Tag Archives: Mobility

Seven Security Risks from Consumer-Grade File Sync Services

[The following is courtesy of Anchor - an eFolder company and a VirtualQube partner.]

Consumer-grade file sync solutions (referred to hereafter as “CGFS solutions” to conserve electrons) pose many challenges to businesses that care about control and visibility over company data. You may think that you have nothing to worry about in this area, but the odds are that if you have not provided your employees with an approved business-grade solution, you have multiple people using multiple file sync solutions that you don’t even know about. Here’s why that’s a problem:

  1. Data theft - Most of the problems with CGFS solutions emanate from a lack of oversight. Business owners are not privy to when an instance is installed, and are unable to control which employee devices can or cannot sync with a corporate PC. Use of CFGS solutions can open the door to company data being synced (without approval) across personal devices. These personal devices, which accompany employees on public transit, at coffee shops, and with friends, exponentially increase the chance of data being stolen or shared with the wrong parties.
  2. Data loss - Lacking visibility over the movement of files or file versions across end-points, CFGS solutions improperly backup (or do not backup at all) files that were modified on an employee device. If an end-point is compromised or lost, this lack of visibility can result in the inability to restore the most current version of a file…or any version for that matter.
  3. Corrupted data - In a study by CERN, silent data corruption was observed in 1 out of every 1500 files. While many businesses trust their cloud solution providers to make sure that stored data maintains its integrity year after year, most CGFS solutions don’t implement data integrity assurance systems to ensure that any bit-rot or corrupted data is replaced with a redundant copy of the original.
  4. Lawsuits - CGFS solutions give carte blanche power to end-users over the ability to permanently delete and share files. This can result in the permanent loss of critical business documents as well as the sharing of confidential information that can break privacy agreements in place with clients and third-parties.
  5. Compliance violations - Since CGFS solutions have loose (or non-existent) file retention and file access controls, you could be setting yourself up for a compliance violation. Many compliance policies require that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict controls over how long files are kept and who can access them.
  6. Loss of accountability - Without detailed reports and alerts over system-level activity, CGFS solutions can result in loss of accountability over changes to user accounts, organizations, passwords, and other entities. If a malicious admin gains access to the system, hundreds of hours of configuration time can be undone if no alerting system is in place to notify other admins of these changes.
  7. Loss of file access - Consumer-grade solutions don’t track which users and machines touched a file and at which times. This can be a big problem if you’re trying to determine the events leading up to a file’s creation, modification, or deletion. Additionally, many solutions track and associate a small set of file events which can result in a broken access trail if a file is renamed, for example.

Consumer-grade file sync solutions pose many challenges to businesses that care about control and visibility over company data. Allowing employees to utilize CFGS solutions can lead to massive data leaks and security breaches.

Many companies have formal policies or discourage employees from using their own accounts. But while blacklisting common CFGS solutions may curtail the security risks in the short term, employees will ultimately find ways to get around company firewalls and restrictive policies that they feel interfere with their productivity.

The best way for business to handle this is to deploy a company-approved application that will allow IT to control the data, yet grants employees the access and functionality they feel they need to be productive.

The Year of Mobile Computing: BYOD Trends to Expect in 2015

Guest post by Jennifer Birch

Photo Credit: Dennis Callahan via Compfight cc

As people become more mobile reliant, the trend toward “bring your own device” (BYOD) becomes more common in today’s highly technologically dependent world. In fact, Gartner research revealed that 50 percent of companies will require their staff to use their own devices for work purposes in 2017. “The benefits of BYOD include creating new mobile workforce opportunities, increasing employee satisfaction, and reducing or avoiding costs,” according to Gartner vice president David Willis.

With the continuous demand for mobile computing in the business sector, it’s important to know what’s next in this sector. In this post, let’s introduce you to the top BYOD trends to watch out for this year.

More Mobile Security Apps
Security will remain as the main concern that slows the widespread growth of mobile computing in the office. However, as the famous saying goes, “there’s always an app for that.” A mobile security application is one of the most important apps that each gadget owner should acquire. For companies, one of the major concerns is the safety of their servers and crucial business information that can be hacked easily, given that these devices can easily be stolen and accessed by anyone remotely. It’s best to follow some of the common tips for mobile data security such as installing security apps, deleting cache and history, and turning on the device’s access pin code system. [Editor's note: Mobile Device Management systems such as Citrix XenMobile can offer organizations ways to enforce security policies, even on employee-owned devices.]

Rise of Wearables
Some of the much-awaited devices this year are in the form of wearables, particularly smart headsets such as Google Glass. Through its potential to provide augmented and virtual reality technologies, various industries are given the opportunity to work remotely, maximize innovative solutions, and acquire real-time data right at their eyes. “It [smartglasses] could provide access to repair manuals and larger schematics, helping engineers, technicians and architects to make more informed, quicker decisions,” Steve Pluta wrote in the news section of O2. As smartwatches have become powerful as well (with their ability to be standalone devices), it is not impossible that these gadgets will also be included in the next wave of BYOD technologies.

High mTech Demands by Employees
As stated previously, there will be an increase in the number of companies requiring their employees to use their own smartphones and tablets to work remotely. However, demand coming from their staff will also be apparent, such as the following:

  • The option to choose their own type of gadget.
  • Demand for a 4G connection.
  • Free access to work-related apps.
  • Pre-installed Cloud apps (such as Dropbox or iCloud), access to company Web site, and more.

Tracking Tools to Monitor Mobile Usage
Since there will be widespread adoption of mobile devices in the office, businesses will then have to control and monitor their usage. With the help of analytics tools, companies will have concrete insight into the content that their employees are accessing. Some may regard this action as a way to control their employees, limiting the activities they can partake of using their gadgets. However, experts say that applying a mobile monitoring tool must be discussed openly with colleagues to avoid any hurdle in the process.

BYOD has completely revolutionized the business sector, with its various advantages in terms of faster computing processes. Although security will remain to be of the utmost concern to most companies in making the shift to mobile processing, it will continue to grow as more devices are being produced that are focused on making work more efficient and cost-effective. What trend are you expecting to come up in BYOD this year?

Exclusive for VirtualQube

NOTE: VirtualQube welcomes the submission of guest posts on topics related to our own subject matter. The opinions expressed by the authors of guest posts are their own and do not necessarily represent the opinions of VirtualQube. VirtualQube also reserves the right to decline to publish submissions that we feel are not appropriate for our site.

Where Did My Document Go?

It is axiomatic that many of us (perhaps most of us) don’t worry about backing up our PCs until we have a hard drive crash and lose valuable information. This is typically more of a problem with personal PCs than it is with business systems, because businesses usually go to great lengths to make sure that critical data is being backed up. (You are doing that, right? RIGHT? Of course you are. And, of course, you also have a plan for getting a copy of your most critical business data out of your office to a secure off-site location for disaster recovery purposes. Enough said about that.)

So, with business systems, the biggest challenge is making sure that users are saving files to the right place, so the backup routines can back up the file. If users are saving things to their “My Documents” folder, and you’re not redirecting “My Documents” to a network folder on a server, you’ve got a big potential problem brewing. Ditto if people are saving things to their Windows Desktop, which is possibly the worst place to save things that you care about keeping.

But there’s an even more fundamental thing to remember, and to communicate to our users: The best, most comprehensive backup strategy in the world won’t save you if you forget to save your work in the first place! Even in our Hosted Private Cloud environment, where we go to great lengths to back up your data and replicate it between geo-redundant data centers, there’s not much we can do if you don’t save it.

Just as many of us have learned a painful lesson about backing up our data by having lost it, many of us have also had that sinking feeling of accidentally closing a document without saving it, or having the PC shut down due to a power interruption, and realizing that we just lost hours of work.

Microsoft has built an Autorecovery option into the Office apps in an attempt to save us from ourselves. Within, say, Word, go to “File / Options / Save,” and you should see this:

That’s where you set how often your working document will be automatically saved, as well as the location. But be aware that Autorecovery works really well…until it doesn’t. A Google search on the string “Word autorecovery didn’t save” returned roughly 21,000 results. That doesn’t mean you shouldn’t leverage Autorecovery - you certainly should. But take a look at the Word “Help” entry on Autorecovery:

Notice the text that I’ve circled in red? It says “IMPORTANT The Save button is still your best friend. To be sure you don’t lose your latest work, click Save (or press Ctrl+S) often.” Bottom line: Autorecovery may save your backside at some point…or it may not. And corporate backup routines certainly won’t rescue you if you don’t save your work. So save early and often.

And if you’re a mobile user who frequently works while disconnected from the corporate network, it’s a good idea to save your files in multiple locations. Both Microsoft (OneDrive) and Google (Google Drive) will give you 15 Gb of free on-line storage. And if it’s too much trouble to remember to manually save (or copy) your files to more than one location, there are a variety of ways - including VirtualQube’s “follow-me data” service - to set up a folder on your PC or laptop that automatically synchronizes with a folder in the cloud whenever you’re connected to the Internet. You just have to remember to save things to that folder.

You just have to remember to save things, period. Did we mention saving your work early and often? Yeah. Save early and often. It’s the best habit you can develop to protect yourself against data loss.

Are the Advantages of BYOD Worth the Security Risks?

Check Point Software recently released their Third Annual Mobile Security Survey, highlighting the impact of mobile devices on IT security. They surveyed more than 700 IT and security professionals in the U.S., Canada, Germany, the U.K., Australia, and New Zealand, and the respondents were spread fairly evenly across the spectrum of business sizes, with the largest segment (29%) coming from businesses with between 100 and 1,000 employees.

Here are some of their key findings (quoted from the site linked above):

  • The Greatest Threat Resides Within Your Organization – 87 percent of surveyed professionals believed that the greater security threat to mobile devices were careless employees. Nearly two-thirds of the respondents believed that recent high-profile breaches of customer data were likely due to employee carelessness.
  • Proliferate Use of Personal Mobile Devices on the Corporate Network – Despite careless employees as the weakest link into businesses, 91% of IT professionals saw an increase in the number of personal mobile devices connecting to their networks over the past two years. In 2014, 56% of those surveyed managed business data on employee-owned devices, up from 37% in 2013.
  • Mobile Security Incidents Expected to Rise – 2015 is shaping up to be a risky year, according to those surveyed. Of the security professionals surveyed this year, 82% expect the number of security incidents to grow in 2015. Additionally, nearly all of the respondents (98%) expressed their concern about the impact of a mobile security incident, with the greatest concern being the potential for lost and stolen information.
  • Cost of Mobile Security Incidents Continue to Rise – 2014 saw an increase in remediation costs for mobile security incidents. Of the IT executives surveyed, 42% noted that mobile security incidents cost their organizations more than $250,000.

Consider some additional trend data:

  • Computerworld predicts that BYOD smartphones will continue to grow at roughly a 30% CAGR through 2017 – from only 88 million two years ago to 328 million in 2017.
  • Rapid7 quotes a Cisco prediction that by 2016 there will be 1.62 billion mobile devices (of all kinds) in the workplace. They also state that more than 80% of the mobile devices in the workplace today are employee-owned.
  • Over a year ago (back in May, 2013), Gartner predicted, based on a global survey of CIOs, that, by 2017, more than half of companies will require their employees to supply their own mobile devices.

So let’s recap: 98% of the Check Point respondents were concerned about the impact of mobile security incidents on their businesses, 42% said that such incidents had already cost their businesses more than a quarter of a million dollars, 82% expect the number of security incidents to grow in 2015. Yet nearly all have seen an increase in the number of personal mobile devices connecting to their networks over the past two years, and, by all indications, the BYOD trend will continue and, if anything accelerate. Which brings up two obvious questions: (1) If BYOD is such a security risk, why are businesses overwhelmingly moving in that direction? And (2) What can a business do to leverage the benefits of BYOD while still limiting the exposure to security risks? Let’s look at these two questions…


  • It reduces the business’ capital outlay for mobile devices. Even in cases where businesses give their employees a cash allowance to purchase the mobile device of their choice, the company generally saves money in the long run by not being responsible for the maintenance and repair of an employee-owned device.
  • Employees are more productive when working on their preferred device. Someone who has been using an iPhone for years isn’t going to be happy about being handed a company-owned BlackBerry device. A Mac user isn’t going to want to deal with a company-owned Windows laptop – and vice versa. Younger workers in particular, who have grown up with technology, want to use what they’re accustomed to using, and will be more productive if allowed to do that.
  • Employees who use mobile devices for both work and personal matters tend to put in more hours per year – some surveys suggest as many as 240 more hours per year – than those who do not.
  • Given the above, business who do not implement BYOD may find themselves at a competitive disadvantage.

How to Do BYOD Safely
First of all, more and more organizations are implementing some form of mobile device management (MDM). According to the Check Point survey, 56% of organizations were managing the business data that exists on personal devices, up from 37% in 2013. There are numerous MDM products on the market, but I would suggest that managing the mobile device itself is only part of the problem. A complete solution would also include mobile application management (MAM) - some mechanism to deploy secure applications to a mobile device…applications that would be “sandboxed” away from an employee’s personal applications, such that the data accessed by those applications would be isolated from the personal applications, and information could not be copy/pasted from a secure application into a personal application. It would also be nice if the organization could selectively wipe the secure applications and associated data from a mobile device while leaving the employee’s personal data and applications untouched. Citrix XenMobile Enterprise is such a solution, and the following 16 minute video does a great job of demonstrating the XenMobile Enterprise user experience:

And, of course, if your users need access to full-blown Windows applications, not just mobile apps, they can securely access those applications via Citrix XenApp or XenDesktop, as we’ve been doing for years.

Bottom line: BYOD is here to stay. Businesses are increasingly turning to BYOD because of its advantages, even though they recognize that it brings with it significant security risks. It is, however, possible to gain the advantages of BYOD without compromising the security of your company data, and VirtualQube, by virtue of our longstanding partnership with Citrix, can help.

I’m Just a Windows Phone Guy

My Windows Phone 7

Sid's Windows Phone 7

I’ve used Windows Mobile phones ever since we formed Moose Logic v2. My first one was a rather clunky (by today’s standards) Pocket PC version. Then I moved to Windows Mobile 5.x. When that phone finally died, I switched to an AT&T Tilt running Windows Mobile 6.0. Then, a year or so ago, I got my wife a Tilt 2 with WinMobile 6.5, and started suffering a little bit of device envy. I was eligible for an upgrade, and I thought about going to the Tilt 2, but I knew that Windows Phone 7 was coming, so I held off.

Last fall, I actually went as far as jailbreaking my Tilt, and installing a third-party ROM that would let me run 6.5. It wasn’t bad - in fact it was better than 6.0 - but 6.5 was designed for a screen a little bit bigger than I had on my Tilt, so some things were a little clunky.

Several of my colleagues here at the Moose have gone down the iPhone road - but I’m used to having a slide-out keyboard, and I didn’t want to give that up…plus there were a few things I was reading about WinPhone7 that I found really attractive. So I waited until the LG model, with its slide-out keyboard, was available.

I’ve had my LG for a couple of months now, and I’ve got to say that I really like it. The negative things I’ve read about WinPhone7 don’t bother me at all. No slot for an SD expansion card? Come on! It’s got 16 Gb of flash built in - which is 8 times as much as I had before. I don’t spend time downloading movies to watch on my phone, so I doubt very seriously whether I’m going to run out of memory before the phone reaches the end of its useful life. No cut/paste from the apps? Yawn. How often do you really need to use that in the real world? If you consider that a must-have, so be it…but I don’t know that I’ve ever used it, and don’t miss having it.

The app store isn’t as big as Apple’s, but it’s big enough that I was able to find everything that I needed. The only app that I’d really like to see that isn’t available yet is a Citrix Receiver app - and that’s not Microsoft’s fault (I don’t think…).

So what, you may ask, do I like so much about it?

First, I found the interface to be intuitive and easy to learn.

The tiles on the home screen are large and easy to use. Flick to the left, and you can view the list of all of the apps on the phone. Any app in that list can be pinned as a tile on the home screen if you wish, and the tiles can be re-ordered at will.

Notice the two Outlook instances circled in the picture? That’s one of the things I really like about the phone - it can synchronize with more than one Exchange Server. I run a Windows 2003 Small Business Server at home, at the heart of my home network, and it hosts my personal email domain. We run Exchange 2010 here in Moose Land. My phone syncs with both accounts, yet allows me to access them individually, so I can easily choose which account I’m sending from when I compose a message. You can’t see it in the picture, but there’s a tile for my gmail account, too - I just have to scroll down a bit to get to it.

Social media is built in, and well integrated. That tile in the upper right of the home screen is the “People” tile, and takes me to a screen where I can easily switch between my contact list and my Facebook feed. The contact list is integrated - it pulls from both of my Outlook accounts and my Facebook account, and for contacts who are also Facebook friends, it automatically pulls their Facebook profile pic and associates it with their contact record.

I’ve found the GPS to be more sensitive and reliable than the GPS in my old Tilt. It seems to have no problem at all syncing up with satellites in locations where the Tilt would take minutes on end, and sometimes fail with the annoying “move to another location and try again” message. I’m looking forward to trying it out this summer on backcountry hikes, using the “Outdoor Trekker” app that I found. This app will display your actual latitude and longitude, allow you to set waypoints that it can then help you find your way back to, and keep track of your total mileage covered and both your total elapsed time and the time you spent actually moving. If it can see enough satellites, it will even keep track of your altitude, which will be really useful when I’m gasping for breath and wondering how much higher I have to go before I finally get to the top of Mt. Dickerman (which is definitely on the hiking schedule for this summer).

Since there was a free Kindle reader app available, I tried it out. It was very readable, and easy to use - and being the insatiable reader that I am, I expect that I’ll use that app a lot.

Don’t get me wrong - if the iPhone had a slide-out keyboard option, I would have been sorely tempted to join my colleagues on the iPhone bandwagon. I also know several people who love their Android phones (mostly very technical people who love the myriad ways you can customize it). I also know some not-quite-so-technical business people who get frustrated because it takes so many steps on their Android to do something that should be way easier to do, and because of issues like having a completely separate contact database for the “Nitro” Exchange sync client.

I guess I’m just a Windows Phone guy at heart. My LG does everything I need it to do, and does it very well. I’d really like to see a Citrix Receiver for it, but let’s face it, actually accessing a remote desktop or application on a tiny smart phone screen is not something anyone is going to want to spend a lot of time doing.

I welcome your comments and questions…just be nice to one another, please.