Secure Mobile Device For Enterprise

With the introduction of cool mobile devices available for the corporate world, executives feel their existing blackberry out of fashion. For a while, blackberry devices ruled the corporate world for mobile communications. They are efficient and highly secure.

Blackberry security is still considered the gold standard for enterprise mobile communications. However, with generation Y taking over the corporate world, enterprise infrastructure have a hard time meeting their demand to have social networking and other mobile applications available on their mobile devices. RIM’s product is no more preferred; rather it is now one of the options that should be available to the corporate users.

There is also increasing demand among employees to use their personal mobile devices (individually liable) for enterprise use. They view pervasive wireless LAN (WLAN) and mobile cellular coverage as “must have” capabilities and consider smartphones as “must have” tools that would help integrate their personal and professional lives.

Until recently every enterprise had a web address advertised along with their products. Now, their applications are showing up in mobile device application (app) store and their mobile web addresses (example are advertised along with their web address (example increasing their competitiveness.

So how do we secure such diverse devices while making them available for corporate use?

Continue reading “Secure Mobile Device For Enterprise”

Disk Overwrite or Wipeout Best Practice

An online search shows majority of tools available for wiping out data on a disk points to a practice of 7 wipes. They believe that it is a US DoD requirement. Some of them support the Gutmann method of 35 wipes.

However, I could not find any documentation on US government website that indicates seven wipes. The US DoD 5220.22-M, “National Industrial Security Program Operating Manual that most online tools refers to does not have any requirements of number of wipe passes. However, I found a wiki page on Data Remanence that has enough citation and it contains the following –

“As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing  or physical destruction is acceptable for the latter.[4]

On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): “Studies have shown that most of today’s media can be effectively cleared by one overwrite” and “for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged.”[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes “has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. “[5]Continue reading “Disk Overwrite or Wipeout Best Practice”

Chrome OS, Cloud Computing and Privacy

The news is out – highly anticipated Google’s Chrome is to released in coming fall or winter.

Its supposed to be faster and more efficient than Microsoft Windows and will support cloud computing. There will be no cost associated with using the OS as its going to be released as open source.

What does all these mean to an end user? Since the new OS is going to leverage cloud computing, I believe its going to behave similar to how a browser behave. When the machine is turned on, the user is presented with a console that directly interact with the applications hosted in the cloud. Applications include the existing Gmail, Documents, Calendar, Photos and other office productivity tools.

An end user, when he/she uses these applications, sends all the information or data to the cloud where the applications reside. They could be hosted either at Google datacenters or at a partner. The information or data that the user saved at these applications is now at the mercy of Google or its partners.

Today there are corporates who hesitate to use third party conference utilities such as Webex just because they don’t want their confidential data to go beyond their perimter. So what about using Google’s cloud computing services. Corporates as well as Governments are concerned about the privacy of their cititzens. Will Google ensure such privacy? How about the service level agreements? Or the Quality of Service? Can Google meet such varying requirements? Well, it may – for a “freemium”.

Personally I am thrilled waiting to play with another open source system.

For now, this is Shaheen posting these thoughts, from the Toronto subway system, using gmail to an open source application.