Alex Fauske is a genius – we love what he did for us!
secure enterprise e-mail
KNOX Vulnerabilities
There is a lot of buzz going around the discovery that Samsung’s KNOX container has been found to have some vulnerabilities, as reported by the Wall Street Journal Tuesday and PC World yesterday. While it is very poor timing for Samsung, considering CES, the huge technology show in Vegas, starts next week, we are confident that Samsung is dedicated to security and will find a fix quickly.
What exactly is the concern? The vulnerabilities found by Israel’s Ben-Gurion University of the Negev indicate that Knox software (when used on a Samsung Galaxy S4 or Note 3) could allow malicious apps to eavesdrop on data transferred within the secure environment. The WSJ reports :“Samsung officials told the Journal that the vulnerability was found in developer phones that weren’t “fully loaded with the extra software that a corporate client would use in conjunction with Knox,” the paper reported. So far, the Knox vulnerability has only been discovered on the Galaxy S4.”
The PC World article compared KNOX to our TouchDown, since both are designed to keep data secure – so what does all this mean and how does it work? TouchDown was specifically designed to keep data secure against this type of data breach. It keeps corporate data secure through encryption and by keeping it ‘sandboxed’ away from a users personal data on their device (smartphone, laptop, tablet). It works directly with ActiveSync Exchange and keeps email, contacts, calendar and notes data secure when kept within TouchDown. Meanwhile Samsung’s KNOX creates a container around several third party apps, with the purpose of keeping data within those apps separate from app data not inside the KNOX container. The security breach discussed in the article regards the potential security breach of the KNOX container itself, meaning malware could have access to apps inside the container. If there are apps inside the container that are not secure, they could potentially be breached. Luckily, TouchDown users can breathe easy, since even if a malware attack did get past the KNOX container it would not be able to breach TouchDown data. So whether you are using TouchDown in or out of the KNOX container on a Samsung device, your data will remain secure and separate from other data on your device. If you’re not using TouchDown…what are you waiting for??
TouchDown for Windows 8.1 arrives November 4th
We at NitroDesk are *SUPER* excited to be launching TouchDown for Windows 8.1 next Monday (November 4th, 2013). It has been an exciting year of launching TouchDown across several platforms, and Windows 8.1 promises to be exciting, useful and of course, features all of our usual security measures. TouchDown for Windows has a new facelift, with an elegantly clean UI that beautifully utilizes touch screens with the same great reliability our TouchDown users are accustomed to.
Here are a few new features to look forward to:
- Rich text editing when composing an email
- Drag and drop emails when moving to different folders
- Arranging your working view (using the splitters)
- New contact list management
The upcoming version (by the end of Nov. ) will include additional features that will be supported only in Windows 8.1 such as:
- Live tiles with mail and calendar updates
- Color Themes
- New configuration and flash screen
- Folder management (create, delete, rename your email folder)
- Group contacts
More importantly, here is YOUR chance to tell us what additional features you want to see in this product – we love to include features that help our loyal users, so send us your ideas and we will try to incorporate them.
What the world thinks of TouchDown for Mac
We are loving the praises that are coming in for TouchDown for Mac…here’s why you NEED to get it NOW:
“Finally an all in-one corporate email, calendar, contact and task management system for the Mac. The intuative interface has enhanced my workflow and increased producitivity whilst providing a clean and modern user experience. At last, TouchDown has removed the ‘compromise’ of using a Mac within the corporate world.”
– Ian Heathcock – Business Development Director Griffiths Waite UK – http://www.griffiths-waite.co.uk
“After many headaches trying to get Apple Mail to work with my work Exchange account, I had given up getting my work email on a native app. I have downloaded it, and synced up my work email in less than a minute. The interface is simple, intuitive and best of all, it just works. Thanks so much for the opportunity to try out this amazing application. I look forward to the final release!”
Jessica S
“Downloaded your client and have been using it for a couple of days. Here is my feedback about the app:
* Really Love the UI and the way fonts have been chosen. The option of themes is just awesome.
* One of the main critics of Mac mail has been that a new email is not so obvious to spot. But with TouchDown, with the bold and blue color, it takes just a blink of an eye to spot it.
* Integration with Contacts, Calendar and Notes into one single app is a HUGE one.
* The Calendar UI is also fascinating.
* Loved the option to associate an avatar to any contact in our contacts list.”
Deepak M
“Great app. I can finally now get my emails on my mac without having to VPN into my work.”
Eric S
“Kudos on the Touchdown beta. It is a FABULOUS first effort, and fulfils a long-held wish for me – a lightweight, Mac-centric Exchange client. Works great with our corporate Office 365 accounts.”
Susan K
“I bought my Mac in january and have been very frustrated that I couldn’t get my work email. I can’t tell you how excited I am to find your product. “
Cynthia Posey
“Great app, worked fantastic, try- love it”
Deepak C
“Touchdown team,
Thank you, thank you, thank you. It has been a long time since I’ve been able to have the same seamless experience with Exchange email on my Mac environment. Literally years. In 2009, I gave up using Entourage. When I gave up, I knew that I was giving up the messages, mail, notes, tasks, and calendar items that (almost) worked in Entourage.
Now, I’m loving that Touchdown brings back these missing real-life Exchange-hosted features on my Mac.
Keep up the good work,”
-Kent H
“Thanks for working on a Mac client. Touchdown is an amazing utility.”
Sirish K
“So far, the worst thing I can say is TouchDown keeps all my work email and calendars close at hand. <sigh> No more claiming that I didn’t bring my work computer home…”
Keith P
“Hi guys!
I have downloaded and tried TouchDown for Mac and I love it!
A clean and simple Active Sync who do work perfect with office 365!”
Robin J
“First and foremost a big Thank You! About time we got a decent mail client for the Mac platform. As an SMB IT Consultant for the past 20 or so years I hear from end users that they’re ‘OK’ with Mac’s mail client, from the admin side it’s pitiful. Just the fact that you’ve added encryption and security is huge! Now I have another awesome tool in my box to share with concerned clients.”
Jeff A
Thanks to all our amazing customers!
Why TouchDown for Mac?
Today we get to hear straight from the mind of our developer himself!
Why TouchDown for Mac?
Some of you may wonder why NitroDesk, traditionally a mobile email product developer, would build a Mac version of TouchDown. TouchDown has traditionally been available on mobile platforms Android and iOS, but Mac is really a desktop platform. So what gives?
Last year when we switched from a pure android shop to build an iOS version, it forced some of us to start using Macs as our desktops (it’s hard to build an iOS app on a Windows desktop). Initially we got by installing parallels on the Mac and with using Outlook. We also had the native Mac client syncing our emails. But eventually we got tired of having to switch between Mac and Windows just to do everything unrelated to development (performance issues due to the two OSs, and the fact that we use Eclipse on Windows to build our android app was another reason – there are several legacy reasons why we could not switch to Eclipse on the Mac). So, we switched from Parallels to BootCamp to dual boot Win8 and Mac on the same computer. That made life easy in some ways (we could actually boot back and forth and get the job done – Eclipse would actually run in Win8 on bootcamp). Personally the best windows PC I have used is a Mac PowerBook Retina (shhh, don’t tell anyone).
This was a good move in a sense. This helped us focus on one platform at a time. The pain of rebooting to switch from iOS to Android was enough to prevent our minds from wandering.
But it caused a couple of problems
- We would get a notification of emails on our mobile devices as soon as mail arrived. However, if the mail required us to write a reply from a computer, we had to wait and wait until Mac Email finally received the message. This was most frustrating for email junkies like us who needed to finish responding so we could move on to the next task.
- Tooling around in the Mac partition, we discovered this:
Every email received in the Mac Mail app was in plain view in Windows, when using Boot camp. While promiscuous sharing like this between platforms was just great when we need to copy files over from one platform to another, we were not too thrilled with the implications of this (each .emlx file contains the received message in base 64 encoding), which had some serious implications – consider this not too uncommon scenario:
Your CFO is traveling with a MacBook Air and an iPad. You have spent some serious coin on an MDM that would protect the email content on the iPad (probably even mandated the use of TouchDown and an MDM on your iPad). So your corporate data is more secure than Fort KNOX, with a GATE around it. Lose that iPad? You can whip out your cannon and do a remote wipe on it, disable it and nuke it to kingdom come. BUT what happens when he loses the MacBook Air? The MacBook probably syncs with either outlook or Mac Mail. It has waaay more data (no control on email history to download to it) than the mobile device you just nuked. This time around, all you can do is pray for the finder to simply format it rather than trying to get the data out.
YES, laptops are MOBILE! And Macs are vulnerable when they have a partition!
Consider this other scenario:
Your employees use Macs. Every email they send or receive is in that directory in plain text. Any application they may have downloaded from the internet (you can side load applications with no restriction on what they can do) can contain a Trojan which looks for the Mac Mail directory, enumerating, reading and decoding emails, contacts, calendar, notes etc, looking for passwords, credit-card numbers, (PHI if you are a hospital).
This was indeed an OH CRAP moment for us. We have been working hard for the past five years to protect your corporate information, and still we haven’t done enough for our corporate customers.
Hence TouchDown for Mac.
With TouchDown for Mac, all the data in the application is encrypted, so no other application can read or decode it easily. Without explicit user action, none of the email data or attachments can leak outside the protected sandbox we place around it. And no, They cannot be viewed in Windows if you dual boot. Boot away 🙂 “And there’s more!”
…and all the nice tweaks and productivity measures we have added to our mobile apps, and a future resplendent with new ways to work with your corporate email account. (GTD, MYN ? anyone?)
…and PUSH email with an exchange client without being limited to an IMAP connection.
…and the ability for you to import SMIME certs to the application sandbox (not the whole computer) and have touchdown use those to encrypt and sign your emails.
…and the ability to set your OOF.
…and the fact that it may even be a viable solution for implementing the Direct Project (http://directproject.org/content.php?key=overview) – Physicians love Macs (at least mine does), and if we can get them to communicate via secure email, we would have done some good.
Well then, Why NOT TouchDown for Mac!
-g
Android Security issues – but not for TouchDown!
Yesterday developer Sebastian Guerrero Selma was able to use Firefox to lift data from the local storage on an Android device – and even to access stored data within the browser itself. As Androidcummunity.com described in a blog article yesterday, passwords and other private information can be taken using file:// syntax. If a user visits a site that has potent javascript code, their password and other information will be sent on to the hacker who created the code – without the user ever being aware of their loss of privacy. The article cites SD Card files, like your pictures and documents, to be the kind of personal information you would not want anyone to get a hold of – I can’t imagine someone having access to photos of my kids! Other apps also store information on one’s device, so this could potentially allow hackers entry on to all the information on your device. Luckily, TouchDown doesn’t allow any access from anywhere. That’s right, TouchDown does not allow any other App to access information stored within TouchDown. (We love that!) And while that means you can’t instantly post a picture from an email to Facebook, it DOES mean that your information is safe. I prefer my email, contacts, calendar and to-do list PRIVATE.
Why TouchDown will never be Fingerprint Scan Enabled
Those who know TouchDown, NitroDesk’s secure email and productivity client, know that we are obsessed with the security of your data – both corporate and personal. With the new shiny iPhone5S coming out, a lot of users have asked us if we’ll incorporate the new fingerprint scan measures into our iOS app. (Disclaimer – I do use an iPhone as one of my devices, and love it, so I’m not just hating on the iPhone.)
Currently, Apple has not released any of its information to developers, so development of apps to include this technology is not possible , our developer says, until Apple decides to let developers in on its new feature. For us at TouchDown however, there are more security-related issues to be concerned about.
Security usually works in two ways: to protect your data, you either utilize something you know in your head, like a pin or password for example, or something you have – like a card that needs to be scanned, or in this case, your finger. But what happens when the item is out of the control of the user? In the case of biometrics, specifically a user’s finger, there are several thoughts that come to mind..
Lets say you are just a bit too drunk at a corporate dinner, on a fabulous first date, or at that fabulous party sponsored by one of the tech companies after a long conference. If you’re drunk enough it is not too difficult to ‘help you’ place your finger on your device. Don’t drink too much, you say? There are plenty of substances out there meant to incapacitate you mentally by dropping a little something in said beverage.
Perhaps you are walking down the street with your new biometrically secured phone and “slam!” you are rendered unconscious by a blow to the head by a mugger. Now that you are no longer in control of your finger, it is incredibly easy for said mugger to utilize your digit to unlock all your data.
Even if you are just in a super deep sleep, it would not take much to pick up the ever-present finger and touch it to your device with a bit of pressure.
So you see, the inherent problem lies in utilizing a security measure that is not in your head, but is instead something you have, especially when that something is attached to your body and fairly easy to get to (versus your pupil, for example). As soon as you are mentally incapacitated, your fingerprint is just to easy to use. So, while we don’t think evil-doers will start cutting off fingers, it’s not to hard to imagine owners of high-in-demand fingerprint-secured devices being drugged, encouraged to inebriate themselves, knocked unconscious or otherwise forced to lose control over their digits.
Which all boils down to the fact that information in your head is still just safer. Especially when unconscious. Now, I did read somewhere that the fingerprint technology in the 5s is designed to detect a live finger from a dead one… If that technology gets to a point where it can detect an inebriated finger, it would be a completely different story of course. Until then…
Dr. Ferdico
More on snooping and email security
A few days ago we wrote about Microsoft’s new OWA iOS app, and the difference between offline clients and online clients. Today I want to delve in a little more on the aspects of how email security works on mobile devices.
For example, if you are using a subscription service or another source for email (like yahoo, google, office 365, etc) , your request, once you are online, goes to the server.
Your mobile device then mirrors what is on the server for your account (in the case of an online-only service) or downloads them to a unique server in the case of an offline server. There is sphere of safety if you are using a subscription or email client that uses security, where the email is mostly secure – but what happens when the email being sent is sent outside of that sphere of safety, to an UNsecure server? And if someone or something is snooping trying to get information?
Now take an email client that utilizes S/MIME (Secure/Multipurpose Internet Extensions) with EAS policies and AES Encryption. You compose an email on your device, and send it with S/MIME enabled. The data is immediately scrambled, and is unreadable as it gets sent to the server. It now gets sent from the server, to the next mobile device, still unreadable. As it passes outside through the sphere of security it remains unreadable, safe from any snooping. Even when it reaches a unsecure server, it remains secure until the person who it was sent to uses their security certificate and unlocks the email. Only then is the data readable. This is the safest for your data to travel, and the ONLY way to secure your data 100%. (excuse the bad sketches – I don’t draw).
If you don’t want to have anyone snooping in your email, are worried about the security of your enterprise data (or even your personal data), use an email client that secures your data every step of the way.
If you have questions how Touchdown utilizes S/Mime, PINS and other protocols to secure data contact us! http://www.nitrodesk.com
Dont you hate it when…
Don’t you hate it when you forget to turn off your Out Of Office (OOF) automatic reply? And no on tells you that your email is sending out an automatic reply that states you will be back three weeks ago. Somewhat silly in your personal email, and downright unprofessional appearing in your work email. It is SUPER easy to change this and many other settings on TouchDown, even if you are away from your desk. (which makes it possible to turn the OOF ON if your forgot to do so and you remember when you are at the airport!)
Lets use the Android Phone as an example. Simply go to Settings, and then Advanced Settings.
Select Out of Office (OOF) reply
Make your choice
Diasble OOF turns off the automatic Out of Office Reply
Enable OOF sends out an automatic Out of Office Reply, which you can select be internal or external to your organization
Scheduled OOF allows you to specify exactly when the OOF starts and stops – I highly recommend this option if you are setting up your OOF since it requires no further action once you time away is complete. If you need to add onto it because you are having way too much fun and need to stay away form the office longer, you can easily change this time frame.
So there you go! No worries about leaving on a jet plane and suddenly realizing you are going to have to deal with tardy email responses, or even worse, remembering that you forgot to turn the OOF OFF (say that three time super fast!)
Did you know that we have a ton of how-to’s on all of the TouchDown functions in our Knowledge Database?
Encrypted Email in TouchDown
More and more people are using encrypted email as news about the NSA watching our email and hackers stealing our personal information loom large. We take the encryption and security of your information very seriously here at NitroDesk, which is why our TouchDown email app uses AES-256 encryption.
SSL and TLS are the main tools that provide the majority of security in the transmission of data over the Internet today. Although these are cited as being “secure,” there is actually quite a range in the level of security that is provided, depending on what encryption technique or cipher is utilized. Like any software, some of these encryption tools are quite weak, while others are very secure.
When choosing an encryption tool for TouchDown, AES (Advanced Encryption Standard) was the clear and obvious choice for its speed and high level of security. It is based on the Rijndael cipher developed by Belgian cryptographers, Vincent Rijmen and Joann Daemen. AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS.) It is also the “gold standard” encryption technique; many security-conscious organizations require that their employees use AES-256 (256-bit AES) for all communications.
AES is based on a design principle known as a substitution-permutation network, and is considered one of the faster encryption methods. AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. AES was first available in Open SSL starting in 2002, and was the basis of most SSL services in UNIX and Linux environments. AES is FIPS (Federal Information Processing Standard) certified.
At NitroDesk we recommend ensuring that your server is SSL-enabled, and never accessible through non-SSL connections. TouchDown utilizes HTTPS/SSL for communications with the server when the server is configured for SSL encryption, and utilizes AES-256. This ensures that your information cannot be compromised in transit between your device and the server. Is your information secure on your device?