security - page 18

One of the first secure business solutions for the iPhone and iPad was Good for Enterprise, a secure collaboration tool that allows companies to separate business email, calendar, and contact systems from Apple’s standard Mail, Calendar, and Contacts apps. Going beyond simply separating work accounts and data from a user’s personal accounts, Good’s alternatives securely encrypt all data and must be unlocked using credentials other than the passcode used to unlock an iOS device.

Good released a significant update to Good for Enterprise this week, one that makes the solution more streamlined, user-friendly, and offers powerful new features – some of which are worth considering for their business functionality as well as their innate security.

It’s been over two years since Apple unveiled iOS 4 with mobile management features designed to make the iPhone and iPad a significantly better corporate citizen. During those years, the landscape of business and enterprise mobility has changed dramatically. RIM has collapsed and will never truly recover, Microsoft has doubled down on the interface it launched late in 2010 with no guarantee of success, and Android has become much more enterprise friendly. Perhaps more important is the fact that idea of mobile management and security has shifted from a focus on devices to a focus on securing data and managing mobile apps.

As all this has happened, Apple’s mobile management framework, which is the system that all mobile management vendors plug into in order to secure and manage iOS devices, has essentially stagnated. With iOS 6 on the horizon, lets look at the areas that Apple needs to address if it wants iOS to remain one of the preferred mobile platforms for business.

Popular cloud storage service Dropbox has introduced two-step verification in order to provide greater security for its users. After the ‘epic’ hacking of Wired’s Mat Honan digital life, online security has become a hot topic once again in the tech community.

Like Google, Dropbox now allows all of its users to login with a password and additional code sent via text. An authenticator app can also be used on the web or mobile devices like the iPhone for the second step.

Like many federal agencies, the Department of Veterans Affairs has embarked on the journey of integrating iPhones and iPads as mobile solutions. The agency currently has 20,000 mobile devices that includes iPhones and iPads along with some BlackBerries and a small number of Android devices. Despite the range of devices, the VA has been very active in trying to eliminate mobile data breaches and, according to the VA’s director of Mobile and Security Assurance Donald Kachman, the agency’s campaign has been extremely successful.

Kachman credits encryption technologies with as a major factor in that success – 99% of all VA data is now secured around the clock on mobile devices and desktop PCs. The security approach is one that can be a model for any organization.

Secure enterprise file sharing and file management vendor Accellion has added Mac support to its file sync system for mobile workers known as kitedrive. As we noted earlier this year in covering the launch of kitedrive for iOS, Accellion describes kitedrive as “Dropbox for the enterprise.” That’s a pretty good description. kitedrive syncs content for offline access to business documents, which are securely encrypted during transmission and while stored on the a mobile device, PC, or Mac.

Reader James G writes,

I use the iPad’s locking feature requiring a 4-digit pin. The problem I was worried about is that the default setting has a button allowing you to see photos without knowing the 4-digit pin.

With the dozens of login names & passwords I’m required to remember, I often take a screenshot whenever I’ve created a new login or changed my password. So some of my “photos” are part of what I want to protect. Until recently I hadn’t realized that by default the pin didn’t block looking at the pictures.

I had looked and not found a way to turn that off, but after writing to you discovered there is a way to do it.

So, as James found out, there is, in fact, a way to keep your photos private when using the passcode security on an iPad, but you have to disable the default slideshow option first.

While bring your own device (BYOD) programs that encourage employees to use their personal iPhones, iPads, and other devices in the office increases productivity and employee satisfaction, the trend is also turning those employees into workaholics. That’s not entirely a new realization – we’ve covered the potential impact of the BYOD trend on the work/life balance before (including a recent study that showed that BYOD programs actually improve that balance for IT professionals).

The latest research on BYOD’s impact on workers shows two additional insights – a significant number of employees are footing the bill (sometimes a very big bill)  for mobile data service while on the road for work.

It appears Apple’s arrogance is getting in the way of protecting its users from a long standing SMS exploit that could allow potential hackers to spoof a reply-to number, causing the recipient to think he/she is replying to a legitimate contact, when in reality, their information is being sent to the hackers designated address. As you can imagine, this is quite troublesome, yet Apple has brushed it away despite numerous pleas made by a well known iOS hacker (pod2g):

VMWare announced the newest version of VMWare Fusion, its Mac virtualization product, this week. In doing so it also launched its first business or enterprise version of the popular tool for running Windows and other operating systems on Mac workstations. Dubbed Fusion Professional, the new solution has a range of features that are likely to appeal to IT professionals in both business and education.

Apple retail stores are now installing special dock connectors to prevent iOS devices from being stolen. They look just like the regular USB cable that ships with every iPhone, iPad, and iPod touch, but they feature a nifty anti-left lock that prevents them from being removed from the device — essentially tethering the unit to the table.

The U.S. federal government may not be where you’d expect to see mobile innovation or find good app development suggestions. While there’s still a public sector bureaucracy in government, a number of government agencies are beginning to develop new ways to connect with citizens and invest in mobile technologies for internal use.

Granted, most agencies are doing so because of requirements under the Obama administration’s 21st Century Digital Government Strategy. One of which is that every federal agency  must make two high-value, customer-facing services available via mobile devices over the next year.  Still, the innovation is happening and the agencies that have already taken up the challenge are good models for agencies that have yet to do so.

They’re also good sources of advice for any organization that is beginning to develop an iOS or mobile app strategy.

When Apple unveiled iMessage, one of the first thoughts for many IT professionals and business users was that Apple had come up with a secure messaging platform that could rival RIM’s BlackBerry Messenger. While iMessage has a lot going for it as a secure messaging platform, there are still some reasons that it may not be an ideal business solution.

The most striking point in a recent report commissioned by Trend Micro was that IT administrators are beginning to rank Apple’s iOS ahead of RIM’s BlackBerry and other mobile platforms, but there were some other significant details in that report.

The report focuses on mobile security and issues related to bring your own device (BYOD) programs. Such programs encourage employees to use their personal iPhones, iPads, Android devices and other mobile technologies to access business resources and perform work related tasks. Many IT professionals believe that BYOD programs introduce security risks – and it looks like they’re right believe that. Decisive Analytics, the company that prepared the report, notes that nearly half the IT professionals that they surveyed in the U.S., U.K., and Germany admitted that their companies had already experienced a mobile-related security breach.

The perception of the BlackBerry as the most secure and manageable mobile platform seems to be faltering. According to a new report, senior IT administrators now consider Apple’s iOS to be the most secure and manageable platform – despite the fact that RIM offers ten times the number of security and device management policies that Apple provides in iOS.

iOS hacker and security researcher Pod2g has uncovered a major SMS security flaw with the iPhone that could lead to text message spoofing. The problem is with the way in which the iPhone handles text messages, and it’s present in the latest version of iOS — including the iOS 6 beta 4 release. However, Pod2g insists he’s pleading with Apple to get it fixed.

Another study of the bring your own device (BYOD) phenomenon concludes that the trend of employees bringing the personal iPhones, iPads, and other devices into the office shows no sign of slowing down. It also confirms previous reports that indicate many personal devices being used in the workplace don’t have even basic security features enabled.

The study by Coalfire, a company the specializes in IT risk management services, paints a particularly grim picture of the lack of security for iOS and Android devices in the workplace. With the BYOD trend show no signs of slowing or ending, Coalfire CEO Rick Dakin, notes that companies cannot afford to keep ignoring mobile security concerns.

One of the challenges of 21st century education is determining the appropriate ways to use technology in the classroom. That’s a challenge that each school or district needs to confront in its own way. One thing that is universal, however, is that the policies and processes put into place around technology need to come from an ongoing dialog between teachers, school administrators, and IT professionals.

While some schools may have restrictive policies, those policies are emblematic of the community to which the schools belongs. They are the policies that the school itself and the parents of its students feel are needed to protect its students. Those policies also teach students what is acceptable behavior and how to protect themselves in the online world.

When I first glimpsed the Highline, I teased, calling it “an almost spectacularly misguided idea.” The Highline is a curly cable which hooks into your iDevice’s 30-pin dock connector and keeps it safe from drops and attempted snatch-and-grabs. Despite my conclusions, the kind folks at Kenu sent one over to the Cult of Mac test labs to check out. And while I’d probably never have a use for one, it turns out that it does its job just fine.

Your iPhone contains a whole lotta information about your personal life. You got your bank apps, email, text messages, phone calls, browsing history, plus all those embarrassing songs you listen to on Spotify you don’t want people to know about.

You don’t expect to get hardcore encryption security on a tiny iPhone, and when the iPhone was first released in 2007 you didn’t. Huge security holes allowed  hackers to easily take over the device, but Apple learned from their mistakes, and now your iPhone is like a freaking Fort Knox for data. Even the NSA is having a hard time breaking iPhone encryption, and it’s frustrating the hell out them.

When Dropbox acknowledged its recent data breach last week, the company noted that it will be adding a range of security solutions in an effort prevent such a breach from occurring again. One of the technologies that Dropbox plans to implement is two factor authentication, which requires another identifying item beyond your username and password to grant you access to your account.

The second item in two factor authentication can be any one of a range of technologies like a smart card that needs to be swiped, a USB flash drive or other mobile that contains security certifications, a one-time user password token like RSA’s SecurID, or a biometric input like a fingerprint scan.

One company has another interesting option, however, your location.

The number of personally-owned iPads, iPhones, and other mobile devices that professionals bring into office is expected to more than double between now and 2014. That means the businesses that have so far been lax about considering or planning an official bring your own device (BYOD) program and/or establishing security policies around BYOD are going to need to play catch up – and they’ll need to get started as soon as possible.

In the continuing saga of Mat Honan’s digital life getting hacked to pieces, Apple has stopped accepting over-the-phone AppleID password resets indefinitely. In a statement today, Apple confirmed that the freeze it put on over-the-phone password change requests last night will remain in effect until tighter security can be implemented on Apple’s end. For now, all AppleID password resets will have to be done online.

Last week, Wired columnist Mat Honan’s digital life was destroyed by hackers who were able to connect to his Apple ID and remotely erase all of the data on his iPhone, iPad, and MacBook.

Apple responded today to Honan via a spokesperson, Natalie Kerris. In a statement to Wired, where Honan posted an account of his experiences, Apple promised to look into how users can protect their data and security better when they need to reset their account passwords.

1Password by AgileBits is a an incredible tool for keeping your data safe. More than just a password manager, 1Password allows you to encrypt and organize a wide range of data (website passwords, non-web digital accounts, credit/debit card numbers and financial account details, software licenses, and files containing confidential information.

Those features are all well and good, but the biggest feature is 1Password’s ability to keep all that data secure in the face of brute force attacks – the kind of attacks where a piece of software simply tries combination after combination of possible passwords. Password cracking software that rely on such attacks can easily try thousands of potential passwords each second.

To find out whether or not 1Password can withstand such attacks, AgileBits tested one 1Password against John the Ripper, one of the most well-known password cracking tools.

In the aftermath of a data breach that it announced this week, Dropbox says that it will begin implementing new security measures. Those measures include new automated techniques for spotting suspicious behavior, a page where you can examine all active logins to your account, password update requirements, and two-factor authentication.

All of those are reasonable steps to take. That Dropbox hasn’t implemented most of those items before is a bit surprising. Only one of those items – two factor authentication – really puts a burden onto Dropbox users, but it could put a very big burden on iOS users and app developers.