January 2011 Archives

Smartphone and Mobile Security - 2011 will be an Historical Year

| No Comments | No TrackBacks
| More
At long last more people are realising that 2011 is quickly becoming the tipping point for mobile security issues, as reported here.

This is an area I am actively researching and I will be producing a range of reports and recommendations over the next year including an in-depth comparative analysis of the different OS platforms as part of some academic research I am completing. I am covering both active and passive attacks ranging from GSM air interface attacks through to the use of Trojan malware to target users.

My interest is in best practices for mitigating these attacks and what steps users, businesses, developers and organisations need to take to secure their smartphones.   

If you are active in this area as a researcher, vendor or consultant do get in touch so we can share ideas.

Its going to be a very, very busy year.

Nigel Stanley
Practice Leader - Security
Bloor Research



Webinar on developing a user-centric approach to cloud security

| No Comments | No TrackBacks
| More

From a user perspective, the term cloud refers to applications and services that are accessed via a browser, with no software or other agents needed to be installed on the device used to access them. From a provider perspective, there are many intricacies in setting up and managing such services, including ensuring high levels of control and security. But, for users, the key is simplicity and always-on availability. 


Organisations are seeing the advantages of allowing their employees to access the applications and data that they need to perform their functions from devices and locations that do not tie them to the office. For them, the benefits of offering applications via cloud-based services are many in terms of the lower upfront investment required and the reduced management overhead of managing the applications and provisioning their use to employees. All that is needed is a browser interface and, with just a couple of mouse clicks, a user can be provisioned to use the service. 


Now that the browser is the main interface, those applications can be accessed from a wide range of IP-enabled devices that allow internet connectivity. In many countries, there are now more mobile phones than people and the increasing sophistication of those devices means that they are often the first that users will reach for. The range of devices offering internet connectivity is also proliferating, such as digital TVs, and portable memory devices allow data to be transported easily from one device to another. 


Among the benefits of using applications delivered via the cloud are that they provide employees with the flexibility they demand in being able to access those applications from wherever they are, on whatever device they wish to use, whenever they want to. But, business applications are used to process, store and communicate information that can be highly sensitive or confidential, such as personal information and intellectual property. To defend itself against that information being accessed and potentially misused by those with no business reason to do so, organisations must develop policies regarding which employees can access what resources, from what devices and what they can do with the information they contain. 


However, a policy is only as good as the paper or electronic medium it is written on. It is a good as useless if it cannot be enforced. The only way to ensure that a policy is effective is to monitor how well users are adhering to its requirements, and that requires the use of technology. 


Join Bloor Research and Overtis Group for a webinar at 3pm UK time 18th January 2011 that will discuss how a user-centric approach will help them to reap the benefits of cloud-based applications and safeguard the security of their valuable data. To register for the webinar, click here.

Consumerisation is a challenge for IT managers. Is the smartphone to blame?

| No Comments | No TrackBacks
| More
Smartphone use and security was debated by a panel I ran at the Infosecurity Europe exhibition's press conference in London the other day. It was an interesting debate - see more here

Nigel Stanley
Practice Leader, Security
Bloor Research

Are Smartphone users more dippy than most?

| No Comments | No TrackBacks
| More
....recent reports from Trusteer would suggest so. After gaining access to web server logs from phishing sites they found that;

  • Mobile users are the first to arrive at phishing sites
  • Mobile users accessing phishing websites are three times more likely to submit their login info than desktop PC users
  • Eight times more iPhone users accessed these phishing websites than Blackberry users
Interesting possible reasons why, ranging from smartphone users having a different cultural attitude to phishing emails through to issues around the smaller screen real estate not able to give as many hints that an email may be a phishing attack.

More here.

Nigel Stanley
Practice Leader - Security, Bloor Research

About Archives

This page contains links to all the archived content.

Find recent content on the main index.

-- Advertisement --