Category Archives: Security

eDiscovery Part 3 – Email Discovery Hold in Microsoft Exchange

This is the third in our series of blog posts on eDiscovery, containing video excerpts from the presentation we made on September 26 at the O365 Nation Fall Conference held in Redmond. Part 1 dealt with the lifecycle of an Exchange email message, what the “Recoverable Items” folder is all about, and the role of the “Single Item Recovery” feature in Microsoft Exchange. Part 2 discussed PST files – why you may not want people using them, how to prevent their use, and why the archiving function that is built into Exchange 2010 and 2013 is a better option.

In this segment, we dive into discovery hold, and talk about the different kinds of discovery hold available in Exchange 2013, how they work, and how they differ from what was available in Exchange 2010.

Wait – Support for WHAT is ending WHEN?

You may have already heard rumblings about support for Windows 7 and Windows Server 2008 (and 2008 R2) ending in January. It’s true that mainstream support for those products ends January 15, 2015, but extended support will continue for another five years – so there is no need to panic. Here’s a helpful Microsoft graphic that clarifies the difference in the support phases:

Microsoft support phases

So the most critical thing we need – security updates – we will continue to get, and if you really get into a jam, pay-per-incident support will still be available.

What this really means, particularly for the desktop side of things, is that it’s time to start seriously thinking about what comes next. No one but the purveyors of malware will benefit if we have another struggle like we did with Windows XP (“You can upgrade my Windows XP system when you pry it from my cold, dead hands!”). Yes, it was a great O.S., arguably the best that Microsoft had produced at the time, and maybe, just maybe, even better than Vista – although I’m not entirely ready to concede that. (I liked Vista – I was just annoyed by the lack of device drivers when it was released.) But Windows 7 was clearly a superior Operating System, and the resistance to change finally reached the point where it was just silly. Heck, as recently as last month, Windows XP still had a 17% market share, according to Net Applications, and that’s just crazy from a security perspective.

I’m cautiously optimistic that Windows 10 (what the heck happened to Windows 9, by the way?) will be Microsoft’s next great desktop O.S. I ran Windows 8 for quite a while, and I’m now running Windows 8.1, but I’m also running Start8 from Stardock Software, which gives me back some of the features whose absence in Windows 8.x I found most annoying. It sounds like Windows 10 may, out of the box, do the things that Windows 8.x only did with the addition of third party utilities. That may not be good news for the makers of those third party utilities, but it’s an indication that Microsoft understands that they missed the mark and plans to address those issues. So, if I was a desktop admin for a sizable company, I’d be all over the early releases of Windows 10 and already starting to plan how I’m going to transition to it, if it’s as good as it appears it may be.

On the server side, there’s no reason not to deploy Windows 2012 R2 on any new servers you’re installing these days. It’s a fine O.S., it’s stable, it’s secure. You may as well start getting your feet wet, if you haven’t already.

Bottom line: plan, don’t panic. Start planning now. Don’t repeat the Windows XP saga.

Are the Advantages of BYOD Worth the Security Risks?

Check Point Software recently released their Third Annual Mobile Security Survey, highlighting the impact of mobile devices on IT security. They surveyed more than 700 IT and security professionals in the U.S., Canada, Germany, the U.K., Australia, and New Zealand, and the respondents were spread fairly evenly across the spectrum of business sizes, with the largest segment (29%) coming from businesses with between 100 and 1,000 employees.

Here are some of their key findings (quoted from the site linked above):

  • The Greatest Threat Resides Within Your Organization – 87 percent of surveyed professionals believed that the greater security threat to mobile devices were careless employees. Nearly two-thirds of the respondents believed that recent high-profile breaches of customer data were likely due to employee carelessness.
  • Proliferate Use of Personal Mobile Devices on the Corporate Network – Despite careless employees as the weakest link into businesses, 91% of IT professionals saw an increase in the number of personal mobile devices connecting to their networks over the past two years. In 2014, 56% of those surveyed managed business data on employee-owned devices, up from 37% in 2013.
  • Mobile Security Incidents Expected to Rise – 2015 is shaping up to be a risky year, according to those surveyed. Of the security professionals surveyed this year, 82% expect the number of security incidents to grow in 2015. Additionally, nearly all of the respondents (98%) expressed their concern about the impact of a mobile security incident, with the greatest concern being the potential for lost and stolen information.
  • Cost of Mobile Security Incidents Continue to Rise – 2014 saw an increase in remediation costs for mobile security incidents. Of the IT executives surveyed, 42% noted that mobile security incidents cost their organizations more than $250,000.

Consider some additional trend data:

  • Computerworld predicts that BYOD smartphones will continue to grow at roughly a 30% CAGR through 2017 – from only 88 million two years ago to 328 million in 2017.
  • Rapid7 quotes a Cisco prediction that by 2016 there will be 1.62 billion mobile devices (of all kinds) in the workplace. They also state that more than 80% of the mobile devices in the workplace today are employee-owned.
  • Over a year ago (back in May, 2013), Gartner predicted, based on a global survey of CIOs, that, by 2017, more than half of companies will require their employees to supply their own mobile devices.

So let’s recap: 98% of the Check Point respondents were concerned about the impact of mobile security incidents on their businesses, 42% said that such incidents had already cost their businesses more than a quarter of a million dollars, 82% expect the number of security incidents to grow in 2015. Yet nearly all have seen an increase in the number of personal mobile devices connecting to their networks over the past two years, and, by all indications, the BYOD trend will continue and, if anything accelerate. Which brings up two obvious questions: (1) If BYOD is such a security risk, why are businesses overwhelmingly moving in that direction? And (2) What can a business do to leverage the benefits of BYOD while still limiting the exposure to security risks? Let’s look at these two questions…

Why BYOD?

  • It reduces the business’ capital outlay for mobile devices. Even in cases where businesses give their employees a cash allowance to purchase the mobile device of their choice, the company generally saves money in the long run by not being responsible for the maintenance and repair of an employee-owned device.
  • Employees are more productive when working on their preferred device. Someone who has been using an iPhone for years isn’t going to be happy about being handed a company-owned BlackBerry device. A Mac user isn’t going to want to deal with a company-owned Windows laptop – and vice versa. Younger workers in particular, who have grown up with technology, want to use what they’re accustomed to using, and will be more productive if allowed to do that.
  • Employees who use mobile devices for both work and personal matters tend to put in more hours per year – some surveys suggest as many as 240 more hours per year – than those who do not.
  • Given the above, business who do not implement BYOD may find themselves at a competitive disadvantage.

How to Do BYOD Safely
First of all, more and more organizations are implementing some form of mobile device management (MDM). According to the Check Point survey, 56% of organizations were managing the business data that exists on personal devices, up from 37% in 2013. There are numerous MDM products on the market, but I would suggest that managing the mobile device itself is only part of the problem. A complete solution would also include mobile application management (MAM) – some mechanism to deploy secure applications to a mobile device…applications that would be “sandboxed” away from an employee’s personal applications, such that the data accessed by those applications would be isolated from the personal applications, and information could not be copy/pasted from a secure application into a personal application. It would also be nice if the organization could selectively wipe the secure applications and associated data from a mobile device while leaving the employee’s personal data and applications untouched. Citrix XenMobile Enterprise is such a solution, and the following 16 minute video does a great job of demonstrating the XenMobile Enterprise user experience:

And, of course, if your users need access to full-blown Windows applications, not just mobile apps, they can securely access those applications via Citrix XenApp or XenDesktop, as we’ve been doing for years.

Bottom line: BYOD is here to stay. Businesses are increasingly turning to BYOD because of its advantages, even though they recognize that it brings with it significant security risks. It is, however, possible to gain the advantages of BYOD without compromising the security of your company data, and VirtualQube, by virtue of our longstanding partnership with Citrix, can help.

eDiscovery Part 2 – PST Files vs. Exchange Archiving

This is the second in a series of blog posts on eDiscovery, which will include video excerpts from the presentation we made at the O365 Nation Fall Conference held in Redmond last month. In Part 1 of this series, we discussed the lifecycle of an Exchange email message, what the “Recoverable Items” folder is all about, and the role of the “Single Item Recovery” feature in Microsoft Exchange.

In this segment, we discuss PST files – why you may not want people using them, how to prevent their use, and the archiving functionality that is built into Exchange 2010 and 2013 and why it’s a better option.

eDiscovery Part 1 – Lifecycle of an Email Message

Last Friday, September 26, VirtualQube was invited to present at the O365 Nation fall conference in Redmond on the subject of eDiscovery and Organizational Search in Microsoft Office. O365 Nation is a new organization created by our long-time friend Harry Brelsford, the founder of SMB Nation, and, as you might expect, most of the content at the conference was related to Office 365. However, since the eDiscovery and Search tools in question are built into Exchange, SharePoint, and Lync, the subject matter of our presentation is equally applicable to on premises deployments of these products.

This is the first of a series of blog posts on this topic, which will include video excerpts from the presentation.

It is important to note that the Microsoft tools discussed here only cover a portion of the Electronically Stored Information (“ESI”) that an organization may be required to produce as part of a discovery action. ESI can include Web content, social media content, videos, voice mails, etc., in addition to the information contained in email and Lync messages, and SharePoint content. The primary purpose of these tools is to enable you to preserve email, Lync, and SharePoint content in its original form, perform integrated searches across all three platforms – plus file shares that are being indexed by SharePoint, and export the results in an industry-standard format that can be ingested into third-party eDiscovery tools for further processing.

Since, by sheer volume, email is likely to be the largest component an organization will have to deal with, this series will begin with a discussion of the lifecycle of an email message in Microsoft Exchange – specifically, what happens to an email message when the user’s “Deleted Items” folder is emptied, and how we can insure that if a user attempts to modify an existing message, a copy of that message in its original form is preserved.