Monday, 23 September 2013

Mobile Security Best Practices

Mobile devices are quickly surpassing traditional computers for more and more of our needs.  As these functions evolve and expand, and we use our wireless tools to access more information, the security risks multiply.

Most companies let employees use their work devices to access personal information or let them use personal devices to access work information. With the rapid proliferation of mobile devices not slowing down, malware infections are on the rise, growing 163% in 2012. Just like the golden days of Netscape Navigator and those AOL discs in the mail, hackers are more than happy to take advantage of this vast new crop of unprotected devices.

But it’s not only hackers we need to guard against. We need to make sure other scenarios are covered, such as What happens when my phone is lost or stolen? Or, How do I prevent a data breach? And, How can I manage all this stuff?  So with all this in mind, let’s go down the list:


Mobile Device Management

I won’t get into which system is best; this is a growing sector with a wide spectrum of offerings.  What I will say is to find a solution from a reputable vendor, with the features you are looking for, that allows you to effectively manage the devices used at your company. Some features to look for are support for ALL the platforms your employees use, remote locking and wiping, solid app management, connectivity controls (VPN, proxy, mobile data, wifi, etc), easy enrollment, robust security with document protection & encryption options, and integration with your PC management tools.

Authentication

How many of us just slide a finger to the right to unlock our devices?  I’m betting more than half.  Whether you choose a secure pattern, a pin or password, your fingerprint, or your face, make sure you are the only person who can get past your lock screen.  This is the first line of defense when your phone ends up in someone else’s hands.

Remote Location & Wiping

This is most likely a part of your Mobile Device Management solution, but there are plenty of good stand-alone apps that do a great job with this too. When an employee device is lost or stolen, swift action is a must. Sure, using GPS to track down a thief is enticing, but the main focus of IT should be to keep company data secure by locking and/or wiping. This means employees need a fast, easy way to alert IT of the situation, whether it’s a phone number, email address, or secure web page. For some organizations, it might make more sense to put employees in charge of handling the wipe. Whatever the procedure, have a plan in place that everyone can follow in a moment of panic.

Bluetooth & NFC

Turn them off. Unless using a headset or sharing a photo with a friend, these tools are open doors into your devices. Both are hackable with the right tools, and can present real security risks.  Viruses have been found that spread from phone to phone via Bluetooth. So, keep them disabled when not in use, and if your device supports hidden mode, use that too. Some guidelines on using Bluetooth wisely can be found here.

Firewall Policies for Mobile Devices

When devices travel around the city, or the country, they are exposed to all kinds of risks not present in the office. When these same devices return to the office and connect to the company network, they could cause trouble if infected. Setting up separate firewall policies for smartphones and tablets will help mitigate this risk. Most likely, these devices don’t need access to the same data or systems that PCs do, and so they should be blocked. Closing off as many holes as possible is the name of the game, so whitelisting only what’s needed is always better than blacklisting known dangers.

We’ve only skimmed the surface here, but the criteria covered above should serve as a solid starting point to develop a secured mobile workforce. As devices grow in diversity and capability, new variables will enter the equation. As always, keep yourself informed and keep employees informed to keep your company secure.


Want more mobility and workforce productivity

Google Apps is a cloud-based productivity suite that helps you and your team connect and get work done from anywhere on any device.
  • 99.9% up time for reliable constant access
  • Secure data storage and connection
  • Effortless Collaboration
  • Flat-rate Pricing


Luke Reynolds is a new member of Newmind's IT managed services team. Previously he worked with schools, not-for-profits, and businesses to help them acquire and deploy Google Chromebooks on the enterprise level.

Luke Reynolds enjoys writing, music, film, and any form of radical human expression. He's also a rabid proponent of Kalamazoo's local roller derby team, the Killamazoo Derby Darlins.
Posted by at No comments:
Labels: , , ,

Monday, 16 September 2013

Chromebooks Updates [Sept 2013]

Announcement

We're always trying to bring more value to our customers. Starting today we'll be sending a summary of all the new features to ChromeOS & the management console as a monthly email newsletter.

We invite you to share this newsletter with all Google Apps users in your organization, and invite them to subscribe, so that they can stay informed about recent updates to get the most out of Google Apps.

Notable new features include:
  • Custom Terms of Service - upload your own terms of service agreement
  • Disable "Add-User" - Admins can disable the ability for chromebooks users to add new users
  • Immersive Mode - which hides toolbar and shelf for a less distracted viewing experience
  • Monitor Scaling - which can help free up more screen real estate.
  • App Launcher Search Updates - dynamically learn what you search for, apps are more prominent, search web store if you don't have app installed
  • Pin Apps to Shelf - Drag & Drop apps to shelf to pin them
  • Wallpaper Sync - default wallpaper will now sync across devices
Full release notes below...

Protect Students With Web Filtering

Securly protects students on computers throughout the school while giving them safe access to 21st century learning tools like YouTube, Google and Wikipedia.
  • Safe Search
  • Safe Social Media
  • YouTube for Schools
  • and more...

Admin Console Updates

Upload Custom terms of service agreement
Instructions can be found here.

Disable "Add-User"
This update can be found in the "Restict sign-in" settings. For more visit this Google help doc.

Image Searching Made Easier

"Search Google" option now available

Right-click or long-press on an image and select the option to search using your default search provider.
(Source)

Smarter Onmibox Suggestions

Based on recency of websites visited

New updates to the omnibox will provide you with suggestions based on the recency of websites. The suggestions should be more contextually relevant.
(Source)

Reset Browser Settings

Too many extensions!!!

Restore Chrome back to its original state via the Chrome settings page.

1) Click the hashed menu icon
2) Select Settings
3) Click Show advanced settings
4) Click on the button labeled "Reset browser settings"
(Source)

Release 29.0.1547.70 (Platform version: 4319.79.0)

Release to all Chrome OS Devices
Some highlights of these changes are:
  • Fix flash games sites running out of file descriptors and causing system to freeze. (279301)
  • Fix link to redeem Chrome goodies in the Files app

Release 29.0.1547.66 [Windows] (29.0.1547.65 [Mac & Linux])

This update contains a flash update and fixes an issue with Sync.

More Info

Release 29.0.1547.62

Platforms: Windows, Mac, Linux, Chrome Frame
This update fixes an issue with printing from Google Docs applications.

More Info

Release 29.0.1547.57 (Platform version: 4319.74.0)

Release to all Chrome OS Devices
Some highlights of these changes are:
  • Kernel 3.8 landed on Pixel and Samsung 550. 
  • New “immersive” mode - hit the fullscreen button to hide the toolbar and shelf and until you hover at the top for a more immersive browsing experience. 
  • Pin apps to the shelf using Drag and Drop from the Launcher 
  • Default wallpaper selection will sync across all your devices 
  • Monitor Scaling allows you to scale the UI. Especially useful on Pixel to get some more space 
  • Two-finger history navigation 
  • App launcher Search just got cleverer
    • It will dynamically learn what you search for 
    • Apps are more prominent 
    • It will search for you in the web store if you don’t have an app installed 
Known Issues: 
  • The link to redeem your Chrome Goodies in the Files app is temporarily broken and will be fixed with the next release. In the meantime, please go here directly. 
Posted by at No comments:
Labels: ,

Managing Mobile Devices - Platform Reviews

It’s a big world out there. Lots of places to go and people to see. Also, lots of places to lose your mobile device and a fair few people who may want to nab it from you. Fortunately, different developers are coming up with solutions that help you protect your device - or at the very least your data.

Droid Does

First to weigh in, Google has released it’s own device manager for Android devices, called Google Apps Device Policy. You can access this tool from any browser by visiting google.com/apps/mydevices. Installing is super easy: just pull up the app from the Play Store (Or scan the QR code that will display from the device manager on your browser). Once it installs, just ‘add device’ from a browser, sync the device, and you’re good to go.


Your domain’s administrator can require that users have a pin or password, set an idle-out screen lock, and wipe the device. Additionally, the device’s user can remotely change their pin, lock their screen, and cause the device to ring out (for those ‘lost in the couch’ scenarios). Also, if the device’s GPS is active, the user can track it.

This tool does require that the domain you sync to is a Google Apps for Business or Education user as well as a minimum system requirement of Android 2.2 or better, but the app’s integration is pretty seamless. However, being an Android-only solution does limit this tool’s usability in a BYOD environment

Up in the Air

Sand Studio’s AirDroid has recently iterated, and what used to be simply a cable-free way to access the data on your phone from a computer, has added many of the tools Google’s Apps Device Policy brings to the table while maintaining all the other goodies that the app has to offer.

AirDroid 2, as it’s labeled on the Apps Store, will do some of the basics that Apps Device Policy will: Remote wipe, remote screen lock, remote password change, GPS tracking, and ring-out a beacon for phone-finding. There is one additional feature that definitely piques interest, however: You can set the device to snap a photo whenever someone fails to enter a proper lock-code and send that photo to you! A very powerful tool.

Unfortunately, AirDroid 2 is not designed with fleet management in mind, and so there isn’t a tool for managing multiple devices from a single dashboard. Though there is always the make-a-big-clumsy-spreadsheet method of doing things.

Meraki-and-Roll

Meraki offers an absolutely free MDM solution that is rather comprehensive. The install is simple enough: Sign up at Meraki.com to access their Systems Manager, pull the app down from either the Apple or Play store, respectively, then plug in the code that the manager console gives you when you ‘add a device’ from your browser.

Once you’re in and have some devices attached you can configure the extensive options. The dashboard give you an overview of all the devices attached to your account. Pulling up each device gives detailed information including: charge status, storage capacity, serial number, IMEI, phone number, data for the network it’s attached to, plus more. Here, you can also clear your passcode, lock your device, erase the whole thing (or target certain data with a selective wipe), ring a beacon, and send a message to display a-la text message.

You can also review any apps installed on the device and, while you can’t remove them, you can restrict the install of new apps, as well as make a whole other list of restrictions including Face-time, screen capturing, Youtube (for iOS), and camera use (both).
You can also require that a user set a passcode, configure WIFI and VPN settings remotely, and push documents from the web by using the ‘backpack’ feature.

To make MDM life easier, the Meraki platform allows you to create different profiles for different user groups, so you don’t have to configure each device separately.

You can also receive email alerts for a host of events, including network enrollment, app installation, or removal of the Meraki app! Remote destop functionality exists, and while not device-agnostic, it does cater to both Apple and Android users.

Decisions, decisions...

Though all 3 of these options share a lot of basic functionality, there are enough differences to really make these MDMs varied and interesting. If your fleet is all Android or Chrome powered, for example, maybe Mobile Apps Policy is the way your org should go. For a true BYOD environment, however, there’s just no beating Meraki’s device-agnostic platform. Then again, the potentially-thief-stopping snap-shot power of AirDroid 2 is not something to be discounted.

I know there are plenty more MDMs on the market and would love to hear what you’re using. Just leave a quick comment below so that others can find it. I’ll pull from your comments and write up another review.


Don't know where to start?! Feeling intimidated?!

Newmind Group will help identify key areas of improvement and manage the project from start-to-finish eliminating your headaches!

Jarad Selner is a new member of Newmind Group's Chromebooks team, working with schools, non-profit groups and businesses to deploy and integrate Google Chrome devices within their organizations.

In his off-time, he can be found booking bands, teaching music lessons, and playing at a variety of venues in and around the great city of Kalamazoo, Mi.
Posted by at No comments:
Labels:

Monday, 9 September 2013

Taking Advantage of Data

“The most valuable commodity I know of is information.”  - Gordon Gekko, Wall Street (the movie released in 1987)

The time and resource commitments required to calculate a return on investment or determine if conference attendees would prefer a turkey or ham sandwich are much different than they were a generation ago. In fact data-crunching tools are improving at a near constant pace and every few years there are better ones. Because of this new reality the percentage of data-driven decisions we make can and should increase.


Big Important Decisions

There are numerous examples of how really important decisions are being made better and faster because of this new reality, like this TedTalk given by Joel Selanikio: The surprising seeds of a big-data revolution in healthcare, telling the fascinating story of how the introduction of Palm Pilots in 1995 began a revolution in collecting and analyzing data on important global health statistics.



Small Not-As-Important Decisions

I think we should take this new reality a step further and recognize that because the cost of data-crunching is approaching zero we should be using it all the time, for all kinds of decisions.

For example, here at Newmind our leadership team is particularly benevolent. We’ve been growing recently and needed more office space. The leadership team sent all of us this one question Google Form to get our input on what was most important to us in office space.

Because this was so quick to create and natively tied to a spreadsheet with automatic graphing of the results, finding out what would be extra motivating to Newmind’s employees and then crunching that data took less than 5 minutes from start to finish. This simplicity was the difference between our busy C-Levelers deciding to get our input vs just making an ‘executive decision.’ And the result is we all love our new space!

Why don’t we increase the number and variety of decisions we make driven by data?

  1. Perceived Cost
  2. Habit

Perceived Cost

It is easy to forget how easy data collection and analysis has become. Our past experiences lead us to believe that it will be very tedious and time consuming to first collect, then organize, and then analyze data.

‘This decision’s timeframe will become so lengthy and inefficient’ we think to ourselves. We start rationalizing that quickly making a decision with our ‘gut’ will probably be just as good anyways.

We have to catch ourselves in this moment and remind ourselves that data collection, organization, and analysis is not what it used to be.

Habitualizing Data Crunching

Our decision-making routines won’t change on their own.

We need to habitualize collecting data, analyzing data, and giving the data respect in decisions. I suggest that you treat all decisions, important and trivial, as opportunities to inculcate your selection process with a data crunching step.

Life In The New Reality

Here at Newmind we use data to make decisions as often as possible. One of the first things I was taught to do after starting here was to A/B test everything I could and improve how I did things based on the results. I liked the improvements this routine identified for me so much I’ve changed habits in my personal life and have recently data-crunched my way through buying a car and selecting a new financial institution for my family, just to give you a few examples.

Using data to inform my decisions, both big and small, has given me more confidence with what I choose. That additional confidence and the fact that my decisions, driven by data, are giving me better results is making me a happier person. Nothing but sunshine and rainbows for Michael J.

Seriously though. I challenge you to give data-crunching a try on something you otherwise wouldn’t and add to the conversation with some feedback on how it worked out. If you are not sure which data-crunching tools to use, give me or one of my Newmind teammates a shout.

Michael Jefferies is happiest when problems are being solved and life is becoming more awesome.

At Newmind, Michael consults with clients to discover their organizational objectives and works alongside them to identify, analyze, and implement technologies that can help take them there. He believes that technology is not merely a part of business, but in fact provides endless opportunities to increase fun, efficiency and profitability.
Posted by at No comments:
Labels: ,

Monday, 2 September 2013

BYOD vs Standardization - SaaS makes it easy

I started this BYOD series to show that the root of this conversation isn't about devices, specifically, but instead business goals. This post, the 3rd installment of the BYOD vs Standardization series, will touch on a few security misconceptions and strategies for becoming device agnostic. If you're not familiar with device standardization head back to the first post of this series, BYOD vs Standardization - Understanding Your Mobile Strategy Pt1. (Understanding the various device policy models can give insight into how to implement what this post will discuss, so check out part 2, BYOD to COPE: The Mobility Spectrum.

What is driving the mobile device discussion?

Without going into specifics of device policies and standardization, the reason for this discussion is productivity & mobility. Businesses want their employees to be productive and employees want to be mobile - use new technology that affords them new freedoms, like the ability to work where and when they can be most productive. A $2 cup of coffee is now a passport to internet connection, productivity, and better business - not to mention work-life balance.

Mobile Security Misconceptions

We've talked about business data security before. Stories about malware and hackers, like the Syrian Electronic Army hacking the NYTimes and Twitter websites, are everywhere and concentrate on the hackers. This sensationalism minimizes the root cause of the hack - HUMAN ERROR. The reason hackers in Syria were able to access these prominent websites was due to a lack of security protocols addressing human action in providing security credentials.

According to Financial Review, "The incursion was traced to India-based perpetrators who fooled staff at a US-based reseller of Melbourne IT ­services into handing over personal details and, as a result, the login and passwords which allowed someone to access and change key details for the websites."

Firewalls, anti-malware, double authentication, etc, would not have helped the NYTimes or Twitter avoid this intrusion, as the hackers had legitimate login credentials. One might want to move data to self-managed servers, implement extreme security measures that require access to particular network to gain access, etc. Is this really the answer?

Concentrating on network best practices and on policies that promote responsible actions by your employees are the better and so is allowing Software as a Service (SaaS) providers do what they do best.

SaaS vs Self-Managed

SaaS providers are specialists, not only in their software, but in storing the data they work with. The data passed through their systems are their "bread-and-butter" and securing it is in their best interest. So much so that many SaaS providers have their data stored in SSAE16 data centers (audited by 3rd parties), have implemented biometric safe-gaurds, 24/7 staffed security and foot patrols, environmental controls, advanced firewalls, backups & redundancies.

I know what you're thinking - "I can do that." True, but are you going to be as good at it while still being great at running your business?

Benefits of SaaS

Now that we've established it’s better to let a service provider be the expert of a solution, letting you be the expert of running your business, what are the benefits you can realize by going SaaS?
  • Low cost for multiple device support
    SaaS platforms are looking to gain a broad user base and therefore build their platforms to run on most, if not all, popular platforms, browsers, operating systems, etc.
  • No Cost Updates
    SaaS providers strive to stay relevant as new devices and platforms are released and will continue to update their platform so that your employees can access business data, with no update costs to your company.
  • Zero Tech Debt
    Your company doesn't have to worry about maintaining a server, upgrading it, being relegated to outdated software
  • True mobility
    The fact that (good) SaaS platforms are accessible by any device and any platform means that your employees have access anywhere, anytime - staying productive! Check out What's going on at Greenleaf Hospitality since they migrated over to Google Apps.

    Downsides to SaaS

    Let's keep this objective and be sure to touch on some downsides to SaaS:
    • Lack of update control
      While the exact roadmap of platform updates is out of your control, most SaaS providers have a community where their user base can influence or suggest new features and development. Let's face it, letting them deal with staffing a large developer team is saving you hundreds of thousands a year. Not to mention they'll roll out with updates faster.
    • Requires reliable web connection
      Putting your data in the "cloud", as it were, means that for your employees to be productive you'll need consistent reliable internet uptime and access. As most business is conducted online anyway, I'm pretty sure this one is covered. If your employees want to be mobile and work off-site, they probably already know how to find reliable connections.

      Where to Start!?

      Rolling out SaaS to every aspect of the company isn't realistic. Look to smaller sections or units of your business or department where data is database driven, requires network connections, and can be easily searched/filtered/queried. Look at some of these SaaS platforms to improve your operations:
      • Project/process management - Podio, Trello, Basecamp
      • Email - Gmail/Google Apps
      • Document Collaboration - Drive/Google Apps
      • Accounting - Freshbooks
      • Marketing/Sales - Mailchimp, Marketo, CRM software, Streak, etc.
      Many of these solutions have free versions or trial periods to help you evaluate usefulness, efficiency and implementation strategies.

      Capitalize on efficiencies of scale, by moving to a SaaS provider and give your employees the freedom of mobility and increase productivity.


      Don't know where to start?! Feeling intimidated?!

      Newmind Group will help identify key areas of improvement and manage the project from start-to-finish eliminating your headaches!

      Daniel Proczko has been working with organizations and individuals to build & grow the entrepreneur community of Kalamazoo, MI. From organizing TEDx events, hack-a-thons, and documentary screenings to engaging with business leaders, Dan strives to inspire individuals with new ideas and better thinking.

      Having always been interested in tech and understanding the value of innovation through IT, communicating the importance of strategic IT thinking is one of Dan's primary goals within Newmind Group.
      Posted by at No comments:
      Labels: , , , ,
      Subscribe to: Posts (Atom)