Dating applications expose businesses

1930s-couple-620x400Big Blue is warning that millions of people using dating apps on company smartphones could be exposing their employers to hacking, spying and theft.

IBM security researchers said 26 of 41 dating apps they analysed on Google Android mobile platform had medium or high severity vulnerabilities.  Curiously the IBM team did not look at dating applications on Apple gear, probably because the company signed a deal to push Apple gear in the workplace.

Unfortunately IBM did not name and shame the vulnerable apps but said it had alerted the app publishers to problems.

Apparently Tinder, OkCupid and Match have become hugely popular in the past few years due to their instant messaging, photo and geolocation services. In 2013 it was estimated that 31 million Americans have used a dating site or app.

IBM found employees used vulnerable dating apps in nearly 50 percent of the companies sampled for its research. By using the same phone for work and play or “bring your own device,” it means that companies are wide open for such attack vectors.

Am IBM report said that while BYOD was seen as a way that companies could save cash by allowing employees to use their home gear on corporate networks , if not managed properly, the organizations might be leaking sensitive corporate data via employee-owned devices.

IBM said the problem is that people on dating apps let their guard down and are not as sensitive to potential security problems as they might be on email or websites.

If an app is compromised, hackers can take advantage of users waiting eagerly to hear back from a potential love interest by sending bogus “phishing” messages to glean sensitive information or install malware, IBM said.

A phone’s camera or microphone could be turned on remotely through a vulnerable app, which IBM warned could be used to eavesdrop on personal conversations or confidential business meetings. Vulnerable GPS data could also lead to stalking, and a user’s billing information could be hacked to purchase things on other apps or websites.

Strangely, despite its dire warnings to Android users, IBM said it had not so far seen a rash of security breaches due to dating apps as opposed to any other kind of social media.

Meanwhile, it recommends that dating app users limit the personal information they divulge, use unique passwords on every online account, apply the latest software patches and keep track of what permissions each app has.

Tablets are the flavour of the enterprise month

cheap-tabletsIf an enterprise is thinking of deploying BYOD (bring your own device) programmes tablets are better than notebooks or smartphones.

That’s according to Gartner, which said that if an enterprise spends half a million dollars to deploy 1,000 enterprise owned tablets, it’s making a mistake.  Because the same enterprise could support 2,745 user owned tablets at the same price.

Federica Troni, a research director at Gartner, said direct costs of user owned tablets are 64 percent lower and offering a BYOD option is the best way to keep costs down while broadening access.

She said that users’ own smartphones have a total cost of ownership similar to enterprise owned smartphones. They will only deliver savings when organisations don’t reimburse or subsidise voice and data plans.

There are problems, however, in the tablet BYOD idea.  Users will have to at some extent doing their own support and they will also have to be to some degree IT savvy, she said.

Bring your own device use grows

tesco-hudl-tabletAs many as 40 percent of US citizens who work for large corporations use their own smartphones, desktops, laptops, and tablets to do business.

That’s according to IT market research company Gartner, which recently surveyed over 4,300 people about their technology and attitudes.

Amanda Sabia, a principal research analyst at Gartner, noted in her report that the lines beween work and play are becoming ever more blurred.

The Gartner survey demonstrated that personal desktop PCs were used the most for work at 42 percent, smartphones by 40 percent, laptops at 36 percent and tablets at 26 percent.

But it appears that enterprises aren’t putting pressure on people to use their own devices with only 25 percent of employees asked to do so by their employers.

The trend is firmly in favour of smartphones and tablets, with 32 percent of those surveyed likely to buy a smartphone, 23 percent to buy a notebook, 20 percent to buy a tablet and 14 percent a desktop PC.

Four out of five of those surveyed have downloaded mobile apps, said Gartner.

BlackBerry buys a UK company

blackberry-juicerMobile manufacturer BlackBerry said it has bought a UK company Movitu. Financial details of the transaction weren’t revealed.

Movitu makes so called virtual identities for mobile operators that lets many numbers to be active on a single device.

BlackBerry said this help device management for bring your own device (BYOD) and corporate environments.

The Movitu Virtual SIM platform lets business numbers and personal numbers be used on the same device with separate billing for voice, for data and for messaging.

The advantage is that employees can use the same phone for both company business and their own personal use.

The Virtual SIM capabilities will be offered by BlackBerry through mobile operators for all main smartphone operating systems, including Android, iOS and Windows.

Microsoft slashes Windows fees

tablet-POS-cash-registerA report said that notebook sales – particularly in Europe – are set to grow strongly after Microsoft said it will cut licensing fees for low end models to $15 a unit.

According to Digitimes, the enterprise market has finally decided to upgrade its user base as a result of Windows stopping XP support last April.

That’s going to benefit Taiwanese original design manufacturers (ODMs) and vendors such as Acer, Asustek, Quanta Wistron and Inventec.

But it’s too early to say that notebook sales – which have declined in volume over the last two years – will ever reach the dizzying position they once commanded.

That’s partly because of a determined move by large enterprises to institute bring your own device (BYOD) models – which aids large companies by diminishing the capital amounts they spend on kit.

The Digitimes article is here.

BYODs mean IT departments have lost control

A monolithGartner said that while many businesses think it’s time for them to go mobile, there are obstacles to that move and many don’t know how to proceed.

But, said Darryl Carlton, a research director at the market research company, the key to success is appplications architecture and design,

“Designing your applications to meet the demands of BYOD is not the same as setting usage policies or having strategic sourcing plans that mandate a particular platform,” he said. “BYOD should be a design principle that provides you with a vendor neutral applications portfolio and a flexible future-proof architecture. If the applications exhibit technical constraints that limit choice and limit deployment, then the purchasing policy is irrelevant.”

IT departments are losing control of tools accessing corporate systems and data because of changes in the workforce and processes outside organisations’ boundaries.

“The community of users has expanded to include suppliers, customers, employees and a very broad range of stakeholders,” Carlton said. “We are no longer developing applications for deployment to an exclusive user base over which we exert standards and control.”

Partly, IT departments don’t realise that there are users that IT departments can’t control, and that means standards can’t be dictated and proprietary controls can’t be imposed.

“For CIOs to consider BYOD activities within their organization to be a temporary problem generated by a few disaffected employees would be a tragic mistake. This is a leading indicator of change for which an appropriate response is required. Reasserting control is not an appropriate response. This is a permanent and irreversible shift in the way that IT is procured and implemented to support the organisation, suppliers and customers.”

Tablet failures slow BYOD growth

ipad3A report claimed that nearly half people using tablets have experienced failure in the last two years, making them a poor choice as devices in the business sector.

The survey was undertaken by Panasonic which – it is only fair to say – has an axe to grind because it is pushing its Toughbook range of tablets.

The survey showed that the most common weakest link was extreme temperatures, whether machines were left in places too hot or too cold.

The next common reason for failure was machines being dropped or knocked off desks – that was followed by spillages.  Panasonic claimed one in 10 reported that a vehicle drove over their broken tablets.

Battery problems, touchscreen bugs and screen breakages were also named as reasons for tablets not working – with the average time for repair being two weeks.

The survey showed that tablets are often used wen employees were travelling but 45 percent used it at their desk or in front of clients.

Panasonic didn’t say how many people it had surveyed.

Cloud faces fresh security risks

netthingsA report from Zscaler examines security threats ahead and said the diversity of devices used to access data make it difficult for organisations to stay ahead.

The Zscaler 2014 Security Cloud Forecast says that attacks on DNS servers are increasing and one of the problems is that “tens of thousands” of Internet DNS are not secured. And attackers use DNS techniques mimicking load balancing, with malware using DNS to conceal command and control networks. Companies, in 2014 should monitor DNS traffic, particularly on new domains.

Cloud services rely on HTPPS and SSL for encryption but by the end of this year, the industry standard will become 2048-bit keys rather than 1024 bit.  Visibility becomes as much as five times more difficult with this move.   SSL will be enabled by default for many web services next year.

The move to BYOD – bring your own device – is “the weakest link”, said Zscaler.  When businesses move corporate data to the cloud and people use mobile devices there is no real security appliance between data and device. Zscaler warns to expect mobile attacks using email, web and malicious third party apps.

And the “internet of things” also brings its own problems, Zscaler warns.  Accessing these multiple devices using smartphones is insecure but there is no minimum base level security in place. “In 2014, attackers will make attempts on the internet of things in homes, businesses and in critical pieces of infrastructure,” the report concludes.

Salesforce integrates multiple IDs

Salesforce_Logo_2009Giant CRM company Salesforce said it has released a service connecting employees, customers and partners to any app on any device.

Called Salesforce Identity, the service is intended to make accessing data universally, wherever it is stored.

The company said that the service lets firms create a connected app and strategy, which can then be managed from a central location.

The service includes a single sign on, authorisation identities for mobile devices for Salesforce CRM and custom applications built using its Platform Mobile Services.

It also lets social collaboration be built into a system, including Facebook and Google. Pricing starts at $5 per user a month, including single sign on, mobile identity, cloud directory, multi-factor authentication and other services.

BYOD: security, it’s heard of it

byodA survey by Context said that despite the prevalence of BYOD (bring your own device) in the work place, security cannot be guaranteed.

Context says there’s a clear trade off between convenience and security. It examined three products: Airwatch, Blackberry Universal Device Service and Good for Enterprise, in conjunction with IOS and Android devices.

While these products all provide good levels of BYOD security, Context found the underlying operating systems limits what they can achieve.

Alex Chapman, senior consultant at Context, said: “There is no realistic way to guarantee the security of a workable BYOD environment, but organisations can take significant steps towards mitigation of security risks if they combine technical security controls with clearly defined acceptable use policies. MDM…can only lock down mobile devices to the extent that underlying operating systems will permit and BYOD implementations can only lock down devices to a level that users are willing to accept.”

Companies start taking their tablets

Keep taking the tabletsMore and more tablets are being used in companies with large numbers now being used to access corporate data and apps.

That’s according to a survey from Ovum, which points out that using tablets is changing the way people work.

The survey, conducted in the second quarter of this year, showed that 17.6 percent of people had been given tablets by their employers, compared to 12.5 percent in 2012.

And the number of personal tablet owners grew from 28.4 percent in 2012 to 44.5 percent in 2013, meaning that more personally owned tablets find their way into the workplace.

Richard Absalom, analyst at Ovum, said: “The primary route for tablets into the enterprise is through the consumer/employee channel. Over 66 percent of employees who personally own a tablet use them for work.”

Absalom said that employees use many different devices to get to corporate data and content – tablet or BYOD strategies should be put into that context. “Tablet deployments have the potential to change the way that businesses operate,” he said. “The primary challenge ofr the enterprise is to turn tablet usage into a genuinely transformative deployment.”

Mobile malware still ignored by most

stapSecurity software companies must try harder to take advantage of mobile malware misgivings and convince smartphone users to start parting with their cash.

This overwhelming preference among mobile users for free stuff needn’t be a barrier to new revenue streams for the security developers, according to a report out today from Juniper Research.

The 135 page report, which is called ‘Mobile Security: BYOD, mCommerce, Consumer & Enterprise 2013-2018’, takes a look at all the usual suspects in the security space and beyond – from AVG to ZyXel.

It concluded that 80 percent of smartphones are unprotected, mostly because of a lack of threat-savvy on the part of their owners. With such a significant majority of phones left unprotected because their owners can’t even be bothered with free software, getting people to cough up looks like it might be a tall order for the anti-malware brigade.

The report also highlights the predicted growth in mobile malware attacks, citing claims from Trend Micro that there would be “more than one million malwares in the market” by the end of the year. It doesn’t make clear whether that figure is a global prediction, however.

The report found that nearly 1.3 billion mobile devices including smartphones, featurephones and tablets are expected to have mobile security software installed by 2018, up from around 325 million this year.

The UK’s National Fraud Authority has also recently warned that mobile malware can be hard to spot with the naked eye, and is generally disguised as legitimate apps.

According to one of the other big noises in the security space, McAfee, 17,000 new forms of mobile malware targeting Android-based devices were identified in the second quarter of 2013. That’s 21% up on Q1 of this year.

Cyber criminals are after your wonga. The security software firms wouldn’t object to having some of it too.

You pays your money, you takes your choice.


Avnet to school partners on VMware

avnettsAvnet and VMWare are collaborating to open an End User Computing practice in Britain, to push channel partners towards the desktop transformation market, utilising VMware’s Horizon suite along with Avnet SolutionsPath.

Avnet insists that as the office environment rushes towards Bring Your Own Device, IT departments are faced with emerging threats to make sure their networks are fit for security as well as cost effective. By investing in the workspace, businesses can reduce headaches in the long run.

The company believes twinning SolutionsPath with VMware technology can manage all parts of a firm’s physical and virtual infrastructure centrally, meaning down the road businesses can implement a system that is not shaken by the consumerisation of IT.

The EUC practice promises to quicken entry into desktop transformation, and Avnet says it will do this by opening up access to its technology and multi vendor network, as well as providing specialist knowledge.

Businesses that sign up to the practice will have the opportunity to learn about delivering VMware gear in a way to fit a customer’s IT environment, as well as gauging the level ofvirtualisation that is required. Users can pick from Avnet’s wide range of VMware partners such as HP, IBM, Cisco, EMC, NetApp, Riverbed, and Nvidia.

Partners will also be encouraged to learn how they should sell VMware Horizon in markets such as healthcare, government and finance.

VMware’s UK&I head of channel, Ed Dolman, said the initiative will be a “powerful value proposition” as the company looks for new partners who are interested in desktop transformation but don’t have the right skills.

“By enrolling in Avnet’s SolutionsPath University, business partners have the ability to receive the training they need to develop knowledge and expertise supported by the generation of sales leads,” Dolman said.

IT departments nervous about BYOD

threeiphonesMost IT departments are not certain their mobile policies are compliant with both corporate policy and government regulation, according to a report.

Bring Your Own Device means staff are increasingly taking their smartphones into work. Despite this, according to research commissioned by Accellion, an enterprise security company, just 30 percent of organisations have an approved BYOD policy.

70 percent of respondents admitted to being “concerned” and a further 20 percent “extremely concerned” about mobile file sharing.

Additionally, 63 percent of those surveyed want to clamp down on VPN use, and about two thirds have or plan to allow official enterprise content management accross mobile devices. Of course, this means making sure the infrastructure is in place to secure those devices – especially running on sensitive networks.

There was a consensus on limiting or controlling with sites or folders are accessible to staff on mobile, for example, making sales documents available on mobile but blocking access to human resources.

14 percent of respondents were in the process of developing their own corporate app store, with another 14 percent already having one.

Most CIOs coming round to BYOD

smartphones-genericMost CIOs are happy to let employees bring their own devices to work as the BYOD trend shows no sign of slowing.

IT departments were forced to adapt when personal devices frequently had better compute power and more utility than company-issued Blackberrys. At the same time, there was a challenge in securing devices to make sure sensitive data did not fly off company networks. But when a CEO is wondering why he or she can’t use their iPad at work, and a user’s laptop is better than the company box, it saves cash for the company and keeps employees happy as long as IT can secure the tech.

A report claims over three quarters – 76 percent – of CIOs now let employee devices into the workplace. Understandably, IT managers are concerned about security.

The top BYOD devices are laptops, followed by smartphones, memory sticks, tablets, external hard drives, and iPods.

Managing director of Robert Half Technology, which conducted the survey, Phil Sheridan, said there are a number of factors leading to BYOD’s growth. “Consumer friendly technologies prompt employees to rely on a certain level of productivity at work as they have at home,” Sheridan said. “Only 24 percent of IT directors in our survey said that they do not currently allow employee owned devices into the workplace, so the tide has clearly turned in favour of BYOD”.

It is, however, still necessary for companies to consider their BYOD strategy to prevent any embarrassing data SNAFUs.

Additionally, there can be financial costs in upgrading infrastructure to properly manage employee owned devices, or to provide training. However, almost a third of those surveyed did report cost savings by adopting BYOD policy.

“Although CIOs have security concerns when considering BYOD policies, their teams are best placed to implement the correct infrastructure to support extra devices in a safe environment and to understand the impact of extra devices and apps on the network,” Sheridan said.