Google’s ‘Android for Work’ BYOD Solution Requires VPN

Although Bring Your Own Device (BYOD) is not hitting the front page on a weekly basis anymore, it is still relevant. The hype may be over, but enterprises are now working to find practical remote access solutions for managing the variety of mobile devices utilized by employees at home and at work. BYOD policies often classify mobile devices according to their operating systems. Thus, administrators have to work with one of the following: Apple iOS, Google Android, Windows and BlackBerry. With Android for Work, Google is helping enterprises that deploy Android devices by offering a mix of apps, technologies and designs to separate and control business and personal use on mobile devices. Google uses elements of Samsung KNOX, specifically, mobile device management (MDM) and containerization technology, to separate work from personal data and apps within the device, similar to what BlackBerry 10 has been providing for some time. Android for Work also includes an enterprise version of Google Play, allowing employees to install only those apps that have been authorized by the network administrator. Personal and business use is separated by users logging in through different profiles. Once an application has been designated as a business app by the network administrator, it is possible to control data traffic and access rights. This does not affect other applications, since business apps are in their own separate area. Google devices with Android 5 (Lollipop) already have Android for Work integrated. Older versions of the operating system can be upgraded by downloading the app, available through the Google Play Store. Android uses the multiuser support in Lollipop, standard encryption and SELinux security...

The Lessons of Cybersecurity Awareness Month and What to Expect in the Year Ahead

For 11 years now, the U.S. government has recognized October as Cybersecurity Awareness Month. While the original goal may have been to acknowledge the growing risks that cyberthreats pose to national security, it has – unfortunately – become all too clear in recent years that cybersecurity is an issue that affects not just government agencies, but anyone and everyone, regardless of industry. Consider how, in the last few years, claims of identity theft and tax fraud have skyrocketed, targeted data breaches at major companies – from big banks to retailers to healthcare providers – are compromising millions of records containing personally identifiable information (PII) and the IT departments responsible for safeguarding against these risks seem virtually powerless. And with businesses progressively moving their operations online – shifting email, files and other data into single-vendor cloud platforms like Microsoft Office 365 or Google Apps – these risks and their ripple effects will only continue to grow. As our lives become increasingly digital and interconnected, implementing proper cybersecurity and staying one step ahead of new threats will only become more important. To that end, and as Cybersecurity Awareness Month winds down, here are a few cyber risks you should put on your radar to protect yourself and your data in 2016: 1. BYOD Workplace Policies Bring Your Own Device (BYOD) policies may allow employees the freedom to use their own familiar phones, tablets or laptops for work purposes. But, it also presents a glaring security flaw when you consider that 43 percent of smartphone users in the U.S. don’t use any kind of password, PIN or pattern lock protection – let...

Plan, Install and Operate VPN Gateways in Accordance with the BSI’s Basic IT Security Manual

While the core focus of IT administrators may not be security, they are often tasked with looking after network security, leading them to sometimes feel overwhelmed. They might ask themselves: “How do I know where best to focus? How do I know if my approach is correct?” Fortunately, such questions can easily be answered. Have a look at the manual for basic IT security from the Federal Office for Information Security in Germany (BSI). It contains many answers to security questions that IT professionals may have, but unfortunately, not many are familiar with the almost 4,500 pages of information, covering almost all aspects of IT security. The beauty of the BSI manual is that it’s written fully independent of manufacturers and can be used in almost all system environments. Divided into building blocks, risks and approaches, the manual for basic IT security provides a well-organized introduction and a comprehensive explanation of how to handle IT security matters. German government agencies have to be certified through the BSI, and all other institutions and companies can also be certified. BSI standards are the basis for the certification, which is compatible with ISO 27001. The implementation is described in the BSI manual. If an expensive certification is not required, working with the manual for basic IT security makes sense because the manual is free of charge – the current version can be downloaded from the BSI website and an HTML version is also available. Also, the clear structure is a big plus. If companies lack adequate security planning and a holistic view of IT security, the BSI manual presents a standardized approach...

The BYOD Backlash: Enterprises Search for a New Mobile Device Management Standard

If corporate Bring-Your-Own-Device (BYOD) policies are intended to be an acceptable compromise between employees and employers, why do both parties seem to be so consistently displeased with them? Let’s focus on employers, since they have final say as to what devices are permitted to access the corporate network. According to a study by CompTIA, BYOD has reached a breaking point. Fifty-three percent of enterprises now tell CompTIA that they have banned BYOD – up from 34 percent just two years ago. With that many employers banning BYOD outright, other initiatives have started to fill the vacuum. Believe it or not, some employers are finding themselves reverting back to how they handled mobile device management (MDM) years ago, before the infiltration of consumer devices into the workplace – by issuing work devices to employees. But what about the conventional wisdom that employees generally balk at corporate mobile technology, which may facilitate more secure remote access, but offers them little choice? As the CompTIA report found, some employees are actually open to using devices provided by the employer, on one condition – “if it is the same thing they would choose on their own.” What this shows is that even though a majority of businesses have banned BYOD, there’s still an opening for IT departments to provide employees with some degree of choice and flexibility in the mobile devices they use. And this degree of control is not through the physical device, but through the operating system – or rather, systems – that run on the device. One Device, Two Systems A container or partition solution is a newer form of...

How a Remote Access VPN Extends the Reach of Your IT Staff

What do the federal government’s Office of Personnel Management (OPM), Ashley Madison and Target have in common? They may seem entirely unrelated on the surface, but each organization has been a target of a high-profile data breach within the last year. Each new cyberattack is more proof that the threat landscape has diversified, leaving no industry, system or organization immune to vulnerabilities. The landscape would suggest that, now more than ever, organizations need nimble network security systems, supported by a disciplined IT staff that can keep up with the shifting state of cybersecurity. Unfortunately, while the threat landscape has clearly expanded in recent years, the IT security industry has yet to catch up and adapt to the quick rate of change. Across the board, there is a clear security skills shortage that has left IT professionals and their organizations without the necessary talent that they now require. In fact, 44 percent of organizations say that they have an inadequate number of networking and security staff with strong knowledge of both security and networking technology. Looking beyond these numbers, the problem is not necessarily a lack of skills, but rather, many organizations do not have ample personnel to field growing IT requests and security needs within their companies. To overcome this shortage, many organizations are seeking technologies that can augment their IT departments, without requiring extensive management by IT staff. Companies need easy-to-use solutions that largely run on their own and can be managed seamlessly – whether they are preventing a network hack or data breach, or merely enabling a company to function on a daily basis. Let’s take a...