Extending the Edge

In the past, security professionals were tasked with keeping a company’s systems protected, so like a castle they put up walls and fortified the inner defenses the closer one got to sensitive data. It worked great for a while. Then came the road warriors and the teleworkers. No longer were employees’ devices safe and protected behind the walls. They were out in the world unprotected and in need of access to the secrets buried deep within the heart of the network. So along came the VPN, kind of like a carrier pigeon relaying coded messages back and forth. Not too bad for IT administrators when you have only a few operatives outside the office working. Fast forward to today. All of your employees are carrying tablets and smart phones and need to work on spreadsheets and PowerPoint presentations, while attending little Suzie’s piano recital away from the office. The CEO wants to review the latest widget specs, while he is on the golf course with the president of one of your company’s biggest clients. No one wants to carry around a token and wait to log into some secure tunnel and wait for it to authenticate them everytime they want to access the network. No, they just want immediate access to their data anywhere, anytime. Suddenly those walls are no longer protecting your data. They are holding up progress, and the well-defined edge of your network has been extended to everywhere.

The VPN is not going away, but neither are those walls. There are a swirling myriad of options out there for extending your network’s borders. We have talked about hosted content management services in the cloud and cloud hosted software apps. We have talked about Remote Desktop Services in windows server and even about VPNs before. But making it all seamless and simple for users is the real challenge. For those of you ready to go full tilt into a Microsoft only world, the latest and greatest server and client OS Microsoft has to offer can provide an entire remote access solution. The Microsoft solution provides on-demand, location aware no muss no fuss secure remote access with a technology called Remote Access. There is no direct support for non-Microsoft devices that run Android or iOS. So another solution is needed. If you aren’t ready to move all of your data out onto the cloud, a VPN is still going to be required. Setting up the VPN on everyone’s mobile device and again each time they get a new one is going to be a very time consuming process. Enter MDM or Mobile Device Management. MDM allows you to control and manage devices from multiple vendors using rules and policies like you would Windows desktops within Active Directory on the server. MDM also supports Bring Your Own Device or BYOD and some MDM platforms even allow users to register their devices themselves so they don’t have to involve IT when they switch devices or get a new one. The MDM will configure the VPN on the device and the network admin only had to set it up once.

Before I finish up, I want to interject a bit of news for those people using non-Microsoft devices, like the iPad. In a previous article, I wrote about Remote Desktop Services and mentioned them briefly above. When I wrote about Remote Desktop Services for remote access before, there was no Microsoft Remote Desktop app available for iOS or Android devices, though some 3rd party solutions did exist. Recently, Microsoft released the RD Client for iOS and announced it would soon release an Android version as well. This new app fully supports Microsoft’s latest Remote Desktop technologies. It also is fully touch enabled. When working with a desktop running Windows 8, the RD client will transfer all of the touch gestures Windows 8 recognizes just like you were sitting at that Windows 8 touch enabled device. It is almost ironic that you can turn your iPad into a Windows 8 Tablet using the Remote Desktop app and give users outside your network secure access to their office desktop in just one step.

The old rules of networking have changed. The walls are crumbling, and keeping up with need to access data from anywhere is just as important as keeping that data secure. Now is the time to develop a plan to improve your company’s mobility and flexibility, because if you don’t your competitors will. You don’t want to end up trapped in your castle a prisoner of old technology. Break out, and you and your employees will be free from the chains that bind them to a desk.

Malicious Mobile Apps

Today, mobile devices like smartphones and tablets seem to outnumber desktops and laptops more than 2 to 1. They are the most used electronic devices on the planet. Criminal hackers are like viruses or scavengers, creatures of opportunity. With the growth of mobile devices, opportunity is shifting from computers to mobile devices. The lines between corporate and business are blurred, the defendable edge has all but disappeared with personal and corporate data being dispersed all over the world in order to give people anytime, anywhere access to data. Every one of these mobile devices is an opportunity for an attacker to gain access to your data. Now I am not saying we should stop using mobile devices or that the freedom to work anywhere other than your desk should be limited or taken away. I am saying that it is important to know that there are risks involved in this transition.

Malicious Mobile Apps or MMAs are apps that you install on your device that can steal information, track the user, send content, or reconfigure the device. These apps have found their way to the Google Play app store and also to the Apple ITunes app store. These MMAs are generally free targeting users looking for free apps. According to Webroot, a computer security company, nearly 80% of the top 50 free apps for iOS and Android devices are associated with risky behavior or privacy concerns that could lead to the infection of a mobile device. This is known as being rooted. Another risk to the security of a mobile device is jailbreaking it. Jailbreaking is the use of some software product to remove the restrictions imposed upon a mobile device by the manufacturer and/or mobile data provider. Jailbreaking allows for apps to be installed on the device that have not been through the standard approval channels or behave contrary to the manufacturer’s intended use for the device. These apps can be loaded with potentially malicious software. Jailbreaking is easy to stop, just don’t do it and the problem is solved. No matter what someone says about how awesome it is to have a jailbroken phone or tablet it isn’t worth the possible risk to your personal and company data.

According to Webroot, MMAs increased in number by almost 60% in 2012 and accounted for more than half of all mobile malware. The threat to mobile devices is real and growing, and if your business is going to allow mobile devices to be used to access company data and resources you need to have a plan to protect these mobile device just like you do with your computers. Let me say that Apple and Microsoft mobile devices are, in general, the more secure — with Apple being the most secure, due to how tightly they control the approval of apps that can be installed on their mobile devices. Apple Devices are not invulnerable as some malicious apps have surfaced, but have been quickly squashed once the app was identified as malicious by Apple. Android however is a bit of a different story. They allow not only software from their app store to be installed but allow for third party apps to be side loaded as well giving developers and end users a lot of freedom. Android does however support anti-malware software. If you have Android devices, insist that they have this type of software installed before allowing them to access data on your network. Here are some other tips to help keep mobile devices safe. Do not allow jailbroken devices on your network, inform users of the risks of using their mobile devices, only install apps from trusted sources and app stores. Some tips that should go without saying: always secure the device with a strong password and make sure any encryption features are turned on and make sure the operating system is up to date. Finally, consider drafting some mobile device policies and adopting a mobile device manager to manage and enforce the mobile policies.

We live in a technological world untethered from old restrictions of how and where work is done. That doesn’t mean we have to hang ourselves with the rope we have loosed. Instead, use it to keep your data and privacy from drifting out of reach. Work with a trusted advisor to help you tread the waters of this wide open world that we work in today.

Bobbing for Apple

It’s October, and Apple has released a bevy of updated hardware into the world. New laptops and Pro desktops are available at reduced prices. Most devices dropped anywhere from $100 to $200 though people are still paying a premium for Apple’s latest iterations of these computers. Most of us are not interested in pulling these devices from Apple’s hardware barrel. Our winning Apple is the iPad.

While the latest iPad is an impressive device, there was nothing really earthshattering about the incremental upgrade of the iPad. Let’s go over the high points of the announcement. The new iPad is thinner by almost half, which also makes it lighter. It is now so light that Apple has decided to give the new iPad a new name: iPad Air, because it only weighs 1lb. The iPad Air gets the new A7 64bit processor like the new iPhone, making it quite the speedy little device. Apple has also improved WiFi speed by adding additional antennas to the device and enabling a technology called MIMO that allows the use of multiple antennas to increase speed or bandwidth. Dual microphones have been added to improve the performance of apps that use the microphone like Siri or Facetime calls. The last change is to the available colors. The 2 new color schemes to choose from are silver and white or space grey and black, like the iPhone. Amazingly though, with all its improvements, the iPad retains its 10 hour battery life.

The iPad Mini also got a boost to its hardware, including a retina display. The Mini got the same upgrade to its processor as the iPad Air as well as the WiFi antenna upgrade. The Mini now also mirrors the full-sized iPad’s camera hardware both with the 5mp iSight camera on the back and the Facetime HD camera on the front. Now the iPad Mini packs the same punch as its bigger brother, but at a starting price that is $100 less. That is pretty much it for the updates to the iPad Air and iPad Mini, both of which will be available November 1st.

Now while this update to the iPad might seem a bit lackluster, there were a few surprises in Apple’s announcement. First is the new OSX Mavericks for the Macs. Apple has given updates to their desktop operating system to its customers at an extremely low price for a while, but surprisingly they are now giving it away for free and taking a chance to shoot a jab at Microsoft for charging hundreds of dollars to upgrade to its latest operating system. Some other favorite Apple software also had their prices bumped down to $0 yesterday. The popular iLife suite which includes apps like Garage Band is now free not only on the Mac but also on iPhone and iPad. In addition, iWork also dropped its price to goose eggs on all Apple devices, making Apple’s productivity suite which competes with Microsoft office more than affordable — it makes it a no brainer. Along with iWork and iLife are a suite of complimentary web services intended to compete with Office365 Cloud services that if my ears did not deceive me is also free. Now there is one caveat to getting your slice of all this free goodness — you only get them with the purchase of a new Mac, iPhone, or iPad. Still, this bold move looks to me like a shot across the bow of one of Microsoft’s flagship products that if we are lucky might just start a war. To check out all the latest on what’s floating around in Apple’s barrel, take a look at their website at apple.com.

Hosted Voice over IP

Voice over IP or VoIP phone systems have been around for some time now. They promise a myriad of features from real-time presence to unified communications to help make businesses more efficient. I have, for some time, been a huge advocate of leaving the old multiline phones and basic key systems behind and moving even the smallest business to VoIP systems because of their flexibility. Recently, I have seen a shift in the market for the smaller business market. Where features and hardware for these systems were becoming more and more accessible to smaller offices, suddenly providers like Cisco are now pulling out of the small office phone system market, catering to offices with at least 50 – 100 users. The prescribed solution for these smaller offices is to employ a hosted solution where the only hardware in the office is the phone sitting on the desk. This isn’t a new concept. In the past, I have stayed away from hosted VoIP, not because there is a problem with it but because in WV in many areas reliable Internet access has been, well unreliable. Internet services in the Kanawha valley have improved, though there are still some occasional pain points. Cities like Charleston and Huntington are beginning to see Metro Ethernet services being delivered that provide internet speeds nearly as fast as what internal network speeds average. So with that, I think it is time to take a closer look at what a hosted phone service can do.

I have recently partnered with a company called Digium that provides a VoIP phone system that claims to be one size fits all. For one price, users get all the enterprise features that other vendors want to provide as add-on services. Not only does Digium provide on-site systems, they also offer hosted solutions in the cloud. Some of the features include voice mail to e-mail, detailed call reporting, personal call routing rules, auto-attendant, user switchboards, and many more. Digium isn’t the only player in town: 8×8, Shore Tel, Ring Central, and Megapath are a few of the other hosted providers you will find, if you do a quick Google search — all with many of the same features. But I am not writing this article to sell a VoIP service. I want to make you aware of the viability of using this in a small office. Most of these services cost anywhere from $20-$40 per month for each user. For a 10 user office that could be upwards of nearly $500 a month. That might seem like a lot, but consider that leasing a similar system will cost almost as much with only the most basic features. Already there is a cost benefit. Don’t get me wrong. There will still be some set up cost involved. Most users will need physical phone hardware that will run $100-$600 per phone, depending on features and the number of lines the phone needs to support.

If you are worried about your internet going down or power outages, redundant systems can be installed; and, because everything is in the cloud if you need to send everyone to work from home for an extended period of time, all they would need would be the phone off their desk and an internet connection and phone calls would resume as normal. Battery backup or generators could be put in place to keep phones and other systems running during an outage. I told you VoIP is flexible. If your phone system has gotten old or you want to be more flexible when it comes to communication, I recommend that you look into VoIP. And, if you have 10 or fewer people I think today hosted VoIP is worth checking out.