Is Motorola’s New Patch Schedule Exposing Users to Security Threats?

It seems Motorola has decided that the extra work of keeping its Android devices up-to-date with the latest security patches is not important enough.

Motorola has just announced that it will not follow Google’s Android security update cadence.

Instead, the mobile company will only provide security updates to its smartphones when it is convenient for their development team. The reason is: “…because of the amount of testing and approvals that are necessary to deploy them, it’s difficult to do this on a monthly basis for all our devices. It is often most efficient for us to bundle security updates in a scheduled maintenance release (MR) or OS upgrade.”

This means that Motorola’s Android users are more exposed to security vulnerabilities than other mobile users, such as Google Nexus.

Mobile security is a top concern for many businesses. In the recent Cisco 2016 Annual Security Report, mobile security was identified as one of the top security defenses SMB are currently using.

However, the truth of the matter is that up until now, we haven’t heard that much about large-scale security incidents involving mobile devices. In fact, in the latest Data Breach Investigations Report from Verizon, security researchers from Verizon specifically mentioned that they did not even have enough data to support adding mobile attacks to their report.

Ransomware for mobile?

Ransomware may change this. As more cybercriminals consider ransomware as the go-to method for making money in the PC market, targeting the vast amount of mobile device users may be the next natural step toward increasing their revenue stream.

As more and more employees depend on their mobile device for their daily work, taking those devices hostage may be just as effective as taking employees’ PCs hostage.

Every day, new vulnerabilities are detected in mobile devices which may allow attackers to successfully run ransomware code that can breach the sandbox environment implemented by all modern mobile OS.

One example is the Accessibility Clickjacking vulnerability discovered by SkyCure some time ago. This Android OS vulnerability allows an attacker access to resources outside of the sandbox. It’s this type of vulnerability that is exactly what ransomware needs in order to encrypt all the files on the mobile device and effectively take it hostage.

Ransomware has a direct and quantified effect on both the user and the business; therefore, it may tip the scale toward the importance of securing mobile devices. A concerted effort should be made to ensure that the mobile device OS is up-to-date with the latest security patches—effectively blocking any attempt of leveraging known vulnerabilities and unleashing destructive attacks like ransomware.

Keep your systems protected with LANDESK Security Suite and don’t forget to check out our free white paper below.

Blog-CTA-Whitepaper-527x150

Wi-Fi Security at the Republican National Convention? Not So Much

Now that the Republican National Convention (RNC) is over, it’s time to review what may be the biggest story to come out of that event. It’s a story of widespread deception that fooled many, and the possible consequences of the success of that deception.

I’m talking, of course, about the duping of some 1,200 convention delegates, who were fooled into logging onto fake, “free,” public Wi-Fi networks.

Fake Wi-Fi Networks

Avast, an antivirus software purveyor, set up fake Wi-Fi networks with real-sounding network names (SSIDs) for a single day. And ignoring much of the non-political news of the day and any education they may have received at work, delegates connected.

“Some 68.3 percent of users’ identities were exposed when they connected, and 44.5 percent of Wi-Fi users checked their emails or chatted via messenger apps,” The Register reported on July 21.

In many cases, delegates were completely clueless about the risks they were taking. “With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting. Although convenient, this feature is eminently easy to exploit by cybercriminals who set up a false Wi-Fi network with a common SSID. Moreover, web traffic can be visible to anyone on any Wi-Fi network that is unencrypted. Any Wi-Fi that does not require a password is a risk,” the article added.

Now, none of the preceding paragraphs should be news to anyone carrying a smartphone, whatever the delegate selection criteria were for this event. But sadly, the RNC Wi-Fi debacle is more typical than exceptional.

People Open Phishing Attachments

In his recent blog post, Ransomware: The Threat and How to Protect Your Enterprise Part 1, my learned colleague Eran Livne noted that “23 percent of those who receive phishing emails open them, and 11 percent of those recipients click on attachments to those emails,” from the Verizon 2015 Data Breach Investigations Report.

Verizon also found that a phishing campaign of as few as ten emails was more than 90 percent likely to fool at least one recipient. This despite earnest user education efforts about ransomware, not to mention highly visible media coverage.

Which brings us to the crux of the issue: the all-too-human tendency to know, but not to do.

To Know, But Not to Do

“Currently, more than one in three American adults over 20 is obese—up from roughly one in four 20 years ago—and nearly 70 percent are overweight,” reported Catey Hill in the December 2015 MarketWatch.com article.

And those figures make weight loss big business.

“Companies that focus on weight-loss services (think Nutrisystem and Weight Watchers) raked in $6.3 billion in revenue in 2015, according to an IBISWorld report; sales of supplements—many of which promise weight loss—add billions more,” the article added.

By the way, that IBISWorld report estimated 2015 profits for weight-loss companies at $934.5 million.

The amazing thing about this market? Most weight-loss advice boils down to the same guidance: eat more mindfully and move more often. Which implies that most of us who struggle to avoid the “obese” category know what we need to do, but just don’t do it.

Wi-Fi security is a lot like weight loss. Tons of money gets spent on Wi-Fi security, but someone puts themselves, their personal information, and their company’s networks at risk every day by connecting to networks with no or inadequate security.

You Know What to Do, So Do It!

So, as Eran also said in his blog post, “…by all means, implement a user-education program—but also take at least some basic measures to protects the data on all endpoint devices.”

LANDESK can help, and you don’t even have to buy anything. Start by reading Part 1 and Part 2 of Eran Livne’s ransomware blog post.

Then, head for the LANDESK webinars page, and register for our August 3 webinar on: “Ransomware: The NSA’s Top 10 Mitigation Strategies (and More),” which will feature LANDESK CSO Phil Richards.

Don’t forget to check out some of our solutions for fighting ransomware and other IT threats, including our free white paper below. That way you can minimize the negative effects of that all-too-human tendency mentioned earlier, “to know, but not to do,” the next time it hits one of your colleagues. Or you. (Just sayin’.)

Blog-CTA-Whitepaper-527x150

Mobility Management and its Role in Unified Endpoint Management

It’s an annual event that we look forward to at LANDESK, the release of the Gartner Magic Quadrants (MQ) for our various solutions.  For me, the Magic Quadrant for Enterprise Mobility Management Suites is special.  Not because of the days we invest preparing our response (it’s a lot of work), but the MQ gives an opportunity for those of us who live with these products day-in/day-out a chance to step back realize how fast this area of technology moves, and what it means to our customers.

It makes sense, when you think about it: Users exchange their mobile devices every 12-18 months, and that can cross two generations of smartphone models.  With that compressed lifecycle, and the evolution of functionality that comes with each new generation of device, keeping up with the technology is worthy of an annual assessment like the MQ.  Mobile, on its own (and that’s how the EMM Magic Quadrant is determined) is so dynamic, so when we see the MQ publication, we are always happy to see the market assessment aligning with big challenges our customers are looking for us to help them solve.

One of the biggest changes this past year has been the desire to consolidate the toolsets needed to manage everything users carry – from their laptop (and it could be Windows, Mac, etc.) to their smartphone/tablet/other (Android, iOS, etc.). The term is “Unified Endpoint Management”, and we have been hearing a lot from our customers about the desire for clients of all types (traditional and mobile) to be managed together in this way.  It enables user-centered IT management with huge efficiencies. This is the first time that UEM rankings have been part of Gartner’s Magic Quadrant criteria.

For the IT admin, it offers a single system for configuring and managing everything a user carries.  A truly integrated UEM solution, such as LANDESK Management Suite 2016, delivers this in such a way that make it super easy to see, configure and manage all the devices in a user’s portfolio, together and simultaneously.  For the end user, they can count on consistent access across the screens they use, because the policies are configured uniformly based on their role, not the device itself.  Simple, easy user management.

We don’t want to spoil the fun of reading the Gartner Magic Quadrant for Enterprise Mobility Management for yourselves, but we’re extremely proud of our inclusion and move into the “Visionaries” quadrant of the MQ (no vendor saw as significant a shift in the positive direction)!  We’re also honored to have been recognized for our Unified Endpoint Management approach, which leverages our historic strength in Client Management Tools, and brings EMM into the same LDMS product for a truly integrated solution.  Take a look Gartner’s assessments, then take a look at all the devices your users carry.  Do you have all the visibility you need to confidently manage it all?

Move Over Grandma, Here Comes LANDESK 9.6

My grandmother lived in an amazing time in history. Through her lifetime she saw the emergence of cars, airplanes, spaceships and computers. By the end she was working on becoming a MS Word guru and adopting cell phones. It is just amazing to see how technology has progressed in her lifetime. Grandma and typewriter

Looking back through her life, I think of how she had to communicate with her five sisters and mother who lived across the country.  Since long distance phone calls were expensive, here are the steps of keeping up with the family back in the mid-twentieth century:

  1. Pre-write a letter with a pen and paper.
  2. Find the typewriter with the sticky “t” key.
  3. Load typewriter with 6 sheets of paper and 5 pieces of carbon paper. Both of these items were very scarce during WWII.
  4. Type with such force that it nearly breaks the typewriter to get through all 6 sheets of paper.
  5. Hope to goodness that you didn’t make a typo – no spellcheck.
  6. Find 6 envelopes and stamps and make a trip to the post office.

And presto, in a little over a week, her family would get a communication from her. Contrast this with taking out your smartphone, snapping a picture of your kids and sending it to your entire family in the blink of an eye.

What does this have to do with LANDESK 9.6? LANDESK (LD) has worked hard to make the process easier for IT folks. With each new version, managing systems is becoming more like our social media example and much less like my dear grandmother.

During Interchange 2014, we worked on what would be the best way to show the efficiencies gained in our new provisioning process in LD Management Suite 9.6. Our plan was to show a video of the existing product version to create a migration template and contrast that with Rex McMillan, our Product Manager, creating the same task live with the new version.

As with all best laid plans, ours went awry. Just like watching a racecar from the sidelines, Rex was so fast that we were unable to switch to his live machine quick enough to show him actually create the task. Take a look at these videos:

LANDESK Interchange Keynote on Creating Provisioning Templates

LANDESK – Old Way of Creating Provisioning Templates

Provisioning is an important task and one that IT administrators do on a regular basis as they onboard new employees, change out hardware or migrate to the latest Windows® version.  Streamlining this task makes it much more efficient for the IT admin to effectively repeat this process and even upgrade the user to the latest software titles in the process.

It worked out in the end. Rex was able to show how he considerably decreased the amount of time taken and increased efficiency in creating the completed task. With each new version, LANDESK is making life much easier for IT; it’s like upgrading your typewriter to a smartphone.

This is just one of the many new features coming in LANDESK 9.6 making its debut July 22, 2014!

Total User Management is not Only Easier to Use, But More User-Focused

Ever been frustrated at a random reboot?

In my last post, I introduced you the latest version of Total User Management, and gave you an overview of just some of its new improved features. For this article, I was hoping to drill down a little bit further and offer more insight into how Total User Management is not only easier to use, but more user-focused.

I think we’ve all been there, IT specialist and lay person alike. You’re right in the middle of something important—usually time sensitive in nature—when your machine decides it wants to reboot and patch right in the middle of everything. Now, let me give you a better idea of just how archaic this really is with an analogy.

LANDESK Acquires LetMobile

Following our incredible momentum from 2013, I am excited to announce that this morning LANDESK Software announced it has acquired secure mobile gateway provider LetMobile.

We are excited to welcome the LetMobile team and their innovative technology to the LANDESK family as we continue to deliver on our vision of user-oriented IT. As you will see over time, this integration makes a lot of sense because LetMobile has a similar approach to LANDESK, one where the end user is front and center.

The safe management of data in the mobile domain is one of the most pressing issues in enterprise mobility and in IT generally. With thousands of new devices entering the enterprise every week and with a variety of ownership and responsibility models, IT decision makers are working to understand the next steps in the mobility narrative. Complicating these issues is the central fact that these devices are used for professional and personal activities interchangeably throughout the day. How can IT come to terms with the security risks brought by this new digital lifestyle? 

BYOD Now More Important to Workers Than Coffee

Using personal devices in the workplace is not a new topic and now pretty common practice across the European workforce. However, whilst many people are still talking about the effects BYOD is having on staff productivity and the remote working benefits it offers, the cost saving and corporate spending debate for organisations and users remains on the side-lines.

According to our recent research, having the latest consumer device to use in the boardroom or replacing a notepad for a tablet is proving to be so popular with employees that not only do 39% of employees now purchase their own device for work purposes, but they are actually spending more of their own money on them than they are on tea and coffee.

User-Oriented Mobility: One Size Does Not Fit All

If you read the media, one would think that the whole world is going to be using their own device and that device will be mobile. While BYOD and mobility are indeed transformative, this monolithic view of the world misses some key differences based on different types of users and the job they do. Taking a user-oriented mobility view shows some key differences between people based on the job they do.

As you look at different users, you see some key differences in the devices they use, the ownership of the device, and the business concern for that device. In an attempt to simplify (but not oversimplify) mobile users, let’s look at 3-4 different user types:

  • Operational Task Workers
  • Customer Task Workers
  • Knowledge Workers: Corporate Controlled and BYOD

Operational Task Workers
Think of the person working in a warehouse or doing deliveries and this would be your operational task worker. What does user-oriented mobility mean here? This person is probably using a rugged mobile device that probably has a barcode scanner or takes signature input. This person is not going to be bringing their own device to work do to cost and specificity of the job. Organizations primary concern here is productivity so they are going to provide the device, standardize devices for consistent experiences, and the devices will be shared due to shift work. Without this device, the user is unable to do their job as it is mission critical to their work.

Knowledge Workers: Corporate Controlled
Accounts, lawyers, marketers, HR, engineers and many others make up the knowledge worker space. To date corporate control has been the norm and in many cases will remain the norm for certain industries and geographies. For example, many European countries privacy and work laws result in users having a personal smartphone and a work smartphone. Other regulated industries (finance, healthcare, government) want to maintain control to be in compliance with standards.

Security is the primary business concern in this situation. Here users will be provided the device (a smartphone andor tablet) and in many cases the experience will be similar to desktops and laptops in that the devices have a higher level of standardization, control, and security. Unlike the operational task worker, this person isn’t crippled if their device goes down as they will likely have a laptop or desktop or another mobile device to fall back on.

Knowledge Workers: BYOD
Everyone’s favorite topic: the BYOD knowledge worker. In some cases this person is both BYOD and corporate controlled. This person has a new tablet or phone and wants access to corporate resources across all their devices. In other cases, this could be a contractor who has their own devices and needs to access a client’s ‘network, apps, and data. User-oriented mobility means less intrusion on the end user experience, but security is still paramount for the business. Herein lies the challenge: secure the user’s personal devices without disrupting their experience.

Customer Task Workers
I saved this one for last because it is an interesting segment. This might be a retail associate, a car salesman, a healthcare worker or anyone who is assisting customers with a sale or service. This person is interesting because they are most likely moving away from a shared PC or shared rugged mobile device to a tablet. This user’s device is typically corporate owned due to shift work and the need for standardization. There is a strong need for security and productivity here due to the type of information that is stored or accessible from this device (product information, customer information) and the purpose of the device (sales and customer transactions). Expect a lot of device proliferation here as they are coming from a shared device model.

Mobile is applicable to everyone. User-oriented mobility means organizations need to consider the types of devices and solutions that are most appropriate for the different users to do their job.

User-Based vs. Device-Based Pricing

With the increasing impact of BYOD on businesses, it makes sense to look at the difference between user-based and device-based pricing. Different sources such as studies from Cisco report that people are carrying around 3 devices each. Another statistic I recently saw reported that people in Great Britain are switching their focus from one device to another more than 20 times per hour. Wow! Talk about a little ADD. Who knows, it might even be worse in the Americas. Maybe ADD in technology parlance should stand for Added Device Disorder.

But what does this added device disorder do to your IT budget? If you’re currently licensing everything based on each device, the cost will skyrocket over the next few years. This short animated video talks more about the dilemmas you could be facing:

[youtube=http://www.youtube.com/watch?v=hTkg8cBOitY&feature=youtu.be]

 

ROI of the Mobile Worker

Over the past several months, I’ve been listening to the way customers describe their return on mobility investments.  The answers are impressive.  Answers range from increases in worker speed of task completion, to task accuracy, to month to recognize complete return on dollar investments, reductions in man-hours for cyclical process completions, reductions in seasonal headcounts, reductions in worker training time, and more.  The measurements of return on mobility investment are impressive percentages and yield significant dollar-value savings to each of the companies I’ve heard from.

What is really interesting is how companies can measure their return on investment in such vast and different ways. In some cases, the measure is dollars saved by reducing errors.  In others, it is increased shipments that yield additional dollars per package shipped.  In still others, the savings is recognized by a reduction in seasonal labor, or less worker hours dedicated to completing a specific task.  Whatever the measurement, there are two things that remain true: Every measurement ties to a dollar-value savings that can prove a mathematical return on investment for the dollars spent enabling mobility.  Even more importantly, the measurement each company used to describe their ROI told far more about the problem each was attempting to solve.

Enterprises deploy mobility to achieve a higher level of productivity, but it is not done just Warehouse worker using mobile devicefor the sake of using mobile technology. There is an underlying pain that the company is trying to address – some way of improving a process to gain efficiency, or to recognize a cost savings.  There is a problem to be solved by deploying mobility – and one recommended approach to begin defining the best mobility solution is to start with an operations audit that can help find the weaknesses and inefficiencies in current processes.  By adding automation and voice-enablement, Speakeasy has consistently shown productivity gains for mobile supply chain workers of over 35%. That’s like getting an extra day of productivity from every worker – for every three days worked. Now that’s a fast ROI!

What problems are you aiming to solve with mobility in your enterprise? What measurements are you tracking to determine ROI?  Email me with your objectives at: Robert.DeStefano@LANDESK.com