Mobile Archives - Page 5 of 9

David Abbou

As mobile banking transactions and enterprise mobility continue to dominate commerce in today’s digitally wired economy, banks and financial institutions around the world have had to sober up to the new harsh security realities, and have suffered damaging data breaches which hurt both their reputation and pocketbook – and it’s little wonder why. With all of that mobile financial data in constant motion between banks and their vastly growing mobile device network, a lucrative market has opened up for cybercriminals. They want their “piece of the pie”, and they’re not about to take no for an answer.
Hackers use an assortment of attack methods to pry client and business financial data from mobile devices, including malware, Distributed Denial of Service (DDoS) attacks, phishing, and keystroke logging amongst their most popular ways to break through security. Mobile devices are inherently more vulnerable to these attacks then well-fortified enterprise servers, as mobile banking employees store a wealth of information when using their personal email and favorite consumer apps. A study by Cisco revealed that while 83 percent of banking employees use their smartphone for work purposes, only 67 percent password-protect their device. These security gaps left open by employees are just one contributing factor which makes devices a relatively hack-friendly platform. The other major issue: Device security solutions can only offer a limited degree of protection, and when data is your most critical asset, that’s not nearly enough to prevent attackers from exploiting vulnerabilities and making their way to the corporate network. BYOD Smartphones and tablets have essentially become a fraudster’s paradise.
Banking security executives have come to realize the gravity of risks involved in rolling out mobile financial applications, both for consumers and for enterprise employees. Millions of smartphone users log in regularly to their banking accounts from their mobile devices, and banks have invested a great deal in innovating customer-facing apps in ways that save time, money and administrative overhead. These new features include being able to scan your cheque with your device and depositing it into your account. But the fear amongst C-level security officers is how these innovations can be hijacked from inside the user’s device and follow the data trail right on through to the enterprise network. The same fears hold true of enterprise apps residing on personally owned devices. It’s clear that a higher level of security is needed to protect data on BYOD devices.
As with many other sectors, financial firms have been using device-centric solutions such as MDM and MAM as part of their security strategy. While these approaches have been helpful in limiting the number of security attacks targeting devices, a higher level of security is needed for sensitive financial data, which when breached, can incur financial loss as well as stiff regulatory penalties.
The time for financial services to evolve in their mobile security approach is now, so that they can empower their professionals to compete and contribute to the bottom line from wherever they are, while being secure that their money is “in the bank”.
How do banks champion BYOD and support employees in using their preferred mobile devices while sealing off the entry-point to both proprietary and client financials? Make corporate data accessible, but keep it 100 percent separate from personal devices. This solution can be achieved by leveraging a relatively new and emerging approach known as Virtual Mobile Infrastructure. Under VMI, mobile enterprise apps and data are stored and managed from a remote server and transferred to devices as a display using one flat protocol. This turns the employee’s mobile device into a thin client with which employees access the reflected image of the apps from the server. Because a mobile OS is used to run apps which are optimized for a mobile interface, users can work with apps in the same way they use popular consumer apps on their personal device. But all corporate data stays where it can be best protected, the enterprise data center. If an employee’s device is lost or stolen, all IT has to do is disconnect its access from the network. Keeping these corporate and personal worlds separate also gains confidence with employees by removing fears of IT tampering with their personal devices and infringing on their privacy, which will boost compliance with BYOD policies all the more.
For banks and financial services firms, leveraging mobile data while ensuring it receives the highest possible level of security will be increasingly integral to their competitiveness in the market.

David Abbou

All Microsoft mobile app jokes aside, it’s no secret few cloud sync and share vendors have been able to deliver on high quality, native mobile functionality for enterprise office tools. CloudOn was a rare exception to this rule, and now they have been scooped up by cloud storage provider Dropbox, who has been on a torrid shopping spree of late.

Up until now CloudOn has been a tremendously successful startup, amassing over 9 million users since it entered the market in 2012. At the time, there was no offering available to consumers which coupled both file storage and collaboration abilities with mobile-first content creation apps. Cloudon’s team of founders stepped in, and in the eyes of many were the first to provide office apps for enterprise that were driven by the needs of mobile users. Where others in the space tried with only limited success to modify their desktop iterations for mobile interfaces, CloudOn simply “got it right”. Microsoft’s OneDrive, Google’s Drive and Box have since invested a lot of effort to fulfill this need.

But right up until its founders agreed to the as yet undisclosed offer they couldn’t refuse, CloudOn was seen by many as a shining light, a beacon for user experience excellence. Their detailed focus on ’gesture-first’ design allowed them to stand out from the competition, and for users to tap, type, pinch and grab their way to document creation. Their ability to integrate with all of the aforementioned cloud storage services above also gave them a distinct leg up.

But as of March 15, CloudOn’s service will be shut down for good, and it remains to be seen what the net effect will look like for consumers. Without a shadow of a doubt, the market needs more business-class apps with the fresh, mobile-first UX design that helped CloudOn users to create and share over 90 million documents to date.

There are many questions that have been left unanswered. How does Microsoft’s partnership with Dropbox figure into the bigger picture? Are the unique elements CloudOn brought to the table going to be resurrected on a mobile device near you, only this time in the form of a Dropbox or Microsoft offering? The recent launch of Harmony addresses desktop apps, but in an increasingly mobile workplace, a rather large part of the enterprise puzzle is about to go missing. Or did Dropbox simply buy out CloudOn and absorb its brain trust to eliminate a worthy competitor?

One fact is certain: these moves reflect Dropbox’s determination to make significant inroads into the enterprise market.

Meanwhile, enterprise mobility users deserve top-class productivity tools that can be easily shared and collaborated on the cloud. Here’s hoping that as Dropbox looks to integrate enterprise mobile productivity apps with Microsoft’s current suite, consumers will gain the intuitive user experience that quickly became CloudOn’s signature quality.

David Abbou

As organizations continue evolving in the digital age, they will increasingly look to integrate data-rich mobile applications with mobile devices, empowering their workforce with the ability to add organizational value from any location. As the number of enterprise and consumer apps continues to proliferate, however, businesses are facing technical challenges that if not overcome can work against the very productivity benefits their enterprise mobility programs are supposed to enhance. Enter one of today’s most pressing mobility priorities – password management. This challenge is already on the front-burner for corporations in many industries. As access to more corporate data is needed by professionals, IT must figure out how to simplify authentication processes. Creating and implementing a secure Single Sign-on (SSO) process is becoming another must-have, but the complexity of this challenge is causing too many enterprises to delay tackling this issue head on.

But analysis paralysis costs organizations time, money and valuable IT resources. Requiring users to undergo separate log-in and authentication processes per mobile app creates several significant issues that span both sides of the employee – IT security spectrum:

1. Workflow disruptions and hampered productivity

Time is money. Having to remember multiple passwords or re-entering the same password multiple times to access the enterprise apps equals too much time being spent on menial sign-on processes, contradicting all the time-saving benefits mobility is supposed to produce. Users (aka people in general) have proven to be notoriously inefficient at creating and remembering multiple passwords with any degree of reliability. The tediousness of it all leads to the next major issue…

2. Deters users from using enterprise apps altogether

This one is not rocket science. No matter how impressive a product you may produce, not nearly enough people are buying if you don’t make the experience a comfortable one. The same is true for enterprise apps. Unlike desktops or laptops, touchscreen functionality makes typing passwords on smartphones much slower and less user-friendly. Not the end of the world if you’re typing a password once or twice, but definitely a nuisance if you need to re-enter it several times in one workday. This results in too many users resorting to ad hoc methods of getting their work done. This circumvents security policy and undermines the potential that can be accomplished by everyone using a uniform platform to transmit and share data. But it’s not just users who feel the migraine. If they’re feeling the stress, you can be sure it will projected onto IT…

3. Burdens IT with troubleshooting user errors and managing multiple user IDs:

Still don’t have a SSO process in place? I have one question for you: How big is your Help Desk?! The preventable traffic directed towards your IT staff to satisfy forgotten passwords and reset requests affects both the quantity and quality of their own performance. It’s safe to say their resources would be best allocated elsewhere. Another significant load levied on IT administrators is the need to handle multiple user identities and create separate credential directories for each app. And that’s not even including the time spent on password security vulnerabilities…

4. Multiple passwords open the door for hackers to enter your network

Hackers are keenly aware of the opportunity that password processes offer them, and the more inefficient these processes are all the better for them. Keylogger malware or keyboard capturing is a very prevalent attack method where the user’s keystrokes are recorded by the intruder. This is often used to capture passwords and access enterprise apps where valuable data can be stolen. But mobile apps and device data are just the beginning. The captured credentials can also be used to log-in and attack network resources behind your organization’s firewall.

How to implement an SSO process

The mission then is clear: implement an SSO process that lets users access multiple apps and services by logging in just once. But this project doesn’t have to become a ’Mission Impossible’ if planned with the right components. Here are the must-have ingredients:

1. Central authentication platform

First, you’ll need one centralized platform to handle identity management and deliver mobile app access to all of the different BYOD devices in your network. This is necessary so that users will log in to this platform only once and have their credentials authenticated and approved.

2. Authenticate device passcodes, not domain passwords

All BYOD users should be required to use a passcode on their devices and this is directly related to how mobile security threats such as keyboard logging, phishing and man in the middle (MITM) attacks intercept passwords. You can’t always control if a password can be compromised within a mobile device, but you can control how far that password will take the intruder. Using device passcodes in tandem with a One-time Password system is much more user-friendly and prevents many of these security threats.

3. One-time Password (OTP)

OTP systems also helps prevent the above-mentioned attacks and other hack techniques by ensuring that a unique and temporary password is used only once – each time a user logs into a session. Using this method in addition to smartphone passcodes goes a long way towards strengthening the authentication process.

4. SSL VPN

Access to the network needs to be granted through your corporate VPN network first. This is more secure and works well in combination with an OTP system. An SSL VPN will let you grant users access to specific apps they are approved for.

5. Enterprise Authentication Standards

Typically the go-to authentication protocol has been Kerberos, which allows users to login once within either a LAN network, domain or from a mobile device. Users request encrypted session keys/tickets to access network resources, instead of keying in their password. These tickets are typically time-stamped helping reduce the risk of eavesdropping and replay attacks. While Kerberos has worked very effectively for PCs and laptops, it can be much more problematic when extended to mobile devices. A popular alternative protocol to use is SAML 2.0, an open, XML-based protocol which enables the creation and use of a security token which can be used to log into multiple apps. This facilitates cross-domain SSO processes and allows users to log in using existing IDs, such as Facebook or Google credentials.

6. Consider your Security Architecture

Integrating SSO for mobile devices is going to become the standard going forward. So it’s important to consider in which way this can be achieved most smoothly and securely. You need a solution that can support the various mobile devices, each version of each accompanying OS, the variety of enterprise apps and SaaS tools that you need to provide to your users. One technology that complements all of these requirements effectively is Virtual Mobile Infrastructure (VMI). Under VMI architecture, a centralized mobile platform situated on a remote server runs a mobile OS which supports all mobile OS versions and devices. This is where all of the apps and network services your enterprise needs to deliver to mobile devices is stored. In light of this, enterprise IT can manage SSO and password management from a much more controlled environment. A reflected image of the apps is transferred to devices using remote display protocol. OTP systems and all other authentication details are not exposed to mobile devices, neutralizing many of the security risks that mobile devices have introduced to your network.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	Google analytics
_gid	24 hours	Google analytics