ContentWatch Security Blog

Wed

Nov 30, '11

Mobile Antivirus: Don't Believe the Hype

A few months ago I wrote a blog about the need, or lack thereof, for an Antivirus solution for Android and iOS and that users should instead search for a good Application Manager. You can read this post here if you like.

Today, I am ecstatic that someone more reputable and with more clout than I is finally speaking up. Chris DiBona the Google Open Source Program Manager, unleashing a complete rant about the lack of a need for an Anti-Virus program for Android and iOS.  The Manager went as far as calling companies pushing this technology, “Charlatans and Scammers. You can read his comments here.

Let me be very clear. I am not saying, “There are no threats to data loss or privacy on mobile devices. I agree that there are many malicious or shady applications found on the Google Market, and even in iTunes that will steal your information, spy on you, incur data or voice charges, etc. But calling these applications “viruses is a serious misnomer and is just a ploy by the “Scammers and Charlatans to get your money.

These rogue/shady applications do not infect your device; these applications don’t “magically appear on your phone by opening an infected attachment or visiting a malicious website; these applications only get on your device by you, the owner of the device, selecting to download and install them. If a user does not choose to download and install these apps, they will never get on their phone. 

My suggestion: Don’t run out and drop money on an anti-virus solution that is really just taking up space on your SD card and sucking your battery life

Wed

Nov 23, '11

The City of Boston tackles the BYOD Trend

Many organizations, large and small, are struggling with the BYOD issue. BYOD stands for "bring your own device" and refers to employees providing and using their own smartphones or tablets while at work.

Wed

Nov 2, '11

The Impact of BYOD on Your IT Dept.

It's really not a good idea, on so many fronts, to let employees "Bring Your Own Device" (BYOD) to work.  By this, I refer to employees buying and using their personal smart phone and/or tablet at work, in many cases, to do work.  Some of the inherent challenges include productivity loss, security risks, data loss, liability risks, and device management challenges.  

Sure, it saves money to let employees spend on the devices.  And, the need to be mobile is growing. Forrester Research predicts that as many as 60 percent of information workers will work in a location away from their office during a typical workweek. Mobility is key to the future.

Mandating that employees own specific company-approved devices won't get you very far in many cases. Phones are kind of like cars. Employees pick the device that represents their personality, fulfills their needs, and feels good to use. If an employee chooses their device, the IT group will struggle to keep the large number of disparate devices supported and up-to-date with the latest company policies and apps.

Also, IT guys are used to three to five year upgrade cycles with laptops and desktops. Most people upgrade their phone about every eighteen months. This constant flux will keep IT hopping.

What's more, mobile device users are accustomed to installing apps ad hoc, anytime.  The iTunes Store and the Android Market have programmed us to be on-demand driven. Employees will hope to do the same and IT will have to manage updates just like iTunes and the Market.

Malware protection and antivirus solutions exist, but they haven’t been widely used yet. If you allow employees to BYOD, that usage policy needs to change.

In addition, your organization will need to govern what types of data can be stored and used on an employee's mobile device. Consider how easy it is to lose your customer list or your patient's health history.  What happens if the phone or tablet is lost or stolen?  Can you lock it down to avoid data loss?

BYOD is going to have to be managed in the very near term.  We are looking for and developing solutions to resolve the challenges mentioned here.

Wed

Oct 12, '11

Employee Productivity Has Gone to the Birds

With the headline, “The world's love of Angry Birds could be costing U.S. businesses over $1.5 billion in lost wages, it’s a good time to consider the impact the Internet has on employee productivity. (Source: Business Insider.)
 
Left to themselves, employees get distracted by Facebook, personal email, downloading videos, web browsing, music streaming, fantasy sports, online shopping, online banking, pornography, gambling, and the like.
 
Some stats suggest that up to two hours a day are spent by the average employee doing non-work-related Internet use.  If an organization has 20 employees, and each person surfs the web 1.5 hours per day, and the average wage is $25/hour, then the organization is losing $195,000 per year (assuming a 260-day work year.)
 
In addition to the time lost while roaming the web, employees don’t realize that just by visiting some web sites, a browser can become infected with malware.  Thus, there is a security risk to an organization if it has a “hands off my Internet approach to managing the team.
 
Finally, if the organization doesn’t take a stand on pornography use on company assets or premises, a sexual harassment lawsuit might result.  This would be due to the company’s negligence at creating a “hostile work environment when a female employee is exposed to pornography against her will.
 
There are tools to filter and limit Internet use by employees. Angry Birds would then be relegated to a hobby done off premise and after hours.  It’s your choice.

Wed

Sep 14, '11

Match Your Filtering to your Corporate Policy - and make sure you have a corporate policy!

I work as a programmer and try my best to stay out of anything that hints at being anything other than technical. If something comes my way that smells in the least like a corporate, marketing, human resources, or other nasty untechnical topic, I am the first to hide under my desk or run the other way. But like taxes, bullies, and Mother-in-laws, sometimes you can't run or hide from this unsavory subject if the ball rests in your court because you are the technical person in IT who has to administer the infrastructure for internet use.

Tue

Aug 9, '11

Keeping Productivity High

Last month I read an article about some city hall workers in Dallas Texas. Among other information this article revealed that many of the workers had spent as much as 68 hours on facebook.com over a 3 month period. Personally, I don't find this number shocking at all, there are many other studies showing that many employees spend as much as 1.5-2 hours a day using the Internet for personal use.

Tue

Jun 7, '11

Need for Content Filtering at work?

I have heard dozens of opinions about the need, or lack thereof, for content filtering in the work place. I have heard the side of, "We are all adults here," and "We expect our employees to exercise restraint while in the work place." I have actually talked to company CEO's that have said, "As long as they have their office door closed we don't care what they do on the Internet."

Wed

May 25, '11

Where are all the "good" Android Tablets?

Good Android tablets seem to be MIA. Many big name companies showed tablets at the CES event in Las Vegas last January but have either put their Android tablet on hold or have removed it from their product lineup all together. One key reason could be that consumers aren't buying, and demand is really weak. Who can afford to sell something people don't want?

Thu

May 19, '11

Ratings are not enough for mobile apps

A few recent articles discuss CTIA's call for a unified "rating" system for mobile apps. Note: CTIA is the Cellular Telecommunications Internet Association, a nonprofit that includes wireless carriers and suppliers of wireless data products and services.  The articles are informative and interesting but the rating system is still in discussion phase.

Rating systems are a practical method to help set expectations. Most are familiar with the Motion Picture Association of America's rating system for movies (NR, R, PG-13, PG, and G) and perhaps somewhat less familiar with the Entertainment Software Rating Board (ESRB) system of rating video games. 

The mobile app rating initiative is a noble venture. Parents would be enabled to make educated decisions about the apps their children want. Even though most app markets have a version of content ratings, the system needs improvement. For example, in the Android market, you won't see a content rating until you tap the “More drop-down box to get a complete description of the app. Unless a parent is conscious of its location, a rating will go unnoticed. I wasn't even aware of these ratings until I read an article discussing the new system.  I consider myself fairly informed, too.

The nice thing about the MPAA and ESRB is that when kids go get to a point of sale at the movie theater or retail store, they should be stopped by the clerk prior to purchasing mature content.  In the world of smartphones and tablets, however, there is no one waiting at checkout asking for proof of age.

More important is the issue that unless app management software is installed on a smartphone, a parent won't truly know what apps are installed. Consumers are likely to revolt if asked to indicate their age somehow on their device. This is due to privacy concerns, and even recent lawsuits against Google and Apple regarding location tracking.

A unified rating system would be well received but given the complexity of enforcing the rules, it would seem impossible to protect identities and block mature content without the aid of some type of smartphone app manager.  An app manager should be able to block downloads of mature applications, alert parents when downloads have been attempted, and describe the downloaded content.

I hope the CTIA is able to introduce a well designed rating system, but I also think it's important for consumers to recognize that it's only one tool in an overall solution. Without an app manager, kids will sneak past faster than they do at the movie theater.