” Last night, hackers with subversive online networks Anonymous and Antisec answered that call with nothing short of irreverence: they published what they claimed were more than 1 milion unique device identifier numbers, (UDID) for Apple devices, stolen from Stangl’s own laptop.

In total, the hackers say they were able to steal more than 12 million of these strings of numbers and letters, but, “we decided a million would be enough to release.” They announced the hack through the widely-watched Twitter feed, @AnonymousIRC last night.

The incident raises many questions, not only about the security of federal devices, but of why an agent might have (allegedly) been carrying a database of Apple UDIDs, which the hackers said also contained “user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.” of iPhone and iPad users.