APPLE’S SOFTWARE UPGRADE OFFERS IMPROVED ENDPOINT SECURITY

Apple’s new software upgrade includes new security features to improve endpoint security on the iPhone 4 and later versions, especially when utilized by employees as part of a BYOD practice.

According to Apple, iOS 7 patches 80 known security vulnerabilities, making devices running iOS 6 and earlier systems at risk for infection and other issues. These include addressing issues with certificate trust policies, plus data protection and security, among many other improvements.

ZDNet stated that if the upgrade is not installed on a device, existing bugs could execute malicious code, use applications to discover passwords, send tweets without user permission through sandbox apps and control or interfere with telephony capabilities. Additionally, unpatched devices could experience data leakage despite protection under IPSec Hybrid Auth.

Patches and benefits
SilverSky CTO Andrew Jaquith said in a CSO article that Apple already had a secure operating system with multiple lock down options available before iOS 7.

“With iOS 7, companies will find many of their remaining needs addressed,” Jaquith said. “It’s clear that Apple is listening to their enterprise customers.”

For example, Apple stated in a mailing list announcement that iOS 7 resolves a privilege separation issue where cybercriminals could sidestep authentication restrictions to figure out a user’s password despite a “Erase Data” setting through an app within the third-party sandbox. This patch will greatly improve endpoint security and control, especially where lost or stolen devices are concerned.

Additionally, Apple soothed data leakage concerns with improvements to data security. According to the notification, a hacker could seize credentials and other sensitive information from devices earlier versions of iOS if using a privileged network position. A recently revoked sub-CA certificate has been added to the operating system’s list of untrusted certificates.

CSO also stated that with previous Apple operating systems, a criminal could perform a reset and input their own preferences, allowing them to utilize the device for themselves. However, on iOS 7, once an application lock is activated, a thief cannot use the phone through a system reset.

The upgrade demonstrated Apple’s commitment to their devices being secure as part of BYOD policies. Jaquith said iOS 7 also incorporates additional policies to securely lock down devices, including restriction options for Siri, AirDrop and Dropbox. Furthermore, corporate applications have been restricted from communicating with personal applications.

“In my opinion, Apple appears to have significantly improved the controls which help separate work and personal information,” said Fiberlink marketing director Jonathan Dale, according to CSO. “Users and companies should feel more secure that their data will not go to unintended places.

WHAT MICROSOFT’S NOKIA ACQUISITION MEANS FOR ENDPOINT MANAGEMENT STRATEGIES

Mobile device proliferation has dramatically complicated the endpoint management strategies employed by many leading enterprises, and endpoint security and control may soon get even more difficult thanks to Microsoft’s recent acquisition of Nokia.

Earlier this month, Microsoft sent shockwaves throughout the business and IT worlds when it announced that it would spend $7.2 billion to obtain Nokia’s devices and services business, which includes its line of mobile hardware. With the move to get the second biggest cellphone maker in the world, Microsoft is now expected to be a far larger player in the already crowded device manufacturing market, the Los Angeles Times reported.

“Bringing these great teams together will accelerate Microsoft’s share and profits in phones, and strengthen the overall opportunities for both Microsoft and our partners across our entire family of devices and services,” Microsoft CEO Steve Ballmer said.

Expect further device proliferation
According to the Times, the move comes as Microsoft attempts to better position itself against rivals like Apple as consumers and enterprises further embrace handheld technology. A June report from the Pew Research Center found that 56 percent of all Americans over 18 now own a smartphone, and the rise in popularity of bring-your-own-device policies means that a fair number of these products were ending up in corporate environments for enterprise-related purposes.

However, prior to this deal, Microsoft has failed to capture a significant amount of this market. IDC earlier this month predicted that smartphone sales will grow 7.3 percent by the end of 2013, although devices running the Microsoft Windows mobile operating system are only expected to make up 3.9 percent of the approximately 1 billion cellphones sent out over the course of this year.

While device manufacturers like Apple and Samsung are currently dominating the marketplace, Microsoft’s recent announcement plus other industry happenings will likely create more market parity over the next five years. IDC predicted that between today and 2017, the compound annual growth rate of phones running the Android OS will drop slightly, but it will go up for Apple iOS and Windows phones.

Why endpoint management may never be the same
For consumers looking for more full-fledged smartphones, Microsoft’s recent announcement is welcome news. For enterprises already dealing with personal mobile device proliferation, however, this expected shift in the smartphone market may create more management and security headaches.

When it comes to data leak prevention, BYOD can create a nightmarish situation for IT departments. Many technology professionals are used to maintaining the security of one type of computer running one operating system. However, as more and more smartphones flood the market and enter business settings, these professionals are now tasked with securing more devices and OSs than ever before. With Microsoft making a bigger push into this market, the already complicated task of endpoint security and control just potentially got even harder.

To address this concern, IT departments should consider utilizing state-of-the-art endpoint protection software. Armed with this data leak protection tool, cybersecurity professionals are able to more easily oversee all devices accessing enterprise materials and more quickly alert decision makers should an issue be discovered.

TWO-THIRDS OF ORGANIZATIONS THINK THEY ARE IMMUNE TO DATA LEAKAGE

Most organizations continue to believe that they do not need to pursue assiduous data loss prevention, regarding cyberattacks as either unlikely to occur or financially insignificant even if successful. The rising prevalence of cybercriminal tactics like advanced persistent threats have contributed to this complacency. These gambits tend to evade traditional endpoint security software, and while they lack the profile of denial-of-service attacks,  they are potentially just as damaging.

According to a survey analyzed by Infosecurity, over 67 percent of companies insist that they have not been the victims of a cyberattack in the last year and a half, or admitted that they had little visibility into whether one had actually compromised their networks. The survey’s coordinators expressed skepticism about these results and pointed to the wide array of vulnerable mobile and desktop endpoints now commonplace in businesses.

“Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter”, said survey coordinator and security expert Tom Cross. “I would assert that if you’re unsure whether or not your organization has had a security incident, the chances are very high that the answer is yes.”

Sixteen percent stated that they had experienced a DDoS attack over the same period, and 18 percent reported that they had encountered malware. Still, most regarded the consequences as slight and not worthy of new endpoint security and control strategies. Thirty-eight percent stated that they had not been impacted by identified security breaches, and only 20 percent admitted to financial loss.

Reputational loss was more widespread, however, affecting one-quarter of respondents. Underscoring the potential consequences of cyberattack on both reputation and finances, a recent incident at The University of Delaware resulted in the exposure of sensitive data of 74,000 individuals, according to WDEL contributor Amy Cherry. Attackers targeted the school’s website and scraped information about Social Security Numbers and university identifications, forcing it to provide free credit monitoring to affected parties.

VARIED STORAGE MEDIA, WINDOWS XP COMPLICATE DATA LOSS PREVENTION

What are the most likely catalysts for data leakage? IT departments may now have entered a perfect storm of risks, emanating from rising use of cloud services, increasingly fragmented device fleets and ongoing consumerization trends in both software and hardware usage. As a result, many leaks occur accidentally, and total incidents have been ballooning in both frequency and scale over the past decade. An endpoint security and control strategy that combines technically precise monitoring tools with adequate employee awareness is the only way for organizations to protect themselves in the current threat-ridden environment.

Corporate applications like email services are often much slower, albeit more secure, than their consumer counterparts and perform less ideally outside the confines of the company network. Accordingly, employees often resort to popular commercial webmail services that run well in nearly any environment, and this universality pairs well with the self-supplied hardware, especially smartphones and tablets, which they use for both business and leisure activities.

IT departments must improve file tracking visibility
By doing so, workers create many endpoint security risks tied to the unsecured movement of files, although some fault lies with IT departments that have not adopted comprehensive monitoring tools. According to a IPSwitch survey summarized by CIO.com’s Rich Hein, departments often fail to keep tabs on activity from personal email accounts used on their networks. An older study found that more than 70 percent of IT executives had no visibility into file movements within their organizations.

Aside from better performance speed, employees may use personal accounts to share large files that would otherwise be blocked by corporate email restrictions. Consumer cloud services like Dropbox have complicated data loss prevention efforts because of their similar facility with large file transfers, which users may tap into using an inter-app “Open In” button that is not properly secured.

“Opening documents in third-party applications presents some unique challenges related to putting corporate data at risk,” Fiberlink security officer David Lingenfelter, whose organization also conducted a survey on data leakage risks, told Hein. “The first risk is sharing data with third parties, including applications like Facebook and Dropbox. While employees may naturally use caution when forwarding emails, the ‘Open In’ functionality is much less obvious, and they may be leaking data using ‘Open In’ unintentionally.”

BYOD and lost devices
Endpoint management must also address a dizzying range of at-risk hardware. Hein cited a security study that found that 62 percent of IT employees believed it was okay to put corporate files on their personal devices, and that most of them never deleted these items.

USB thumb drives are a common way to improperly move files, with 33 percent of Fiberlink survey respondents stating that they had lost a drive containing confidential information. However, security executives have to be aware of smartphones and tablets with increasingly large storage capacities supplemented by consumer clouds. Over half of respondents admitted to using such devices for work. Without remote wipe capability, a lost mobile device can translate into major financial and IP-related damage.

BYOD, CONSUMER APPS LEADING CAUSES OF CORPORATE DATA LEAKAGE

What are the most likely catalysts for data leakage? IT departments may now have entered a perfect storm of risks, emanating from rising use of cloud services, increasingly fragmented device fleets and ongoing consumerization trends in both software and hardware usage. As a result, many leaks occur accidentally, and total incidents have been ballooning in both frequency and scale over the past decade. An endpoint security and control strategy that combines technically precise monitoring tools with adequate employee awareness is the only way for organizations to protect themselves in the current threat-ridden environment.

Corporate applications like email services are often much slower, albeit more secure, than their consumer counterparts and perform less ideally outside the confines of the company network. Accordingly, employees often resort to popular commercial webmail services that run well in nearly any environment, and this universality pairs well with the self-supplied hardware, especially smartphones and tablets, which they use for both business and leisure activities.

IT departments must improve file tracking visibility
By doing so, workers create many endpoint security risks tied to the unsecured movement of files, although some fault lies with IT departments that have not adopted comprehensive monitoring tools. According to a IPSwitch survey summarized by CIO.com’s Rich Hein, departments often fail to keep tabs on activity from personal email accounts used on their networks. An older study found that more than 70 percent of IT executives had no visibility into file movements within their organizations.

Aside from better performance speed, employees may use personal accounts to share large files that would otherwise be blocked by corporate email restrictions. Consumer cloud services like Dropbox have complicated data loss prevention efforts because of their similar facility with large file transfers, which users may tap into using an inter-app “Open In” button that is not properly secured.

“Opening documents in third-party applications presents some unique challenges related to putting corporate data at risk,” Fiberlink security officer David Lingenfelter, whose organization also conducted a survey on data leakage risks, told Hein. “The first risk is sharing data with third parties, including applications like Facebook and Dropbox. While employees may naturally use caution when forwarding emails, the ‘Open In’ functionality is much less obvious, and they may be leaking data using ‘Open In’ unintentionally.”

BYOD and lost devices
Endpoint management must also address a dizzying range of at-risk hardware. Hein cited a security study that found that 62 percent of IT employees believed it was okay to put corporate files on their personal devices, and that most of them never deleted these items.

USB thumb drives are a common way to improperly move files, with 33 percent of Fiberlink survey respondents stating that they had lost a drive containing confidential information. However, security executives have to be aware of smartphones and tablets with increasingly large storage capacities supplemented by consumer clouds. Over half of respondents admitted to using such devices for work. Without remote wipe capability, a lost mobile device can translate into major financial and IP-related damage.