NitroDesk becomes part of Symantec

 

We have wonderful news to share!!  NitroDesk is now a part of Symantec, the global leader in security infrastructure and device management, and we couldn’t be more thrilled to share all of the wonderful assets Symantec has to offer. What does this mean to you, our wonderful customers?  Initially, the NitroDesk product experience will remain as it has been – we promise we’ll let you know once there is any product migration. Your NitroDesk support gurus are still here, and will continue to be available to you for any technical support questions you may have. TouchDown will remain a standalone app available through the app stores as it has been, with some Symantec rebranding. For Enterprise customers,Symantec will continue to offer TouchDown as part of the Symantec App Center Solution.

Why did Symantec acquire NitroDesk? Well, first, because we’re the best at what we do: protecting your mobile data. Since Symantec has assets in application management, device management, threat protection, data loss prevention and identity authentication, the NitroDesk piece fits in perfectly to Symantec’s workforce productivity offering. Think about all you’ll be able to do now that you have Symantec and NitroDesk on your side!

We are excited, and want you to be excited too. Please know it will be business as usual for a while, and watch our blog and Facebook page for updates – we’ll announce changes before they happen.  Feel free to follow us on Twitter @Nitrodesk and @SYMCMobility. For additional questions, you can see our acquisition FAQ at:

http://www.symantec.com/connect/sites/default/files/Frequently%20Asked%20Questions%20Public%205%2027%2014.pdf

Click below for Symantec’s Blog post:

http://www.symantec.com/connect/blogs/symantec-advances-enterprise-mobile-offerings-acquisition-nitrodesk

Click below to view the press release:

 http://www.symantec.com/about/news/release/article.jsp?prid=20140528_01

 

 

Protect yourself from iOS and OS X Security breach

The news over the last few days about Apple’s security bug is daunting. While we tend to hate media’s scare tactics when it comes to tech “news,” we do believe that when it comes to mobile security, especially in this case, there is much more harm in NOT updating your iPhone, iPad or Macbook than waiting.

The current security breach is said to allow a hacker to get in between the initial verification handshake connection between the user and the  server (the classic Man-in-the middle attack), enabling the bad guy to show up as  as a trusted server instead of a interfering hacker trying to steal your data. So all those connections you see as secure and encrypted (think bank, children’s school inter web, email, etc) is now open to interference and possible breach of sensitive data such as your family’s detailed information, your bank account numbers, and more.

Ashkan Soltani, who frequently writes about mobile security,  writes in his blog:

“The severity of the problem doesn’t immediately come across in Adam’s blog post, but it’s pretty huge. Effectively, this vulnerability allows a moderately sophisticated attacker to monitor your communications with even the most secure sites and services. Specifically, many of the core programs on iOS and OS X rely on this library for communications, which means ANY app that relies on this library (not just Safari) was vulnerable. For example, when your Calendar or Mail.app synced to Gmail, those communications were vulnerable to eavesdroppers on the network as a result of this error.”

 

image from ashkansoltani.org

The iOS fix for iPads and iPhones is out now so if you use either one of the devices, we highly recommend updating to these versions to get the patch – right now.  For MacBooks, no OS X fix is out yet – so we recommend NOT using Safari until there is a fix – use Firefox or Chrome instead.

 

 

What happened with Target and what you can learn from it

So it turns out Target was allowing one of their maintenance companies (an HVAC/refrigeration company) to access Target’s database so that no one had to actually come out and show up to log-in to do efficiency updates, it could all be done remotely…this is quite common, and not a problem if you keep your private information separate from your non-private. 

See, hackers unfortunately are often quite smart, and can find vulnerable points of entry into a database, especially a shared database that has several  points of entry.  Find another way besides the obvious  “secure entry point,” and then follow it all the way to the goldmine of private data.  This is what happened in Target’s case.  One of the HVAC’s worker’s credentials was stolen, and the hackers were able to insert the malware through this entry point and access the payment network through the maintenance network.  They were able to put this card-stealing malware on POS (Point of sale) cash registers at various stores, and after verifying it worked and that it was NOT detected, were able to access most of the Target stores nationwide, stealing card numbers in real time.

Visa, MasterCard and other Card payment systems do not require  that retail stores and other payment collectors keep their payment  networks  separate from their other operational networks, but it would kind of make sense, no?  Payment collectors ARE supposed to require a two-factor authentication system for remote login capability, and it appears that Target did not have such a system in place.

Had Target kept their sensitive (Customer financial data) separate from less sensitive operational data, they could still have allowed remote log-ins without putting their customers at risk.  

So the point is twofold:

1)Even as a small company (and Target is HUGE), do not be cheap with the security of your data, especially your customer’s financial data.  Yes, Target saved money in the short term by not buying software that kept their data separate and by having a two-factor authentication system in place.  But the huge financial cost of stolen data ALWAYS outweighs the smaller cost of preventing it in the first place, not to mention the larger cost that is not easily fixed: losing their customer’s trust.  

2) Keep your sensitive data separate. And yes, this goes for you too.  On your phone.  On your laptop (yes, that IS a mobile device).  Your iPad that your kiddo plays with at the dentists office or in the Target shopping cart while you shop.

Whether it’s your own device, or you own a business and need to keep you enterprise’s data safe, use software that helps you achieve separation.  With products as affordable as $20 why are you NOT doing this? Trust me, it will cost a lost more if someone steals your data or your identity.

 

 

Why many are dumping their MDM

It is here!!!!  If you’re ready to have excellent BYOD data security, without all the complications and cost of an MDM, check out:

 

 

 

http://www.cockpitcontrol.com

Putting you at the Helm of your Enterprise Data Security

Congratulations to AirWatch and VMWare

 

Congratulations to  Alan Dabbiere, John Marshall and all of AirWatch and  VMware! The announcement that AirWatch is being acquired by VMware was officially  announced today. We are super excited about this new chapter in the history of one of our favorite partner companies and we look forward to continuing that relationship with VMware.  It will be wonderful to see the AirWatch management team working closely together with Sanjay Poonen of VMware.  It’s great to see an industry leader such as VMware adopt a solid mobile strategy through an acquisition such as this…especially as BYOD just continues to grow and strategies for consistency and ease of use are a requirement for successful enterprises.