Category: Security

Raz Tourgman

As an Android developer here at Nubo, it’s a safe bet to assume that most of the time you can find me coding diligently at my desk. It’s rare that I get to experience a change of pace, so when my CEO asked me to join him at our booth for last week’s Cybertech 2015 conference I was game to put on different hat and venture out to connect with the outside world.

This year’s event drew information security professionals from all over the world including CISOs, CIOs, R&D execs, tech integrators, resellers and consultants. Not too long after the conference kicked off, I realized there wasn’t much time to “warm up” as flocks of curious attendees flooded the startup pavilion. Before I knew it I was a one-man VMI marketing machine! Whether they’d heard of Virtual Mobile Infrastructure yet or not, I welcomed the challenge of illustrating our security architecture and what makes it different from other enterprise mobility and security solutions.

At Nubo I focus on the front-end side of our mobile platform and how to maximize user experience. A large part of this is customizing the platform and our communications trunk for the Android OS. Our team also developed the Control Panel so that administrators can customize users and groups and other configurations in an easy and intuitive manner. We’ve also created a real-time, “WhatsApp” style messaging app so employees can communicate and collaborate with each other.

Above all, our main challenge is to design an app capable of working within a virtual environment, and give users the exact same experience they’re use to with their favorite consumer apps. Essentially Nubo is a virtual device located on a remote server which can be accessed by users’ mobile devices.

It’s been a long time since I’ve had the opportunity to see new faces and get out and connect with them in a less formal setting. It also gave me an opportunity to learn about the myriad of other emerging data protection innovations, such as malware scanning agents and customized OSs.

I met such a diversity of attendees that came from all over Europe (Holland, Spain, Germany, France, Ireland and the UK), Asia (Japan, South Korea, China), Canada, the United States and South Africa. Before I knew it I was a VMI marketing machine, emphasizing to all the unique value Nubo brings to enterprises and their employees.

It was a rewarding and enlightening experience. Meeting with fellow tech and mobility pros as well as consumers lets you hear first-hand what is most important to them, what their priorities are when it comes to working remotely and which mobile applications and features they need the most. This feedback always helps me in understanding the users’ needs and keeping this in mind in my work.

Also receiving such positive feedback from people showing genuine interest in what Nubo can do for their business makes me appreciate the work our team is doing that much more.

Although I’m content returning to the office and to my coding, I’d jump at the chance to get back out and connect with our peers in the vast and fascinating tech ecosystem.

See you at next year’s Cybertech conference!

David Abbou

It’s amazing how fast mobile technology has become intertwined with both our personal and business lives. For BYOD users, their mobile device has fast become a one-stop shop for both work and play. In a world where there’s always “an app for that”, BYOD users are increasingly interacting with both work and personal apps on their smartphones. There’s really not much you couldn’t find out about many mobile users if you could peek into their browsing history or the apps they like to play with. But the virtual playground is one we also share with cyberattackers.

Take love and dating for example. Mobile users turn to dating apps like Tinder, OKCupid and POF in their pursuit of romance. But love in the mobile world is just about as risky as in the real world, only worse – you could infect your boss – or your company’s data to be precise! An IBM study of 41 popular Android dating apps revealed that more than 60 percent possess medium to high-severity vulnerabilities which are prone to cyber attacks.

73 percent of the apps examined obtain access to the device’s current and historical GPS location. Cybercriminals can exploit this data to identify the user’s home and work information and other preferred destinations. Other vulnerabilities surrender control of the device’s camera and microphone even when the user is no longer logged into the app, as well as storage and billing details to lurking cyber criminals. Once these vulnerabilities are leveraged to compromise device security, intruders can hack into the corporate network and steal sensitive information.

These threats of course extend beyond apps and can be added to the pile of mobile malware that comes from users surfing online on vulnerable dating sites. But let’s not forget the sexiest threat gaining prominence right now – ransomware. Spread through e-mail attachments and infected web sites and programs, this type of malware encrypts the victim’s data and demands some type of payment for the decryption key. Typically, ransomware manifests itself in one of two ways. The first is locking your screen entirely and displaying a full-screen demanding the ransom amount. The second scenario involves locking files such as documents and spreadsheets on the device with a password. Imagine the damage and chaos this could wreak to employees and their colleagues collaborating on important documents in addition to the risks of losing sensitive corporate data.

And you don’t necessarily need to be surfing one of those naughty sites to fall prey to this trap. In fact, a lot of ransomware injects your device with indecent materials with the aim of scaring you into paying rather than explain the embarrassing material found on your device.

So how can organizations and users practice safer BYOD?

Educate your users

You can’t stop what you don’t know. Your IT department needs to be in regular contact with HR and Communications. As they compile more knowledge on the latest malware and app security risks, practical security practices need to be delivered to all BYOD users. This isn’t a one-off event, it’s about creating a more educated workforce that’s better equipped for the new BYOD world. Like other major strategic organizational objectives, a security conscious mobile workforce should be a made priority and be incorporated into your organization’s orientation and employee communications programs. This is a long-term investment that will help your organization reduce mitigate mobile security risks. More employees will exercise caution if they are attuned to the dangers inherent in many consumer apps and why they should only download from authorized app stores.

Keep Corporate and Personal Data Separate

The more invested businesses of all sizes become in BYOD, the more important keeping corporate and personal data separate becomes for your organization’s security. That’s because the mobile app market – be it consumer or enterprise – is going to continue to grow at a prolific rate, and the security risks both old and new are sure to keep coming. App wrapping and other containerization methods can only take mobile security so far because the encryption keys that hackers seek are located on the device. Newer security approaches like Virtual Mobile Infrastructure have emerged that let organizations keep and control their enterprise apps and data on a remote and secured mobile platform. The apps are transferred to devices as a display using a single thin client app and deliver a native mobile user experience with both Android and iOS devices. No matter what your employees are downloading and what malware they may be attracting on their smartphones or tablets, their personal and enterprise apps will not be mixing and mingling in the same location. Which means IT can sleep a whole lot easier knowing their apps are away and safe from the never ending stream of mobile device and application threats.

David Abbou

The United States Department of Homeland Security has sponsored National Cybersecurity Awareness Month since 2004, and the gravity of this important cause has never been more powerful. With Celebgate terrorizing celebrities and large-scale breaches against corporate giants like J.P. Morgan Chase, Wal-Mart, Home Depot, Target and Neiman Marcus, 2014 hammered home the importance of cybersecurity awareness to individuals and organizations alike.

Nubo Software CEO and Founder Israel Lifshitz agrees that an educated society is a safer one, and that the earlier we learn how to navigate safely in our interconnected society, the safer our worlds – both physical and virtual – will be as a result. Here Israel reflects on the ironic path that led him to champion this cause and develop Virtual Mobile Infrastructure (VMI) as well as the important responsibility individuals, corporations and government share in creating a secure future.

Q: When did you first realize that you were passionate about cybersecurity?

A: I started programming at the age of 10, back in the mid-80s, when there where was no such thing as cybersecurity. In the mid-90s, I started to encounter Information Security managers at work and the way they implemented measures was stifling to my productivity. I actually viewed them as a burden. When I was completing my studies at the Technion, my feelings started to change. I took courses in network security and encryption and my curiosity was piqued by how these technologies worked and protected important communications and data. After I founded SysAid I understood the problems faced by security officers and could relate with the challenges they faced trying to safeguard companies with many employees and critical data systems. I also recognized the contradiction that existed between managing security while trying to provide a quality user experience to your clients. It challenged me to find a way to provide effective security with uncompromised user experience.

Q: Was it this paradox which inspired the creation of Nubo Software?

A: It was definitely the paradox, and the huge gap that existed between user experience and security that I felt need to be solved, and it became an even more prominent issue when as BYOD became a reality for most organizations. This revolution was led by end users who demanded access to tools that they were familiar with as consumers. However, the security measures which IT felt compelled to implement acted as a barrier to providing employees with this flexibility. Nubo was born in order to solve this dilemma and provide the highest level of security and native user experience.

Q: There are various philosophies and approaches out there towards providing security for mobile devices. Why is it so important in your eyes that zero corporate data be stored on personal smartphones and tablets that employees bring to work?

A: It’s a fact that mobile devices are the weakest link to security in a BYOD environment. They’re owned by employees and therefore it’s impossible for IT to micro-manage them. By their very nature, they are mobile and routinely connect to many unsecured networks, and of course they are regularly misplaced and lost by users. If you multiply these scenarios by the millions of employees using BYOD, you can comprehend that even the best CISO in the world cannot ensure that their sensitive data won’t be leaked. In fact, most CISOs won’t even know these leaks ever happened. A security solution that can works on such a large scale must keep all corporate data within a secured and centralized location. This solution must also be able to grant employees the same user experience they are used to in working with native apps. The only solution that can provide both of these important requirements – zero data on devices and native apps – is Virtual Mobile Infrastructure (VMI).

Q: Why is raising awareness on cybersecurity becoming more important as our technology continues to evolve?

A: Technology is always evolving and companies’ are becoming more and more dependent on technology and digital infrastructure. This means that securing the data is increasingly more critical than ever before, and in many ways has exceeded the need for physical security. Banks are a great example of this. They store much less cash on-site than they actually keep within their databases, but have spent significant resources trying to protect physical assets. Over the years, however, their awareness to this reality has seen them devote more focus to protecting their systems from cyber attackers.

Q: If this is the case in private sector, how much more vital is it to use the highest possible level of security at the government level?

A: Businesses that lose client data and money as a result of security breaches is one issue, but when you’re speaking about national security, we are talking about the lives of millions of people potentially at risk. Military and defense agencies are facing a wide variety of cyber threats in parallel to the existing physical threats they already deal with. With these stakes on the line, there simply isn’t any room for error and you need to ensure that the most sensitive data is kept where it’s safest.

Q: While public awareness campaigns like National Cyber Security Awareness Month help educate the public on security, there is a notion that consumers and BYOD users are way behind the learning curve. How can we better educate people to be more security conscious?

A: I agree wholeheartedly that education and awareness are vital to improving the overall landscape for everyone. In our interconnected world, we really are all in this together. High-profile breaches like the iCloud breach have caught taken the public spotlight. The lesson that individual users should take away from that incident is that having a mobile computer at your disposal 24/7 comes with its responsibilities. We used to feel as consumers that using safety measures was optional, but we can’t afford to think that way any longer. It’s important that everyone – and of course BYOD users learn and apply the ABCs of cybersecurity measures. I believe the day is coming soon where learning about cybersecurity will be a mandatory course for even high school children.