Skip navigation
Help

Smartphones

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Caleb Barlow

mobilesec380

Mobile phone image copyright Oleksiy Mark

When it comes to mobile computing, many organizations either cringe at the fear of security risks or rejoice in the business potential. On one hand, mobile is revolutionizing business operations — improving operational efficiency, enhancing productivity, empowering employees and delivering an engaging user experience. On the other hand, sensitive data that used to be housed in a controlled environment of a company desktop or even laptop is now sitting in an employee’s back pocket or purse.

In today’s ultra-connected world, it can seem like threats are all around us. High-profile breaches and attacks from hacker groups have organizations of all sizes — from multinational enterprises to mom-and-pop shops — doubling down on security and making sure there aren’t any cracks in their defenses. Mobile security doesn’t have to be the Achilles’ heel that leads to a breach. New, innovative solutions for securing mobile devices at the application level are rapidly hitting the market and the latest IBM X-Force report indicates that by 2014, mobile computing will be more secure than traditional desktops. Phones, tablets and other devices are a staple of the 21st century workplace and in order to fully embrace this technology, businesses must be certain they’re well protected and secure.

Do You Know Where Your Data Is?

Tackling mobile security can seem like a daunting task. The IBM X-Force report also indicates a 19 percent increase in the number of exploits publicly released that can be used to target mobile devices. Making the task more challenging is the fact that — especially in the case of BYOD — the line between professional and personal data is more blurred on mobile platforms than anywhere before. According to Gartner, by 2014, 90 percent of organizations will support corporate applications on personal devices. This means that devices being used to connect with enterprise networks or create sensitive company data are also being used for social networking and to download mobile apps, leaving organizations with the predicament of how to manage, secure and patrol those devices. From the point of view of a hacker, a mobile device becomes an ideal target as it has access to the enterprise data as well as personal data that can be used to mount future attacks against your friends and colleagues.

Mobile apps are a great example of why mobile security tends to raise concerns among security professionals and business leaders. Employees install personal apps onto the same devices they use to access their enterprise data, but are not always careful or discriminating about the security of those apps — whether they are the real version or a manipulated version that will attempt to steal corporate data. According to a recent report by Arxan Technologies, more than 90 percent of the top 100 mobile apps have been hacked in some capacity. Some free mobile apps even demand access to an employee’s contact list in order to function correctly. Just pause and think about that for a second. Would you give your entire contact list to a complete stranger? That’s effectively what you are doing when you install many of these popular applications. If an organization takes a step back and really considers what employees are agreeing to, willingly or not, the results can be troublesome. So the challenge remains — how to get employees to recognize and understand just how vulnerable their mobile device can be to an enterprise.

Mitigating Mobile Risks: Why it’s easier than you think

Mobile app security and device management do not have to be a company’s security downfall. By employing intelligent security solutions that adapt to the requirements of a specific context, businesses can mitigate operational risk and unleash the full potential of mobility.

The key to mitigating security risks when it comes to mobile devices accessing enterprise data is access control. This may include passcode locks, data protection and malware and virus prevention. With that said, IT security priorities should focus on practices, policies and procedures, such as:

  • Risk analysis: Organizations must understand what enterprise data is on employee devices, how it could be compromised and the potential impact of the comprise (i.e. What does it cost? What happens if the device is lost? Is the data incidental or crucial to business?).
  • Securing the application: In the pre-mobile, personal computer era, simply securing the device and the user were sufficient. When it comes to mobile devices, we also need to think about securing the application itself. As a typical application is downloaded from a store, the end user really has no idea who built the application, what it actually does with your data or how secure it is. Corporate applications with sensitive data need to be secure in their own right.
  • Secure mobile access — authentication: Since mobile devices are shared, it’s important to authenticate both the user and the device before granting access and to look at the context of the user requesting access based on factors like time, network, location, device characteristics, role, etc. If the context appears to be out of line with normal behavior, appropriate counter measures can be taken.
  • Encryption: Simply put, if the data is sensitive it needs to be encrypted both while at rest as well as while in motion on the network.

Once an enterprise has defined its security policy — establishing set policies/procedures regarding content that is allowed to be accessed on devices, how it’s accessed and how the organization will handle lost/stolen devices that may contain business data — mobile technology solutions can help ensure that no opening is left unguarded.

So if security concerns are holding you back from “going mobile,” rest assured — there are many companies that have embraced trends like “Bring Your Own Device” without sending their Chief Security Officers into a panic. As long as organizations take the right steps and continually revisit their security posture to ensure that every endpoint is secured and that the proper technology is in place, it really is possible to be confident about your mobile security strategy.

Caleb Barlow is part of the executive team in IBM’s Security division. He manages three portfolios — Application Security, Data Security and Mobile Security. In addition to his day job, Caleb also hosts a popular Internet Radio show focused on IT Security with an audience averaging over 20k listeners per show.

0
Your rating: None
Original author: 
Andrew Cunningham

Aurich Lawson / Thinkstock

Welcome back to our three-part series on touchscreen technology. Last time, Florence Ion walked you through the technology's past, from the invention of the first touchscreens in the 1960s all the way up through the mid-2000s. During this period, different versions of the technology appeared in everything from PCs to early cell phones to personal digital assistants like Apple's Newton and the Palm Pilot. But all of these gadgets proved to be little more than a tease, a prelude to the main event. In this second part in our series, we'll be talking about touchscreens in the here-and-now.

When you think about touchscreens today, you probably think about smartphones and tablets, and for good reason. The 2007 introduction of the iPhone kicked off a transformation that turned a couple of niche products—smartphones and tablets—into billion-dollar industries. The current fierce competition from software like Android and Windows Phone (as well as hardware makers like Samsung and a host of others) means that new products are being introduced at a frantic pace.

The screens themselves are just one of the driving forces that makes these devices possible (and successful). Ever-smaller, ever-faster chips allow a phone to do things only a heavy-duty desktop could do just a decade or so ago, something we've discussed in detail elsewhere. The software that powers these devices is more important, though. Where older tablets and PDAs required a stylus or interaction with a cramped physical keyboard or trackball to use, mobile software has adapted to be better suited to humans' native pointing device—the larger, clumsier, but much more convenient finger.

Read 22 remaining paragraphs | Comments

0
Your rating: None

egypt380If I were to describe a country where the Internet contributes as much as a percentage of GDP as its health services, education and oil industries, and is growing at nearly twice the rate as in Europe — driven in large part by growth in private and corporate-backed entrepreneurship — where would you guess?

Looking forward, if such a country has the largest population of Internet and mobile users in its region with one of the largest youth populations in the world; is a large consumer market in the early days of e-commerce; is a global tourist destination where roughly only five percent of all travel revenue is booked online — might this be an intriguing investment opportunity?

Am I describing Germany? China? Brazil?

Try Egypt.

Two years after the Arab uprisings and in the midst of wrestling significant economic and political change, the Internet is quietly and increasingly growing as a central platform of economic development around the country as it is around the globe. And according to a new Google-commissioned study by The Boston Consulting Group — Egypt at a Crossroads: How the Internet is Transforming Egypt’s Economy — policy makers, executives and investors alike are poised at a central moment of opportunity to embrace this platform for economic growth, job creation and returns.

David Dean, Senior Partner and Managing Director at the Boston Consulting Group — and one of the authors of the study — told me that this is the latest of fifteen country-wide studies his company has done, and he was impressed by what he found. “I think the biggest positive surprise was that there are many entrepreneurial companies using the Internet to grow their businesses.” The report highlights a handful of among hundreds of recent Egyptian startups as diverse as the content portal Masrawy, which now reaches over eight million unique users per month; e-commerce destination Nefsak, which offers over 25,000 products; and Alexandria’s Vimov, whose paid weather app WeatherHD was the fourth-best seller in Apple’s App store after its recent release. It notes that Vodafone, among other global investors, is making serious commitments both to the infrastructure and to funding startups in the region. “The report makes clear that there is much uptapped potential for Egypt’s nascent Internet ecosystem,” Samir El Bahaie, Google’s Head of Policy in the Middle East and North Africa, said — adding that “there is also a great opportunity for investment, economic growth and job creation waiting to be seized.”

The study underscores that the opportunity is now. Egypt’s population of 31 million Internet users is the largest in the Middle East, and while mobile penetration exceeds 100 percent in many parts of the country, the big news is that smartphones — with real computing capabilities — are expected by some to reach 50 percent penetration in the next three to five years. Unmeasured in penetration and GDP figures are what the report calls “ripple effects” on the Egyptian economy and society: The ability to reach new markets, to have better informed consumers, to have greater work efficiencies in the knowledge economy, to have simplified access to government and social services for people to take more control of their lives. Egypt, with its mobile penetration, is especially poised to capture opportunities in mobile banking (as significant success has been seen in Africa) and to fully embrace all the opportunities offered for tourism. Dean notes, in fact, that travel and tourism is “possibly the largest short-term lever that the Internet can have in the country.”

If the opportunity is now, however, so is the potential for missed opportunities. While access to the Internet is growing, there is still a lack of Internet skills in the workforce, even as compared to other emerging markets. While business adoption of the Internet as an economic platform in Egypt is competitive among larger enterprises, small- and medium-sized businesses still rank lowest among emerging growth markets. More fundamentally, there remains significant question of the most appropriate, entrepreneurship-driving policies — areas such as rule of law, copyright protection, lessening bureaucracy in starting businesses. “Of course, these are clearly not just questions for Egypt,” Dean explained to me. “What would really be encouraging would be a commitment by the Government to the Internet as an economic factor — which would mean simplifying the process for opening businesses, encouraging investment, demonstrating the benefits of the Internet in the way the government operates, and using the Internet to address some of Egypt’s most pressing problems, such as youth unemployment.”

Google hopes to play a continued role in working with governments like Egypt’s. Studies like these are extremely useful as they provide factual economic data points around the value of the Internet, El Bahaie noted. “We hope to work with the government of Egypt to leverage these data points to unlock the potential of eCommerce and mCommerce and well-informedly create a more enabling business environment for Egyptian small- and medium-sized business, and to help the country reach its full economic potential.”

Christopher M. Schroeder is a leading U.S. Internet entrepreneur and venture investor, a member of the advisory boards of the American University of Cairo School of Business, the regional entrepreneurship portal Wamda.com and incubator Oasis500. He is the author of “Startup Rising: The Entrepreneurial Revolution That’s Remaking the Middle East,” to be published September 2013 by Palgrave/MacMillan. He can be followed on Twitter @cmschroed.

0
Your rating: None

Canonical

Ubuntu is coming to phones near the end of 2013 or the beginning of 2014, as we reported earlier today. After the announcement, Canonical founder Mark Shuttleworth spoke to the media about why he thinks Ubuntu will be great on phones and, more specifically, why it will be better than Android.

Somewhat confusingly, Ubuntu has two phone projects. One of them is called "Ubuntu for Android," which allows Android smartphones to act as Ubuntu PCs when docked with a monitor, mouse, and keyboard. The version of Ubuntu for phones announced today is just Ubuntu, no Android required, allowing devices to run Ubuntu in both the phone and PC form factor, with different interfaces optimized for the different screens. Canonical is keeping Ubuntu for Android around, even as it touts its own phone operating system as a better alternative.

The smartphone market is already dominated by iPhone and Android, with RIM losing prominence, Windows Phone making a charge at third place, and various other operating systems aiming for elusive name recognition. So why should carriers and handset makers warm to Ubuntu, and why should anyone buy an Ubuntu phone?

Read 19 remaining paragraphs | Comments

0
Your rating: None

Enlarge / An overview of a chosen-prefix collision. A similar technique was used by the Flame espionage malware that targeted Iran. The scientific novelty of the malware underscored the sophistication of malware sponsored by wealthy nation states.

Marc Stevens

The dance among blackhat, whitehat, and greyhat hackers grew ever more intricate in 2012, thanks to a steady stream of exploits, vulnerability discoveries, and data breaches. In-the-wild attacks against Internet Explorer, the Java software framework, and other perennial favorites continued, of course. They inflicted plenty of damage on end users, but given their familiarity, they hardly stood out.

What got our attention were attacks on entirely new classes of devices or victims, or in the case of passwords and cryptography, the culmination of new exploit techniques quickly eroding the protection we once took for granted.

From our perspective, here are the five biggest security stories this year.

Read 12 remaining paragraphs | Comments

0
Your rating: None

AT&T's Toggle lets users switch between the work and personal parts of their smartphones.

AT&T

AT&T says it has the answer for corporations that want to let employees access work applications from personal phones without becoming a security threat. A new virtualization-style technology that works on both Android and iPhones creates a work container that is isolated from an employee's personal applications and data, letting IT shops manage just the portion of the phone related to work.

This isn't a new idea. ARM is talking about adding virtualization into the smartphone chip layer. VMware has been promising to virtualize smartphones for some time. What is notable about AT&T's technology is its flexibility. VMware's technology hasn't hit end users yet, largely because it must be pre-installed by phone manufacturers, limiting it to carriers and device makers that want to install it on their hardware.

AT&T's "Toggle" technology, meanwhile, works with any Android device from versions 2.2 to 3.x, as well as iPhones, and can be installed after a user buys it. Moreover, the technology is somewhat separate from AT&T's cellular division and can be used with any carrier.

Read more | Comments

0
Your rating: None