The document discusses the security risks posed by using mobile devices to access and share documents. While email sent from mobile devices is routed through a firm's email server, documents accessed and edited on mobile devices can expose metadata when shared externally. The document recommends automated metadata removal applications that support multiple device types and formats, integrate easily, and operate transparently on a firm's network to mitigate mobile security risks.
Email security is essential. Email communications provide for efficient and effective collaboration and are extremely important as business records, yet they have long been the target of criminals looking to spread malware and steal the information that they contain.
Your Data Center Boundaries Don’t Exist Anymore! EMC
In the pre-cloud era, data centers were simpler to define and restrict. As organizations move to public, private, and hybrid clouds, they have to account for internal, industrial, and government compliance initiatives and oversight that impacts data center architecture and information flow. This session describes data center challenges in the Cloud Era and articulates real-life best practices to address those challenges.
Managing and administering software updates remains one of the most challenging and resource-intensive tasks an IT Department undertakes on a daily basis. This white paper examines the important role played by patch management to help organizations keep their PC real estate fully up-to-date with the latest security patches, without unduly compromising reliability, productivity, security and data integrity.
Email security is essential. Email communications provide for efficient and effective collaboration and are extremely important as business records, yet they have long been the target of criminals looking to spread malware and steal the information that they contain.
Your Data Center Boundaries Don’t Exist Anymore! EMC
In the pre-cloud era, data centers were simpler to define and restrict. As organizations move to public, private, and hybrid clouds, they have to account for internal, industrial, and government compliance initiatives and oversight that impacts data center architecture and information flow. This session describes data center challenges in the Cloud Era and articulates real-life best practices to address those challenges.
Managing and administering software updates remains one of the most challenging and resource-intensive tasks an IT Department undertakes on a daily basis. This white paper examines the important role played by patch management to help organizations keep their PC real estate fully up-to-date with the latest security patches, without unduly compromising reliability, productivity, security and data integrity.
VIPRE Business Takes a Bite out of BloatwareGFI Software
The remedy to bloatware is a better, more efficient product that is specifically engineered to scan, detect and remove myriad security threats without impacting performance and taking a big bite out of the IT capital expenditure budgets. Learn about the scope of the malware problem and strategies that can help you defend against evolving malware threats.
Your network environment is one of the keys to the success of your business. Most business people don’t fully believe this, even after long discussions and mounds of evidence to the contrary.
Many small and medium sized businesses are still unaware of the threats that exist. This guide to security threats for SMBs outlines the most common threats and how they can be dealt with.
The continued expansion of file-based, business-critical information within extended enterprises is changing the storage dynamic in a wide range of industries and organizations. In a series of interviews with U.S. and European enterprises, IDC found that companies are increasing their file-based storage by 40% to 120% a year and place a high priority on boosting the efficiency and reliability of their management processes for file-based information. IDC research indicates that unstructured, filebased data drove a majority of new storage capacity in all organizations' datacenters in 2008 and projects this growth to accelerate, in spite of current economic conditions. By 2012, over 75% of new storage capacity shipped will be dedicated to the storage, organization, and protection of files.
2009 Security Mega Trends & Emerging ThreatsLumension
To help define what the biggest security threats will be to an organization’s sensitive and confidential data over the next 12 to 24 months, Lumension has teamed up with the Ponemon Institute, a leading research firm, to charter our first annual 2009 Security Mega Trends Survey. The survey also outlines key alignments and gaps between two traditionally disparate groups - IT Security and IT Operations when it comes to these new and emerging threats.
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
https://www.xylos.com/en/corporate/events/explore-new-digital-ways
Public cloud and security go hand in hand, if you approach it properly
The cloud is already being well used, but lots of organisations still have questions about its security. Is data protection in the cloud really optimal, or is this uncertainty justified? In this breakout session we look at the main concerns we hear from our customers. Can we build a perimeter around cloud applications? Which sectors or scenarios are not suitable for the cloud, and where in particular is it recommended? How do I get to grips with ‘shadow IT’? Do I have to manage things myself in the cloud? Does the public cloud satisfy the strictest security requirements? And what's the most secure authentication? Data protection isn't just limited to firewalls or intrusion systems, after all. The key lies in having a comprehensive security policy, and in this session we zoom in on the major components and challenges.
Speaker: Karim Vaes, Solution Architect, Xylos
Mobile Computing: Microsoft Mobile Solutions for Online LearningTmobile Girl
The purpose of this presentation is to empower people through intelligent mobile (#TMobilePhones or any smart phone) communication devices and software solutions.
Supply chain horror stories are becoming common, with high-impact events taking their toll on global lines of supply. But there is a much wider spectrum of potential disasters that would send investors running for
safety, says Achilles' Dan Quinn.
VIPRE Business Takes a Bite out of BloatwareGFI Software
The remedy to bloatware is a better, more efficient product that is specifically engineered to scan, detect and remove myriad security threats without impacting performance and taking a big bite out of the IT capital expenditure budgets. Learn about the scope of the malware problem and strategies that can help you defend against evolving malware threats.
Your network environment is one of the keys to the success of your business. Most business people don’t fully believe this, even after long discussions and mounds of evidence to the contrary.
Many small and medium sized businesses are still unaware of the threats that exist. This guide to security threats for SMBs outlines the most common threats and how they can be dealt with.
The continued expansion of file-based, business-critical information within extended enterprises is changing the storage dynamic in a wide range of industries and organizations. In a series of interviews with U.S. and European enterprises, IDC found that companies are increasing their file-based storage by 40% to 120% a year and place a high priority on boosting the efficiency and reliability of their management processes for file-based information. IDC research indicates that unstructured, filebased data drove a majority of new storage capacity in all organizations' datacenters in 2008 and projects this growth to accelerate, in spite of current economic conditions. By 2012, over 75% of new storage capacity shipped will be dedicated to the storage, organization, and protection of files.
2009 Security Mega Trends & Emerging ThreatsLumension
To help define what the biggest security threats will be to an organization’s sensitive and confidential data over the next 12 to 24 months, Lumension has teamed up with the Ponemon Institute, a leading research firm, to charter our first annual 2009 Security Mega Trends Survey. The survey also outlines key alignments and gaps between two traditionally disparate groups - IT Security and IT Operations when it comes to these new and emerging threats.
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
https://www.xylos.com/en/corporate/events/explore-new-digital-ways
Public cloud and security go hand in hand, if you approach it properly
The cloud is already being well used, but lots of organisations still have questions about its security. Is data protection in the cloud really optimal, or is this uncertainty justified? In this breakout session we look at the main concerns we hear from our customers. Can we build a perimeter around cloud applications? Which sectors or scenarios are not suitable for the cloud, and where in particular is it recommended? How do I get to grips with ‘shadow IT’? Do I have to manage things myself in the cloud? Does the public cloud satisfy the strictest security requirements? And what's the most secure authentication? Data protection isn't just limited to firewalls or intrusion systems, after all. The key lies in having a comprehensive security policy, and in this session we zoom in on the major components and challenges.
Speaker: Karim Vaes, Solution Architect, Xylos
Mobile Computing: Microsoft Mobile Solutions for Online LearningTmobile Girl
The purpose of this presentation is to empower people through intelligent mobile (#TMobilePhones or any smart phone) communication devices and software solutions.
Supply chain horror stories are becoming common, with high-impact events taking their toll on global lines of supply. But there is a much wider spectrum of potential disasters that would send investors running for
safety, says Achilles' Dan Quinn.
I Brought My Own Device. Now What? by Paul Andersen, Marketing Manager at Array Networks .
The consumerization of IT is underway. In its report Tablets Will Rule the Future Personal Computing Landscape, Forrester predicts sales of 375 million tablets in 2016 with over 750 million tablets in use.
10 Reasons to Strengthen Security with App & Desktop VirtualizationCitrix
Explore 10 reasons why app and desktop virtualization should be the foundation for your layered approach to information security. It will enable organizations to pursue priorities such as mobility, flexwork and consumerization while effectively managing risk.
PingPal infodeck: How to survive BYOD and mobile networksHyker Security
Here comes BYOD, Bring Your Own Device.
A lot of the traffic, internal corporate and with customers and market, will be outside firewalls to mobile devices owned by the employees, on public networks. A lot of sensitive corporate data must be stored locally in the device to ensure that for instance sales people has updated and correct CRM data when visiting customers.
Employees will communicate internally on consumer tools like WhatsApp. This is not the safest environment, rather more or less a ticking bomb. Gartner expects that by 2017, “40% of enterprise contact information will have leaked on to Facebook via employees’ increased use of mobile device collaboration applications.”
To unlock the full potential of enterprise mobility, IT needs to allow people the freedom to seamlessly access all their apps and data from any device, company owned or private.
It is now time to recover lost grounds and include secure mobility in your IT strategy.
The consumerization of IT is under way. Workers want tablet access to business applications, often from personal devices. Learn why VPNs are not ideal for mobile connectivity and why remote desktop is a more secure, less expensive approach to tablet access that is easier to deploy, manage and use.
Integrating Enterprise Mobility - an Assessment WHITE PAPERMobiloitte
We offer complete satisfaction to our customers by following standardized SDLC processes, hiring the best of breed developers and mastering most of our requirements gathering, wireframing, designing, developing, testing, delivering, deploying and maintenance tasks.
Ours is an off-shore model, but we ensure that both customer and Mobiloitte are always in touch by keeping communications open, providing regular updates and iterative releases so that the customer is always well informed.
The consumerization of IT is under way. Workers want tablet access to business applications, often from personal devices. Learn why VPNs are not ideal for mobile connectivity and why remote desktop is a more secure, less expensive approach to tablet access that is easier to deploy, manage and use.
Threats have never been more relevant than they are today. Nation states, adversaries, corporate and government espionage, hackers, etc. are all on the hunt for valuable information. The information they seek includes enterprise and individual details. Networks are only as secure as their weakest components. With the hyper-growth in connected devices including smart phones, tablets, wearables and Internet of Things (IoT) devices, networks are very vulnerable.
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
Identity and authentication management, or IAM, represents the greatest security return on investment an organization can make. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, once famously said, "If you spend more on coffee than on IT security, then you will be hacked." Many analysts concur that spending on strong authentication provides the greatest security return on investment. This educational white paper, written by Richard Stiennon, Chief Research Analyst at IT-Harvest and Executive Editor of securitycurrent, explores the concept of identity platforms.
• How to fix intrinsic weaknesses in authentication regimes that result in gaping and trivially exploitable vulnerabilities
• Explore the core features of an authentication and identity platform
• Examine specific features and components organizations should require in a software authentication platform
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfkostikjaylonshaewe47
CASE STUDY: There is a new phenomenon in the cybersecurity domain called: “Bring Your
Own Device (BYOD)” where employees can bring their personal devices at work and connect
using the Wi-Fi to the organization’s network. Many employers are allowing their employees to
use their personal mobile device for enterprise functions such as corporate email, work
applications, etc. While this may save the company costs, the organization’s network remains
vulnerable. A company can only monitor so much that’s on an employee personal device;
Assess the threats, the vulnerabilities, and the impacts on an organization’s information systems
posed by the use of mobile devices at work. What can be done to fix it at the policy level,
technology level, and infrastructure level?
Solution
Employees aren\'t just bringing their mobile devices to the workplace — they\'re living on them.
A 2015 study by Bank of America found that 55 percent of respondents sleep with their
smartphones on their nightstands to avoid missing a call, text message or other update during the
night. The devices are also the first thing on their minds in the morning: while 10 percent
reported thinking of their significant other, 35 percent reserved their first thought of the day for
their smartphone.
As smartphones and tablets become constant companions, cyber attackers are using every avenue
available to break into them. Many people expect that iPhone or Android devices are secure by
default, when in reality it is up to the user to make security configuration changes. With the right
(inexpensive) equipment, hackers can gain access to a nearby mobile device in less than 30
seconds and either mirror the device and see everything on it, or install malware that will enable
them to siphon data from it at their leisure.
The nature and types of cyber attacks are evolving rapidly, and mobile devices have become a
critical part of enterprise cyber-security efforts with good reason. Analysts predict that by 2018,
25 percent of corporate data will completely bypass perimeter security and flow directly from
mobile devices to the cloud.
Chief information security officers (CISOs) and other security executives are finding that the
proliferation of mobile devices and cloud services present a significant barrier to effective breach
response. In order to secure the corporate data passing through or residing on mobile devices, it
is imperative to fully understand the issues they present.
5 Security Risks and a Surprising Challenge
The threat and attack vectors for mobile devices are largely composed of retargeted versions of
attacks aimed at other endpoint devices. These risks can be categorized into five areas.
1. Physical access
Mobile devices are small, easily portable and extremely lightweight. While their diminutive size
makes them ideal travel companions, it also makes them easy to steal or leave behind in airports,
airplanes or taxicabs. As with more traditional devices, physical access to a mobile devi.
Make presence in a building or area a policy in accessing network resources by integrating physical and network access through the Trusted Computing Group's IF-MAP communications standard.
1. Peer to Peer
Wireless Devices mar jun sep
09
dec
Peer to Peer December 2009
The Often Overlooked
Mobile Security Gap
Cathy Brode 3BView
W
hile the risks of inadvertent metadata well understood by the legal industry, there is a security gap
disclosure are well understood within emerging via mobile devices that cannot be ignored. Although
the legal industry, there is a security all business e-mail messages sent via a mobile device are routed
gap emerging via smartphones. through the firm’s e-mail server and are covered by e-mail
Despite the significant benefits of security functions at the gateway, it will bypass any desktop-
mobility, mobile devices introduce new security risks, based tools.
especially if a firm’s metadata removal application is Users are now able to not only review documents via
limited to a desktop application. The mobile attorney mobile devices, but they are also able to make minor edits to
using the Web or a mobile device does not have access documents with more ease. But, as attorneys review and edit
to these tools and is at risk. documents on their mobile devices and forward them to external
recipients, the metadata in the document is fully retained and
Mobile Devices are MainstreaM sent outside the firm. Even just forwarding an e-mail message
The latest smartphone models are revolutionizing the way with a document attachment from a mobile device bypasses any
attorneys are working when away from the office. Every desktop metadata removal tool that is in place in the office.
month, there are several business applications launched
for smartphones specifically targeted at the legal sector. Consider the following different scenarios:
In addition to these, firms are increasingly developing
their own mobile-enabled applications that hook into their • Forward an e-mail message
enterprise applications such as practice management. An assistant has just sent a document to an attorney who is
Although applications on mobile devices are highly about to board a plane. If the attorney has the capability, he
unlikely to be exact replicas of those available on a might review it on a mobile device prior to forwarding it, and get
desktop or laptop, they must still be included in risk the document on its way just before that plane door closes. Any
assessments and your firm’s security policy. document metadata resident within the originating document
Security for such mobile devices needs to extend would then be exposed to the recipient.
beyond just the physical security considerations, such
as what happens if the device is stolen, encryption of • Review, edit and forward
communications and other standard security features like With the availability of each new model of a smartphone, the
virus checking. power and screen size continue to increase. This leads to the
greater ease by which documents might be reviewed on these
the Mobile security gap models and, along with additional features, the greater the
While the risks of inadvertent metadata disclosure are likelihood that attorneys will make minor edits to the documents
This article was first published in ILTA’s December 2009 issue of Peer to Peer titled “Wireless Devices” and is reprinted here with permission. For more
information about ILTA, visit their website at www.iltanet.org.
2. prior to forwarding them, either reattached to the original reduces the risks of inadvertent data leakage
e-mail message or via a new e-mail message.
Taking that document sent to the attorney just before • Application resides on network: the automated system
he boards the plane — he might decide to spend the provides a service that is transparent to the user and works
flight reviewing the document and making any necessary reliably, out of sight, on the company network. Removing
amendments. After landing, he can hit the “send” button metadata from documents is a processor intensive application
and off goes the document, metadata and all. for desktop or laptop computers, which can cause problems
and severely degrade employee productivity. Transferring
• Attach a document to an e-mail message this processing to the network or via software as a service
Mobile access to documents contained within a firm’s (SaaS) is especially important for organizations that send large
enterprise application such as a content management quantities of documents via e-mail;
system (CMS) can allow an attorney to review or send
a document via a mobile device. Such access might be • Ease of integration: well documented application
either via a proprietary or in-house developed interface, programming interfaces (API) enable ease of integration into
and such systems typically come with access control DMS and CMS.
mechanisms, but these might not provide metadata
removal protection for mobile devices.
As with forwarding documents that have been received think beyonD the office
via e-mail, attaching a document to an e-mail message and So, not only do law firms need to have security policies in place
sending it externally increases the risk of inadvertent leakage for metadata scrubbing or removal from documents being
of information through the document metadata. forwarded by desktops within the office, but they also now need
As the storage capacity of smartphones increases, so to look at how to protect themselves by scrubbing metadata
does the likelihood that documents will be downloaded from documents being forwarded outside the firm through a
and stored on these devices. At the very least, a policy mobile device.
should be in place to cover which business documents When looking at a solution, like one that scrubs document
can be stored on a mobile device. metadata as the document is sent via e-mail, ensure that it will
Metadata in the document will be retained in full for cover not just desktops and laptops, but also any mobile device
documents that are attached by the attorney to an e-mail or mobile access method.
message and sent externally. This applies both to documents In addition, if your firm currently has a policy for use of just a
that are stored on the smartphone and those that are single device, it is important, as with other applications, to bear
stored within a central business system, such as a document in mind that this is likely to change. You should consider support
management system (DMS) that is mobile enabled. for multiple types of mobile devices when evaluating solutions.
It is clear that smartphones and other mobile devices enable
There are different metadata removal applications on attorneys to conduct business efficiently. Ensuring that this is
the market today. Here is a list of features that should be done securely does not mean limiting their capabilities to access,
considered when investing in this technology: review, edit and send of documents. With the right security
technology, features and considerations, your firm’s data can be
• Wide service spectrum: supports any e-mail client and secure whether on a desktop, laptop or mobile device. ilta
e-mail server (BlackBerry, iPhone, PDA, netbooks and
Webmail)
• Multiple format support: MS Office, PDF or Cathy Brode is Founder and Vice President of Product
OpenDocument Format Marketing for 3BView (www.3bview.com). She has more
than 20 years’ experience in the IT and life sciences
industry. Prior to 3BView, Cathy was a founding member
• Automated system with low operational costs:
of CDC Solutions, a provider of software and services for
metadata is removed automatically according to the life sciences industry, which was acquired by Liquent
centrally set rules. No user training or ongoing technical in 2003. She was previously employed as a consultant
support is required, which substantially reduces the at Kinesis Systems (now part of IBM) and, earlier in her
career, managed a major European research project on
application lifecycle costs
advanced network management for Plessey Research.
Cathy holds a degree in Computer Systems from
• Reduced risk of leakage: no user intervention is University College Cardiff. She can be reached at cathy.
required, which ensures a consistent service level and brode@3bview.com.
This article was first published in ILTA’s December 2009 issue of Peer to Peer titled “Wireless Devices” and is reprinted here with permission. For more
information about ILTA, visit their website at www.iltanet.org.