SharePoint Conference 2014 – see you at booth 641

SPC 2014 Image

Great to be back in Las Vegas for SPC14. Microsoft does an incredible job with this conference. This year’s keynote is President Bill Clinton. I hear he’s an avid SharePoint user. 🙂

SharePoint needs to move and travel with you. Link for SharePoint has two views which users love:

  • SharePoint desktop view, fully interactive – everything which you can do at your desktop, you can do on mobile. Perfect on a tablet.
  • SharePoint App – use when you are on the go and need quick, small screen access to vital files and lists.

With Link, you can save docs for encrypted offline access, then review and edit them later.

Use SharePoint on your schedule, with the device that is most convenient for you.

In addition, in the encrypted Link container you have access to:

  • Outlook
  • Office Web Apps, including Word, Excel, PowerPoint, OneNote
  • Office 365
  • Enterprise Content Management
  • Any application on your intranet via our secure browser

Want to write mobile web apps and secure them in our container? The Link HTML5 SDK is for you.

If you have not seen our Link SharePoint solution, this is the perfect opportunity.

We’ll be happy to show you Link at booth 641.

– Maureen

2014 – The Year That Secure Containers Meet the Test

We saw a big shift in the “management” aspect of enterprise mobility during 2013. Early in the year industry leaders started to recognize that Mobile Device Management (MDM) was not going to get the enterprise mobility job done. “Securing corporate data”, which is our approach, became recognized as the real goal. It is the corporate data that matters and not the device. Ideally, data security should be independent of the device. The secure container approach became widely discussed. Customers started to request containerization. The container approach became so important that MDM technology providers started sprouting secure containers nearly overnight.

The truth is that few of these emerging containers is secure for enterprises. Of primary importance in building a secure container are: a) the encryption keys used to protect the data, b) the algorithms used for encryption, and c) the infrastructure used to implement the data encryption.

Our secure Link Container implements all of these critical factors. The Container is robust to compromise and implements all critical security functionality independent of the operating system. Your data remains encrypted even on a “jailbroken” or “rooted” device.

Our popular whitepaper, “Securing Corporate Data,” is a terrific educational paper outlining what you should know about securing sensitive corporate data on endpoints. You can download the paper here.

Our goal is to make it simple for your employees to be productive on any platform.
But first and foremost your data must be and must remain secure.

From everyone at Mobile Helix, we wish you a very happy and healthy new year!

How Secure is your Container? Are all Secure Containers are Created Equal?

The secure container approach to enterprise mobility is becoming increasingly common. With each passing month, the number of companies claiming to offer some form of secure container is expanding. The approach remains new however, and there are critical attributes of a truly secure container that must be present for this powerful approach is to deliver all of its benefits. How secure is your container? Are all secure containers created equal?

To recap briefly, the goal of a secure container is unimpeded enterprise productivity on personally owned mobile devices, all without security compromises. The container creates a separate secure environment that protects sensitive corporate data and applications under all circumstances. IT keeps full control of corporate data – who can access it, where it can go, what can be done with it. IT has an accurate trace and an audit available so that corporate data can be tracked and IT knows where corporate information has gone. Yet the device remains personal. The user is free to use the rest of their device as they wish when they aren’t working.

Container security starts with robust encryption. This creates an impermeable barrier that separates sensitive corporate data and applications from everything else. To achieve this, the encryption must be strong and must be fully device independent. It must not rely on device security capabilities like the native encryption, key generation and credentials (eg. pincode) or any other device attribute in any way. Otherwise, should a device be jailbroken, rooted or otherwise compromised, the native encryption is immediately worthless. In addition, it is critical that security and security processes remain in the control of IT and not be outsourced to third parties – like mobile operating system developers. This is important, and it is not true in most cases.

The container must be provisioned and managed seamlessly by IT and it must also be available for all of the device operating systems in use by employees. It must be simple, quick and easy to download, install and provision making it completely self-service to users. The reality for any busy person is that they desire to access the information they need to be productive on whatever device they have nearby that is most convenient for them. This is only possible with the most secure of containers installed or readily available.

Despite the flexibility for the user, IT must have full control of the corporate data and corporate apps on the device. This includes who can access what and on what devices, and ensuring that corporate data can be selectively deleted immediately should a device be lost or stolen or when an employee decides to leave the company. Otherwise, sensitive data can walk out the door without restrictions or an audit trail.

The container must be the single point of access for all productivity tools and actions on the mobile devices. This ensures a full audit trail is available of all interactions between the container and the corporate data.

If done right, the secure container approach delivers unimpeded mobile productivity. It ensures that sensitive corporate data is easily accessible to those who are authorized to access it, though the data remains fully protected and under IT’s control on any device irrespective of the device, its condition, and what else is installed.

Clearly, containers are not created equal. Features and architectures vary. Link’s foundation is unsurpassed security. The encryption code for our secure container is written in native code. It does not use the native OS security API. Our container remains secure even on a rooted or jail-broken device. There is more to our secure container offering, including full endpoint administration, role-based access and analytics.

We encourage you to take a critical look at Link. Please let us know if you would like to learn more about the reality of unimpeded productivity with unparalleled security. We would be happy to help.

– Matt

Turning Enterprise Security on its Head…

A data centric rather than device centric security model turns IT security on its head but it leaves the enterprise more secure and it is also more realistic and simpler to deploy and support.

We have talked about devices being treated as “tools” for employees and not IT infrastructure. That is a radical shift in thinking. A related concept that we also firmly believe is that security must focus on enterprise data and not devices. This concept is another radical shift in IT thinking.

Device security currently focuses on securing the endpoint or device. These device centric models are flawed because:

• As soon as the device is compromised, the enterprise network is exposed as well as data on the device and back in the network (see jailbreak discussion below).
• Endpoint based security creates separate architectures that become increasingly complex and unwieldy (for both mobile and fixed access) with increasing layers of solutions needed to be added to plug the next gap in the model (VPN, Anti-Virus, Firewall, MDM, MAM, etc).
• Increasingly the device may not be owned by the enterprise, applying IT security policies to personal devices is fraught with issues and ultimately does not work.

A data centric approach focuses on the actual enterprise data and–or applications. The model focuses on sensitive corporate data and creates a robust encryption barrier surrounding that data, both at rest and in transit. Data is protected regardless of the device operating system or device state (e.g., rooted/jailbroken, protected with a device management policy or not, etc.).

The model also aligns well with personally owned devices/BOYD because IT only looks to secure and control its own “assets” – the enterprise data and-or the enterprise apps. This is a much more collaborative and reasonable position to pitch to employees whose support is critical for success.

A data centric security model adheres to a few essential principals:

• All data must be encrypted, in transit and at rest, and all encryption keys must be generated from strong credentials that are device independent.
• All encryption technology is implemented independent of the underlying device platform, ensuring that attacks on the OS don’t compromise the app/data.
• All sessions must be authenticated with strong credentials, and IT must be able to implement secure session management policies.
• All communications must be verified, end-to-end, precluding the possibility of unauthorized proxy access along the way.
• IT must have the tools available to implement the principle of least privilege. Data should be available to mobile employees who have a legitimate business case for using that data on a mobile device, and it should only be available under the circumstances (online/offline, location) justified by that business case.

To learn more:

• Please Join our Webinar with Maribel Lopez of Lopez Research on the 30th July.
• Our whitepaper on “Securing Corporate Data” goes into a lot more detail. Please click here to download the paper.

— Matt

The Myths of Mobile Jailbreaking…

Ever since the beginning of the mobile revolution, device manufacturers and telecom carriers have sought very tight control of the terminals.

On the one hand, phone manufacturers argue that built-in safety measures such as encryption and restricted access to sensitive APIs are the only way to ensure the integrity of the software (including the firmware, the OS, and the apps running on top of the OS) and the privacy of its users. Carriers are also worried that rogue devices may be able to connect to their networks with unknown consequences.

On the other hand, hackers and free software advocates have been able to circumvent the security measures in the OS of these mobile devices. Finding and exploiting vulnerabilities in the OS to gain control of the terminal is often referred to as jailbreaking or rooting. Jailbreaking/rooting a device can have legitimate reasons: some users argue that they should be able to install any software on a device they own or get rid of the apps bundled by the carrier or phone manufacturer. For instance, a popular firmware like CyanogenMod for Android requires the device to be rooted prior to installation. Obviously, jailbreaking can also be used to commit fraud or crime: for instance, install a Trojan or key logger on a device, breach the security of a corporate network or remove the tracking function from a stolen device.

This tug-of-war has been going on for a while now and shows no sign of slowing down: hackers find a new vulnerability to exploit; security experts detect and analyze the exploit then issue a patch … until the next exploit surfaces. This situation is very similar to what has been happening in the software industry for years between virus writers and security experts.

Three major reasons explain this never-ending game of whack-a-mole. First, the size of the code of a typical OS (millions of lines of code) and the constant need for new releases means that there are always bugs that can be exploited. Second, there is always a delay between the active exploitation of a software vulnerability and the discovery/patch of this vulnerability by security experts. Finally, there is no bulletproof method to detect that a device has been rooted.

Generally speaking, the detection methods for rooting rely on finding specific fingerprints left behind by known programs that are used to root a device. The issue here is that these fingerprints change potentially with every version of the exploiting program, and sophisticated hackers can fool the detection program and hide these specific signatures altogether. In this respect, jailbreak and root detection is no different from anti-virus, and as we have seen in the World of anti-virus the protection always lags the exploit, and it is often available only after the damage has been done.

So, what does it all mean? For mobile developers, it means that they cannot make the assumption that the underlying OS they rely on to communicate with the device is not jailbroken/rooted.

With the growing realization that what needs to be secured is the data, not the device, the mobile industry is turning to secure containers to isolate the mobile apps from the (possibly compromised) OS. This reality is especially important as the BYOD movement is gathering steam in many industries rendering device wide security policies hard to implement.

While in theory, a container may be rooted as well, it is a lot less likely since the size and complexity of the code (the attack area) is much smaller than that of a typical OS and the code is usually very stable in time. Of course, a secure container is only a piece of a wider end-to-end secure delivery system, but it is an essential piece that must be designed and implemented with care. Particular care must be taken to ensure that attacks directed at the runtime system of the OS (e.g., the Dalvik VM) do not compromise sensitive functionality like encryption. While this places a higher burden on the container developer, when devices are handling sensitive data IT and end users should expect nothing less.

Find out how the Link solution can help you secure data and applications even on potentially jailbroken/rooted devices here.

– Frederic