business, businesses, BYOD, corporate espionage, corporations, culture, cyber security, data loss prevention, DLP, lifestyle, MDM, Mobile Communication, Mobile Communications Security, Mobile Device Management, mobility, nfc, PII, policies, policy, Risk, Risk management, Security, seim, vpn, work ethics
NOTE: Remember to look at previous and more current postings for other topics.
This was initially going to be a short piece, but there was need to fill out multiple sections of this topic.
Definitions are at the end.
So, as many, many speakers start off…. Mobile communications, what is it going to do with our society – what is it going to do to you? Are you going to be one of those folks who:
1) Seriously want something like Google Glass so you can walk around recording whatever your heart desires?
2) Will wear these kinds of devices to surreptitiously record (voice and video) things you should not be recording, either morally or legally?
3) Will want to hold a conversation no matter where you are, regardless of whoever is around and could care less if you are rudely disruptive/inconsiderate to everyone around you?
Now that the FAA appears to be relaxing cell/smartphone rules, can you imagine multiple people on a plane holding conversations, making all others captive listeners to inane and quite possibly stupefying conversations… That will make a lot of other people on the plane angry, and will make the jobs of flight attendants that much more difficult. That is what is going to happen if airlines allow all individuals to make ordinary phone calls aboard planes because down the road, money talks and we know that if the airlines and phone carriers can charge people on the plane for that airtime in the sky to earn more revenue, they will.
My own solution, continue carrying and using my pliable wax ear plugs or use my MP3 player ear buds more frequently…
Mobile communications is already ubiquitous and will become ever more so if you fathom that. Having more means of mobile communications will also increase the number of accidents and deaths due to people not ‘thinking about’ or ‘paying attention to’ how they use their personal communication devices (see definition below), walking down the street and out into the street.
In the workplace, there are many people who just do not consider anything as they connect their personal devices to the corporate network. Many folks are at the mercy of their carrier in regards to preventing malware from infecting the person’s phone. Some say that the vendors (Verizon, Sprint, etc) and OS makers (Android, Apple, Blackberry, etc) do a good enough job preventing malware infections across their environment and affecting users. Anti-malware makers say users should install their software to ensure their smartphones do not become infected.
I have a problem with both scenarios, but what can any of us, the average user, do about it… Just be very sure about what links you click on your mobile devices and be even more sure about what you download (white papers, software, books, etc.).
At the coffee shop, there are so many people who are not thinking of the ramifications of connecting their devices to the ‘Net through the café or book store.
1) How well is that establishment protecting their connection to the ‘Net?
2) Would you automatically trust connecting to the ‘Net from a café, any café…?
There could be someone in the café just waiting for someone not paying attention to what they are doing as they connect to the ‘Net, swigging on their latte AND doing some confidential proprietary work for an hour or two or three. And that someone in the background, performing MITM (man in the middle) actions, just happens to be sucking down that info, unbeknownst to the latte drinker. That someone could even be a spy from some other country.
On the streets, folks walk around with their devices in their hands, bags or pockets – and they have Bluetooth or Wifi enabled on the device. AND, they do not have a passcode or password enabled… C’mon everyone, we all have to wake up and be more security conscious about our devices. When I’m out and about for a quick excursion, I turn on my complex swipe pattern to lock my phone. If I’m going to be out for a longer amount of time and/or in an environment with many others, I use a complex password instead.
– – Many people, still, are not aware of the power within their devices, especially in light of somewhat recent advances such as Bluetooth v4.0 (high speed data transfer) and Wi-fi connections are better and faster. Both of these allow for easier theft of PII and / or proprietary data, without their being aware of it occurring.
Mobile Communications Security
In the workplace, the company ‘absolutely’ must have security measures in place to counter-act the risky or possible risky behavior of their staff connecting to the corporate network. The firm has to have multiple levels of protection and policies in place.
The firm should have in place:
– – Policies that clearly delineate employee behavior of what is and is not allowed when connecting their personal mobile devices (or if they are allowed to connect their personal devices to the network)
– – – – Policies about locking or wiping sensitive data on the device if the device is lost / stolen
– – – – Then too, the firm must make every attempt to ensure that the employee
fully understands the firm’s policies and agrees to those policies
– – Mobile Device Management (MDM) software that will cover and support the most OS’s in use (Android, iOS, Blackberry, Windows, etc) and the most mobile hardware platforms (Apple, Motorola, Nokia, Blackberry, etc.) – as well as MAM (Mobile Application Management)
– – Security software that will cover and support the most OS’s in use (Android, iOS, Blackberry, etc) – software such as antivirus, firewalls, VPN
– – Incident Response plans to cover most, if not all, contingencies should there be a problem or theft of a mobile device with confidential company data on it
– – SEIM (or SIEM depending on who you’re talking to) – A business with employees bringing their own devices (or company issued devices) “must” have some type of SEIM in place to help aid the slow humans collect, collate and analyze the tons, errr sorry, terabytes and exabytes of data passing through the network (soon to be zettabytes at some point)
– – DLP – firms with proprietary/confidential/critical data simply must have data loss prevention software in place to deal with malicious, criminal or accidental passing of that sensitive data out of the network
The tech of Near Field Communications (NFC) is quite possibly going to enhance criminal’s (and spies – nation state or corporate) capabilities to pilfer data from the unwitting. NFC might make it easy for the user to power up their devices and to complete sales at store terminals but it ‘may’ also make it easier for Joe Punk, the thief.
RISK, as we know it, is about making tradeoffs.
What is your firm or agency going to do where risks and risk management are concerned?
– – Are you going to pander to Gen X’ers and Millennial’s (no slight towards either category) so they come work for you?
– – Or are you going to put the proper, strong, best practice safeguards in place and enforce?
– – Or, are you willing to see malicious software enter into the firm’s network, pretty much unfettered, because you allow anyone to connect anything to the network.
– – – – Or worse, are you willing to see proprietary/confidential data leave the firms’ network at a covert and blistering pace…?
One thing a firm could do is to purchase USB cable for the devices that ‘only’ allow for power charging and does not allow data traffic over these cables. Sorry employees but there are too many who believe they know better when they actually do not.
Employees are not off the hook either and by employees, I mean everyone in the business – from mail room clerk to CEO. The company’s network is not a free-for-all. It is not there for your sole benefit – you, the employee, connect your devices to the firm’s network at the firms’ discretion, following the firms’ guidelines and permissions.
Mobile Communications Future
Google Glass – I talked about this in an older paper of mine, imagine, everyone wearing some sort of glasses that act as a portable HUD.
Google Throat Tattoo – from Motorola Mobility. This is an electronic throat tattoo that allows individuals to have a phone conversation via this tattoo and their smart phone. Think of it like a transparent band aid with embedded miniaturized electronic components, which a person can control any compatible electronic device of theirs, or permitted by others such as in public environments. See the L.A. Times article at http://www.latimes.com/opinion/opinion-la/la-ol-google-electronic-throat-tattoo-device-20131114,0,215855.story#axzz2ln3JG1PO
The story noted that this tech may not make it to market, but, it is a start. Imagine having some kind of communication device you can place on your neck that would allow you to use voice sub-vocalization (or via bone induction) to control your, or others, devices.
Dick Tracy watches (or Smart Watches) – You have probably seen the Samsung commercials for which the company shows snippets of the computer/video watch as it evolved over the years, namely the Dick Tracy watch, the Jetsons, Star Trek, etc. Samsung’s Galaxy Gear Smart Watch and competitors such as the Pebble Watch are trying to put a computer on your wrist that will interface with your Smart Phone and maybe your tablet and laptop….
Quantum Computers – We are getting closer to having exponentially more powerful computers literally in the palms of our hands. The problem (or rather, one of the problems) has been in achieving workable quantum computation at near room temperature.
See the article at either site: http://www.sciencemag.org/content/342/6160/830.full
Just think about it, especially as I am one of those highly optimistic individuals, as we continue moving onward with more and more miniaturization of current computers and computational devices. What if (or more likely, when) computer companies start mass producing quantum computers for use in any kind of electronic device? Your car, your smart phone, tablets & other computers, airplanes (and drones, a.k.a. UAVs), cabs, buses and trains will eventually have some kind of quantum computer in it. Think about the exponential computational power that can be harnessed to handle the mundane to extremely complex calculations necessary to solve problems such as the tremendous data needed to predict the path of a hurricane, tornado or Typhoon.
Quantum computers will be able to somewhat effortlessly (we hope) handle the terabytes, petabytes, exabytes and zettabytes of data flowing across the ‘Net every day. That kind of power can more easily handle compression/decompression of data to route and send data (and voice) traffic around the world. It will also be able to more easily deal with the more intensive computing power needed to encrypt / decrypt any and all secure traffic at the highest encryption levels, which for now is AES 256 but that will likely change within the next couple of years thanks to Edward Snowden and other criminal entities around the globe.
Hearing aids – Sigh, I can only imagine (I do a lot of imagining), what quantum computing can do once they are ready for prime time usage. Take hearing aids, put a quantum computer in it and you pretty much can do many things through your ear piece, especially if you use bone induction to convey sound to the ear piece. That quantum computer in the hearing aid can clean up and produce better quality sounds, instantly for the wearer. Then combine this ear piece with something like the Google Tattoo, and well, maybe I’m getting too optimistic, too soon…
Miniature cell towers – Just think, here we go again…. Just think about the implementation of more portable cell towers – in buildings, in subway systems, on the sides of buildings, on bus stops – to move, more efficiently and ‘faster,’ cell phone/smart phone/tablet data.
These are devices many are not aware of, to work with and/or replace regular cell towers, such as:
Having these devices in use spreads the load on all cell towers, instead of trying to cram all the users onto one cell tower and dropping calls. The devices allow for better connectivity, pinpoint connections and much better signal quality. Unfortunately, the down side is, criminals can ‘possibly’ intercept smartphone calls using these types of devices if adequate protection is “not” put in place, like installing the latest patches to prevent interception of calls/data. See this article from July 2013 – http://www.digitaltrends.com/mobile/femtocell-verizon-hack/
Employees need to be aware that having their own devices inside the place where they work does not grant them free unfettered access to the ‘Net. It does not mean they can download whatever they want, whenever they want – employees must adhere to company guidelines.
Businesses must absolutely have policies in place in regards to employees own electronic devices as to what employees are allowed and/or can expect with their devices.
Businesses must weigh the pros and cons of how they decide to deal with employees connecting the multiple varieties of personal devices (hardware and software). And the businesses must decide most rapidly because this is fast moving area.
Yes, the variety of solutions on the market is changing, very fast. But you cannot just wait for the best of breed to shake out, you have to get the best you can now and scale it as improvements continue to make it to market.
The future of mobile communications is going to be grand but it is also going to be scary. The speed to move data is improving continuously. The bandwidth is improving. Wifi points of connectivity is increasing.
This list goes on and on and we are just at the beginning.
Just think (again?), that replicator in the original Star Trek series – look at all the 3D printers that is springing up everywhere, and these things are improving in the quality of what they print out, the speed of printing is getting better and the numbers of inputs are slowly increasing (I mean c’mon, one dad printed out a hand replacement for his son (born without one hand) because to buy an artificial hand is too expensive…
Personally, I would love to have my own quantum computer and HUD that I can use in my daily life, due to my being so curious and wanting to know more, to learn and use what I learn – and to share with others who want to know and not putting on a false façade that they know everything already. Because I know, I, myself, don’t know everything, not near enough – and we are not yet at the stage of wet mesh technology for everyday use.
Wet mesh is where you would have a computer chip embedded in your brain to enhance your cognitive abilities, or to correct for damaged spinal nerves so that folks in wheel chairs can walk again, or to…
We are not at that stage yet.
AES – Advanced Encryption Standard – three levels, AES 128, 192 & 256 (http://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
Devices – Smartphones, Tablets, Laptops, PDAs (if any are still around), etc.
DLP – Data Loss Prevention (or Data Leak Prevention – depends on who you’re talking to) – this is software designed to help firms prevent or stop proprietary/confidential info leaving the company network by various means (email, downloading to a thumb/flash drive, smart phone or even printing out that info)
HUD – Heads Up Display – as in fighter jets or near high/high end cars on the road (Cadillac)
Malware – Malicious Software that can harm your devices
NFC – Near Field Communication
OS – Operating System
PII – Personally Identifiable Information (medical, financial, personal, etc.)
SEIM/SIEM – Security Event and Incident Management / Security Information and Event Management – in simplistic terms, this software/hardware combination allows for collection of many, many disparate points of data and of different types and the ensuing collation and analysis of the data traffic that entering/leaving that companies network
VPN – Virtual Private Network connectivity for secure connections to the company network over the ‘Net
The following definitions were taken from Wikipedia, but they jive with what I have learned elsewhere.
• Microcells – coverage for a limited area such as a mall, a hotel, or a transportation hub. A microcell is usually larger than a picocell
• Femtocells – devices, made by Cisco, AT&T and others, you can even place in your house to improve smartphone signal quality and speeds (5 bars…)
• Picocells – a small cellular base station typically covering a small area, such as in-building (offices, shopping malls, train stations, stock exchanges, etc.), or more recently in-aircraft. In cellular networks, picocells are typically used to extend coverage to indoor areas where outdoor signals do not reach well, or to add network capacity in areas with very dense phone usage, such as train stations.