All posts by Kris Price

Mobile Device Management in the Cloud Era

The greatest worry about Bring your own device (BYOD) strategy is security. With larger cloud service providers and hardware device manufacturers giving a serious thought to acquiring and consolidating mobile device management services, the problem of security may get resolved in unexpected ways. However, for the present and perhaps for all time, cloud users are advised to focus on data protection and security management and leave mobile device management technologies and integration efforts to the professionals and cloud technology developers.

Traditional data management services assume that data resides on the devices from which it is accessed. With the advent of the cloud, data no longer resides on devices, but in the cloud. The device is merely the access gateway and not the storage repository. Users no longer need to store the information for ease of access or email it to themselves for their use. The data can be accessed from anywhere, anytime and form any device with a simple browser based application and an Internet connection. As a result, administrators need to focus their attention on the institution of data and user governance policies and implementation of these policies enterprise wide, rather than on the technologies that make it possible for them to manage mobile devices connecting to the enterprise network.

Collaborators operating on the same network are freed from the burden of providing their team with the latest versions of the documents. All versions of the document are stored in the enterprise cloud and are available to them at all times. The documents can be accessed and viewed by multiple users and even modified collaboratively, using sophisticated tools that are made available with the cloud software. None of the users need to grapple with technicalities of file sharing protocols or file synchronisation, etc. These activities are abstracted to the cloud software, and the end users are left free to work with the files in real time over the Internet.

The key to effective mobile device management lies in acceptance of the changed reality. Enterprises, launching into mobile device management technologies must begin their journey with a complete understanding that they are creating a new paradigm in technology management. They must get ready to abstract almost all technology related managerial tasks to the cloud service provider while retaining the core of their business data management with themselves. They should focus on the task of setting up a policy driven user management system, creating security awareness among their employees, and instituting policies for monitoring and reporting on the quality of cloud services they receive.

Management Oversight—Cloud Tools

There was a felt need for standardised practices in cloud management as public, private and hybrid clouds gained popularity.  Over the decades, a few standards have emerged and there are many more in the pipeline.  Reputed cloud service developers and enablers like Asigra constantly update their software to include new tools that help IT managers and CIOs retain control over their data, maintain security of the systems, and manage their users efficiently.  Here are a few cloud tools that help IT managers in their quest for data control.

The cloud democratises computing. While this is good for business, it creates a few headaches for the management. For instance, mobile and remote users can upload or download data from wherever they are, with whatever device they have on hand without obtaining permissions from the IT Administrator.  The security of the information, the type of applications in use on the connecting device, and so forth, can create security problems that the Administrator must anticipate and provide for. It follows that there is an urgent need for policies and procedures that enforce access boundaries and user permissions, and for tools that enable the Administrator implement these policies and procedures.

A number of cloud service providers use software agents with administrative dashboards that equip the manager with the necessary tools for creating and managing users, who have the necessary company-defined rights and permissions to access the network, and perform some or all operations on the data that they access.

The cloud entrusts data to third party servers.  As a consequence, IT managers worry about security.  The cloud addresses a few of these issues by provisioning for layered data security.  Most cloud service providers use third party (FIPS-140-2) certified cryptographic algorithms to encrypt data. These algorithms are often described as bank grade or military grade and generally use AES 128,192 or 256 or Blowfish that have proven to be impregnable to date.  The symmetric keys that are used are often user defined and private keys that can remain secure with the data owner.

The third party service provider does not have access to the content of the data store that is hosted on their cloud server as a result of the encryption.  Security and availability of data is further strengthened with the institution of “as is” replication and disaster recovery systems and guarantees that the information will not be accessed by the service provider or their associates at any time.  Managers can recover or purge the information contained in the cloud service stores at any time they wish to rescind from the contract using tools provided for the purpose.

Disaster Recovery of Backed up Virtual and Physical Machines

Not being prepared for disaster is not an option. Total environmental duplication is expensive.  Attempting to recover only when there has been an incident is tempting the fates. These traditional approaches to disaster recovery create a lot of uncertainty and even stress for the organisation.

The growing sophistication of the cloud holds out a promise for backup and recovery of both physical and virtual machines.  Cloud backup vendors are “disaster aware” and make elaborate provisions for recovery of their customer data. The disaster recovery efforts indirectly benefit customers who sign up for cloud based backup and recovery accounts.

At the core of the disaster recovery best practices that is instituted by the cloud vendor is—data replication. Replication helps the vendor rotate the backed up customer data offsite.  The replications use high-speed connections for streaming the data and double protecting it.  The replication servers are separated geographically from each other, to protect the information against natural disasters that may impact any single data centre.  The vendor may create a hot site and a disaster recovery site with failover provisioning to ensure that customers always have access to their data even when the primary server experiences a shut down.

However, it should be noted that virtual machine replication is a complex task and not all cloud vendors have the technology required for the purpose.  Traditionally, the data contained in the virtual machine has streamed through the primary server before it is backed up to the replication server.  When the virtual machine has to be restored, the virtual machine can be brought online by restoring the virtual disk to the production stage.  All this may take a lot of time, and time is the scarce commodity during a disaster.

Improved cloud replication management technologies allow cloud vendors directly stream the data from the virtual machine to both the primary and secondary servers directly.  This enables instant recovery of the virtual machine (which exists in the production stage on the secondary server) even when the primary server experiences an outage.   Disaster recovery plans can be implemented instantly. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) can be tightly coordinated. Check with your cloud vendor on this point.

The integration of VM replication with the data protection solutions offered by your vendor is a bonus. It will empower your organisation and keep you prepared for all kinds of disasters.

Online Privacy: Is it achievable?

Facebook has made developments to allow their users access to the site without disclosing their identity or personal information. This has raised concerns regarding the safety of Facebook users, whether their personal information will be visible to unknown users and will the unidentified users be held accountable for their online behaviour. However, Facebook argues that this decision is allowing the site to develop further and become even more globally accessible.

Previously, Tor users could access Facebook via Tor, however the recent changes are allowing Tor users to use the service and continue unidentified, as opposed to previously, when they were recognised as hacked accounts and blocked.

In order to allow Facebook users access to the site whilst withholding their name, email address, personal details, Facebook has launched an .onionaddress.  This development has been described as an, ‘experiment,’ by the social network, recognizing  that the development is going to have flaws with regards to privacy, and that this first step will be one of several to achieve complete privacy for Facebook users.

The decision to allow complete anonymity has sparked controversy to those that find comfort in the safety and security of the service. Making the site available to anonymous users opens the door to the unknown and potential danger. This begs the questions what is Tor? And what are Tor users hiding?

Tor is an open network and free software, known as the Tor Browser bundle, which can be downloaded online. Tor prides itself on providing a service that can protect a user’s privacy and, ‘defend against network surveillance and traffic analysis.’ It anonymises users, through routing a user’s traffic in a series of other computers. It attempts to hide a person’s location and identity by sending data across the internet via a very circuitous route involving several “nodes” – which, in this context, means using volunteers’ PCs and computer servers as connection points.

This creates difficulty when trying to access Facebook because Facebook enforce security measures when a user attempts to log-in from an unexpected location. They ask a series of security questions to ensure that the account is not being used by a hacker, for example holidaymakers often find they must go through additional security steps, such as naming people in pictures, before being able to log-in while abroad. Furthermore, for a service that’s prime function for many is to socialize, and express yourself and your identity; withholding your identity and information somewhat defies the concept of social media.

Tor users continue to show as having various locations and consequently accounts were being locked out. This and several other difficulties such as fonts not displaying correctly, spurred Facebook to converse with Tor and establish ways for the two to work together, despite the concerns regarding Tor’s involvement with, ‘the dark web.’ There has been speculation that Tor has been used as a tool to pursue criminal activity; making illegal trades of arms, drugs and child abuse images accessible. However, the creators of the service argue that the service is for legitimate users that require confidentiality in their profession, such as journalists, activists, law enforcement etc.

Despite this reputation, Facebook and Tor have found common ground with regards to them both pushing for permission to be more transparent to its users about the amount of government attention they receive. The Tor project is a non-profit organisation that conducts research into authorities and large corporation involvement with social media, and the information that these bodies have access to.

Very recently this growing concern regarding online privacy has been the topic of conversation in the tech community with it being core to the debate at the Yorkshire Digital Summit. Key speakers such as Gareth Cameron, Information Commissioner’s Office, Paul Berwin, senior partner of Berwins Solicitors, Alex Craven, the chief executive of Bloom, argued a spectrum of ideas on the continually growing concern of our privacy as a result of social media and the World Wide Web. Cameron, argued that it is essential we take a grasp of our information and ensure that it does not fall into unknown or unsavoury hands, and then on the opposing side was Alex Craven.  Craven convincingly argued that online privacy is a concept of the past and that being online does leave us open to the dangers of the web.

In conclusion, there are two core reasons to why Facebook has made the controversial decision to work with Tor, allowing Facebook to be easily accessible from their page. Firstly, Facebook’s alliance with Tor makes them accessible to people where the network is blocked. Facebook’s decision will prove popular to those that want to stop their location and browsing habits from being tracked should they be located in nations where social media is not permitted, e.g. China, Iran, North Korea and Cuba are among countries that have attempted to prevent access to the site. Secondly, it would be beneficial for Facebook to further spread its net to the professional users of Tor. Tor is regularly used by professionals such as journalists, the military and law enforcement officers; they use Tor as a means of connecting with individuals exposing information that could put them in danger, members of the public that wish to keep their identity unknown for a variety of legitimate reasons.

Apple Withdraw iOS8 Update

Apple has been forced to withdraw an update for the iOS8 operating system for iPhones and iPads as it has ended up causing iPhone and iPads users a number of unexpected problems.

The update was meant to fix some bugs within the operating system which have been reported by iPhone and iPads users.

It has been reported that some users who have downloaded and applied the latest update suddenly started to have problems to make phone calls and use the fingerprint feature to unlock their phone.

On the plus side for those who have yet to upgrade their iPhone to the iPhone 6, it seems as though they are less likely to suffer any of the difficulties than those who have applied the update onto their iPhone 6.

A spokeswoman for Apple has confirmed that they are currently investigating the issues that have been reported and that in the meantime, they have decided to withdraw the update.

The spokeswoman stated, “We have received reports of an issue with the iOS 8.0.1 update. We are actively investigating these reports and will provide information as quickly as we can. In the meantime, we have pulled back the iOS 8.0.1 update.”

Affected users have already taken to social media website Twitter to express their irritation at the problems caused by the iOS update and to warn others not to download and apply it.

Such tweets included one user stating, “Not happy with my phone not working as a phone now. DO NOT UPDATE TO iOS 8.01” whilst another user stated, “Do not upgrade to iOS 8.0.1! Touch ID stops working but worse yet, you can’t connect to your wireless service.”

Before applying any updates, it is always good to test it first to ensure that it isn’t going to cause you unexpected problems or to wait a few days to see if anyone has experienced any issues.

It is also important to ensure that you have a successful backup of your data before applying any updates to give you the flexibility of rolling back before the update if any unexpected issues are encountered.

Have you applied the latest iOS8 update? Have you experienced any unexpected issues?

Apple iPhones Most Targeted by Thieves

A report that has been compiled by the Home Office indicates that Apple iPhones are the most desirable for thieves.

The report states that the Apple iPhone models such as the iPhone 5, 5C, 5S and 4S topped the table with the Blackberry 9790 making up the top five.

The collated results were based on information received from the Crime Survey for England and Wales and analysis of crime data in London form 1st August 2012 to 5th January 2014. According to the Crime Survey for England and Wales, 742,000 phones were reported as stolen between 2012 and 2013 whilst the Metropolitan Police reported that nearly 100,000 phones were stolen in 2013 in London alone.

The report also states that 14-24 year olds are most at risk of having their phone stolen with women also being targeted by thieves.

Home Secretary Theresa May who published the report believes that the number of phones being reported stolen is a concern because of the sensitive data that is now stored on.

May stated, “Crime has fallen by more than 10% under this government. However, the level of mobile phone theft remains a concern and people are increasingly carrying their lives in their pockets, with bank details, emails and other sensitive personal information easily accessible through mobile phones.

May added, “This is why it is vital that government, police and industry work together to tackle this crime.”

Metropolitan Police intelligence has also shown that there has been a reduction in thefts of iPhones after Apple released new security measures in its iOS 7 operating system in September last year.

An Apple spokesman stated, “Apple has led the industry in helping customers protect their lost or stolen devices since the launch of Find My iPhone in 2009 by allowing customers to remotely set a passcode or erase all their personal data.”

The spokesman added, “With iOS 7, Find My iPhone includes a feature called Activation Lock, which is designed to prevent anyone else from using your iPhone… if you ever lose it. This can help you keep your device secure, even if it is in the wrong hands, and can improve your chances of recovering it.”

As mobile phones have become more desirable to thieves, it is important as ever to ensure that confidential data is not stored on the device unless it is needed. It is also important to remain vigilant and to keep the mobile phone in a secure place to reduce the chances of thieves getting their hands on your phone.

If your phone is stolen, it is important that regular backups have been taken to ease the overall impact of replacing your phone.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal