As mobile devices continue to infiltrate organizations, the demand for secure solutions becomes critical. By 2017, the bring-your-own-device (BYOD) and enterprise mobility market is expected to reach upwards of $181 billion. The introduction of these new devices influence the way businesses collaborate, communicate and innovate. In order to maintain their status as a market leader, organizations must stay ahead of the quickly evolving technology trends and develop ways to securely integrate them into day-to-day operations. Here’s a breakdown of a few of the mobile trends that are quickly becoming hot topics for 2014:

Predicting the potential risks of wearable technology

According to research firm Juniper, 2014 is the year that wearable technology goes mainstream. Last year, Google launched its highly anticipated glasses and Samsung rolled out a smart watch, while other big tech players including Apple gear up to introduce a whole new breed of wearable tech. On the horizon: smart contact lenses, LED sweaters that can sense your mood and even fingernails rigged with individual radio frequency identification (RFID) tags, allowing the wearer to perform a variety of tasks normally completed with a card.

A recent Fortinet survey, which was conducted across 20 countries and surveyed 3,200 21-32 year old employees, found that 16 percent of respondents agreed that they would use wearable technologies in work or for work purposes as soon as they become available and 33 percent as soon as their price is affordable. Juniper cautions that privacy will be an ongoing issue with wearable tech, as cameras go everywhere – including the workplace. IT teams will face similar challenges and risks as with mobile devices, the most important of which is protecting corporate data.

Stepping up security with a multi-layered approach

As more business processes are extended to mobile, many organizations are finding uses for both mobile device management (MDM) and containerization, either for different deployments or on the same device. Organizations with highly sensitive proprietary content or in strictly regulated industries may prefer the added security that MDM and containerization on the same device provides. A corporate container deployed on a managed device provides an extra barrier to access corporate content. Users are required to enter both a device-level passcode and a container-level passcode, and administrators have both device-level controls and application-level controls that enable app-to-app collaboration with other managed and secure applications within the container.

This approach also creates a sense of segmentation between work and play for end users, bringing a dual-persona feel to managed devices by isolating corporate content inside a secure container. MDM and containerization are often thought of as mutually exclusive security solutions, but today’s most innovative organizations are taking a layered approach to security by using the two in conjunction.

Adopting app scanning to protect organizations and end-users

As employees increasingly demand more apps for business, IT administrators must block malicious applications and certify that internal and third-party applications meet their organization’s security standards. Administrators need to protect organizations from publicly available malicious applications, risks that come with internal and third-party apps, and address concerns around apps accessing personal data on employee-owned devices. In order to address these concerns, organizations must integrate app scanning into their business platform.

With app scanning, IT administrators can identify common app risks, such as access to privacy settings, insecure network connections, malicious code and more. By scanning the applications, administrators can identify potential privacy, behavior, and design and programming risks. This information gives IT administrators the ability to assess whether an application is safe for business use or blacklist the application if it does not meet the minimum security standard, empowering them to take action and eliminate current and future risks.

When it comes to adopting any new technology, the less time organizations spend worrying about security, the more they can focus on driving core business strategies. Therefore, understanding technology trends and predicting their impact is vital to any organization’s mobility strategy.

Those of you with IT security responsibilities in small businesses often resemble the stereotypical Scotsman, trying to stretch a penny as far as humanly possible. With an IT security budget that is likelier tighter than a Tom Brady spiral pass, how do you make effective use of your limited spending capabilities?

Small business security teams have to deal not only with limited budgets but resources are equally scarce. Prioritizing your security controls and needs based on risk is the obvious starting point. However, you don’t have the manpower to perform the risk assessments and gap analyses. Given these constraints where does someone even start?

Arguably, one of the best resources that security teams should utilize is the SANS Top 20 critical controls. SANS has done all the heavy lifting in identifying an extensive list of the foundational security controls. This is wonderfully laid out document that greatly helps in laying out implementation road map and how to best integrate the controls into your security infrastructure. SANS has done all the work for you – in describing in great details what each control accomplishes, all you need to do is best identify what controls are would address your most pressing security concerns.

It is actually quite amazing the level of detail that SANS went to in describing how to implement the controls, automate them, how to measure their effectiveness (metrics), how to validate, as well as a process for implementation.

Each control is broken down into sub-controls that can be implemented over multiple phases following a natural progression. The sub-controls are classified as quick wins (can be implemented fast and cheap), visibility/attribution, configuration/hygiene (basic security measures), and advanced. Based on your needs your can progress to the advanced stage of the different controls. This is a great way to form the foundational aspects of the control and then over the years to naturally evolve the capabilities.

How can one effectively manage and visualize what controls (and sub-controls) you have implemented and what areas still need addressing. There is an awesome interactive Excel worksheet from Tech-Wreck blog that makes tracking your progress with the SANS Top 20 an absolute breeze (plus it used graphs that you can give to management so they can easily see the status of the different controls.)

The SANS Top 20 security controls list coupled with the Excel spreadsheets that capture the progress make a formidable tool for ensuring that you can stretch your security dollars and spend wisely on the controls that will best address the information risk within your organization. Try it out, good or bad, I’d like to hear about your experiences.

Photo Source: Leonardo Rizzi
Article By: Dominic Vogel

On Wednesday, Mecklenburg County, North Carolina’s most populous county, announced it has bet big on the Microsoft platform by selecting Microsoft Office 365 as its communications and collaboration platform, Windows Azure as its cloud storage solution, and Microsoft Surface Pro for its mobility needs.

Together, the seamless mobility, productivity and flexibility aspects of these solutions have already helped various departments within the county collaborate better with staff, integrate across a number of crucial systems, and streamline and improve daily responsibilities. For instance, the county’s Youth and Family Services department is reporting $3.2 million in productivity savings per year due to Mecklenburg’s Surface Pro pilot launch. Meanwhile, by switching to Windows Azure, the county’s cloud storage costs have reduced dramatically.

“With the mobility factor of Surface Pro and Office 365, we are able to do so much more,” said Cliff DuPuy, technical services director at Mecklenburg County. “Not only do our Youth and Family Services folks love the devices for the flexibility and productivity the combination provides to them, but they appreciate the toughness of the devices, the touch aspects and the ability to document benefits while they are visiting clients. We are working toward ensuring that all our employees have their own device, and we can’t keep up with the demand we’re receiving from excited workers. It really has helped to increase their enthusiasm around how they do their jobs.”

Just as important, the county’s technical services director, Cliff Dupuy, acknowledged that these modern devices and services have increased employee productivity and excitement. In addition, the investment in Microsoft technology enables the county to reap all the benefits of the cloud while maintaining its commitment to privacy and security.

In addition to the Department of Youth and Family Services, a number of other departments within the county have recognized the value and mobility benefits provided by the Surface devices when combined with Office 365 and custom-built apps specific to each line of business. For example, the county’s Food Services Department has used these solutions to ensure Food and Restaurant Inspectors can utilize state applications, while the county’s Medical Examiners are benefitting from the note-taking abilities with their tablets. Meanwhile, Mecklenburg County’s Parks and Recreation employees, all of whom are moving to Surface 2 devices, are using these solutions to help them collect payments, book venues easily and tie seamlessly into the county’s financial system. In addition, due to an overwhelming demand for more devices, the county will increase the number of Surface Pro devices it is using to more than 1,000 by Aug. 1, 2014.

With 1.6 million emails sent per day by county employees, the cloud storage that Office 365 provides and the ability for employees to use Office on up to five devices has proved beneficial to all levels of employees within the organization. The emphasis on privacy and security in the cloud was a driving factor for the county to select the Microsoft solution. Similarly, the ability to use Surface Pro tablets with Office 365 has been a killer combination for the county: The Youth and Family Services Department is reporting $3.2 million in productivity savings per year after participating in the county’s Surface Pro pilot launch.

Selecting Windows Azure for its cloud storage was a natural fit for the county — its interoperation with Office 365 and Surface makes the user experience seamless. In addition, with key disaster recovery capabilities, Windows Azure makes more sense from a planning perspective, but also from a cost savings point of view. For instance, the county can ramp up quickly and take significant workloads out of its local datacenters, saving significant dollars.

“The cost savings with Windows Azure are tremendous,” DuPuy said. “Our storage costs used to be $21 per GB; now, with Windows Azure, we are around 30 cents per GB.”

“Mecklenburg County is leading the way in harnessing the power of the cloud and new mobile device form factors to deliver better government services to citizens, while at the same time lowering costs,” said Michael Donlan, vice president of Microsoft’s State and Local Government business. “Whether it’s field inspection, delivering better services to youth and families, or making it easier for business and citizens to enjoy the county’s parks and venues, Mecklenburg is using Office 365, Windows Azure and Surface to transform the business of government all within a solution that best meets their requirements for security and privacy.”

Across the board, county employees have embraced the switch to the cloud, and they have been vocal in their support.

“We have people telling us on a consistent basis that these mobile and flexible solutions, tightly tied together, have collectively changed their working lives,” DuPuy said. “Whether they have used these tools in the past, or they are just learning the breadth of Microsoft’s capabilities, we’ve consistently heard that our teams are really enjoying the new lease on productivity and efficiencies that they now have. That’s really humbling for us IT folks.”

Across the nation, state and local governments are constantly pressured to deliver more services with fewer resources. They are tasked with finding and investing in modern and secure solutions that help them save time and money, while ensuring employees can use these tools in the office and on the go. With Microsoft’s suite of solutions, Mecklenburg County is helping address these challenges.

This very unsuspecting phone charger is actually a Spy Device that was built to sniff out all the keystrokes off your wireless keyboard.  Yes this little tricky fake charger is known as a Key Sweeper and its whole purpose is to find out your private personal information like email, password, social security and credit card numbers.  Obviously the list can go on and on when put in the hands of a maleficent being.  Currently it can only be used on Microsoft Wireless keyboard that specifically use 2.4 ghz.

This charger lights up if you plug a usb device into it and it will charge whatever usb device you’ve plugged into it.  However, if you unplug the charger from the wall it is still capable of recording keystrokes.  That’s because inside of the wall unit is a rechargeable battery.  It will record every single keystroke on a memory card inside the charger or for a little extra money it will actually send alerted phrases via SMS or text messages to wherever in the world.

This sophisticated type of invention could be used to potentially cause high levels of chaos in this new age of technology so its best to properly educated yourself and be more aware of the situations, people and objects around you.  Keep that in mind next time you see a lonely charger or someone walking around with an old school pager