Back to BlackBerry: Frustrated Mobile Users Reject BYOD for the Former Market Leader

It’s a tough time to be a BlackBerry user.  Despite having a committed fan in the Oval Office and some new features to brag about, including a digital assistant, BlackBerry has seen Android, Apple and Microsoft phones completely erode its market share. Its popularity has actually receded so far that BlackBerry is now less popular than nameless “other” devices in smartphone market share surveys. As bleak as the news seems, though, a resurgence of BlackBerry is possible, at least in some circles. Thanks to what some say are restrictive Bring-Your-Own-Device (BYOD) and remote access policies, some mobile devices users in the corporate world are rebelling against BYOD – specifically, they don’t want their personal mobile devices to be controlled by their employer’s IT administrators. They say that mobile device management products and oversight mechanisms quickly deplete their battery life, disrupt their desired workflow, and, worst of all, infringe on their privacy. This is a problem they never had with their corporate BlackBerrys, which, unlike today’s market leaders, were better suited for use in business settings. CIO Magazine collected this information from an anonymous, frustrated IT executive at a New York City investment firm, who also shared that 60 percent of the company’s employees would rather go back to using the two separate devices, including a BlackBerry solely for business use, instead of using one phone to store both their personal and professional information. He described in detail the “nightmare” environment around the company’s BYOD woes that was caused by the company’s invasive BYOD policies. Although the issues plaguing this investment firm could translate over to other companies, it’s not...

Broward College Deploys a Network Security Strategy Fit for the Best and Brightest

In the 1930s, when Louis A. Simon designed the famous U.S. Bullion Depository at Fort Knox, he could only have hoped that the building would be so secure, so impenetrable, that generations of Americans would come to regard “Fort Knox” as the highest compliment that could be given to a structure whose purpose is to defend whatever is inside. In the case of Fort Knox, what’s inside are the U.S. gold reserve vaults. In the case of Broward College in Florida, what’s “inside” is the personal information of more than 68,000 students, 2,000 staff and faculty, and thousands more alumni and other former community members. And it really is a modern-day Fort Knox when it comes to its approach to network security. Playing the role of Louis A. Simon for Broward is Matt Santill. On paper, he’s Broward’s chief information security officer. Informally, he’s the school’s “Mr. No.” Santill is the reason that students, staff and faculty are no longer able to connect their personal devices to the school’s network without registering them first, he’s the reason peer-to-peer connections aren’t allowed, and he’s the reason that staff cannot use personal cloud-based file-sharing services. Santill acknowledges to Network World that this approach – seen more in enterprises – is a rarity on college campuses. Yet, that doesn’t mean it’s unfair or overly broad. Santill’s approach to network security has kept Broward’s name off the front page and protected its students and staff – what seems to be a rarity these days. Broward College: An Exception to the Recent Rule It was a spring to forget for three prominent institutions of...

Are Privileged Users the ‘Weak Link’ in Your Network Security?

If a group is really only as strong as its “weakest link,” then why are so many enterprises, which are otherwise concerned about their network security, so quick to add new “links”? Every new user that gains privileged network access increases the risk that one link in the chain could break, thereby jeopardizing the entire organization. Two of the highest-profile companies in the world – eBay and Target – learned this lesson the hard way, after attackers were able to gain remote access to their networks by compromising just a handful of privileged user credentials. So, while the attacks were ultimately carried out by malevolent actors, they might have never occurred if not for unknowing accomplices on the inside. “Privileged” users are called that for a reason. In some cases, they have unfettered access to system and network resources, as well as the protected information hidden behind these systems. There may be fewer controls over them. They can also remotely access the network, from any device, further escalating risk. They can be database administrators, data center operators, application developers or network engineers. The list goes on. In some cases, after the dust settles from a breach involving a privileged user, these insiders are found to have had ill intent. Other times, something as seemingly harmless as an administrator misplacing a password, accidentally clicking on a malicious link or failing to log out of a system can lead to a devastating leak. So, how widespread is the problem? It’s not enough to point to the eBay and Target breaches alone and conclude that the danger posed by privileged users is...

Hacks of Houston Astros, Butler University Put Network Security on Center Stage

Even though the Houston Astros have been the worst team in Major League Baseball for the last three seasons, one of the team’s off-the-field accomplishments — its proprietary internal computer database — is now the envy of the rest of the league. This system, known as Ground Control, allows the team’s front office executives to centralize and exchange information about player contracts, scouting reports and statistics — all through one web address. Yet, even as news story after news story praised Ground Control and general manager Jeff Luhnow, who is much of the brains behind the system, Luhnow himself spoke about his “low-level but omnipresent worry” around Ground Control — that the sensitive information it contained could be exposed. Given Luhnow’s past work as a technology entrepreneur, his risk averse approach should come as no surprise. In March, Luhnow told the Houston Chronicle that the team had insulated itself from risk by only giving employees access to the specific information they needed to make decisions. Despite all these precautions, an outside hacker infiltrated Ground Control last month, revealing private conversations that the Astros had with other Major League Baseball teams. In the wake of the incident, Luhnow has said the team is working to upgrade its remote access security infrastructure and he, for the time being, has gone back to using a pencil and paper to take notes, just to be safe. In acknowledging the “double-edged sword of technology,” he said that other teams should also evaluate their own remote access security, because, in his words, “If it happened to us, could it have happened to other clubs?” The...

Government Network Security Failures Led to Remote Access Breaches

As technology advances, the number of cyber-attacks on both public and private networks also increases. According to the Washington Post, in 2013 alone, more than 3,000 enterprises were notified of system hacks that had the potential to expose sensitive information and powerfully damage their brands. Former NSA director Keith Alexander pointed out earlier this week that government networks are far from secure, as the NSA and the Department of Defense uncovered more than 1,500 pieces of malware on the U.S. government’s most secret networks. “What causes me the greatest concern is what might happen if our nation was hit by a destructive cyber-attack,” Alexander said, noting that most of the country’s critical networks are operated by private industry. “If [a destructive attack] hit one of our Wall Street banks, the monetary damage could be in the trillions of dollars. We’re not ready.” That is certainly a chilling thought, but are government agencies doing enough to secure remote access to their networks and the networks themselves? All signs point to no due to the increasing number of breaches agencies have been reporting recently, such as the public utility industrial control system (ICS) compromise reported by the Department of Homeland Security this month. Needless to say, urgent action needs to be taken to defend against such attacks. In fact, Alexander’s comments could not have come at a better time, as the Montana Department of Public Health and Human Services was recently hacked and 1.3 million patients had to be notified that their sensitive information was potentially compromised. While there was no proof that the data was used for nefarious purposes, the...