Category Archive for ‘Mobile’

The Dropbox Problem

Introduction

 

“As the BYOD trend continues, more and more businesses are faced with the growing reality of having their workforce go mobile and the potential associated security threats it poses for enterprises.”

– Melissa Lewelling, CRN, June 24, 2013

With over 300 million users, Dropbox is the market leader in cloud file sync applications. Unfortunately, what works for family photos is not appropriate for corporate files. Dropbox is risky business. Beyond the risks of data loss, data theft, data loss, corrupted data, lawsuits, compliance violations, loss of accountability, and loss of file access, there are inherent flaws in the service that make it unsuitable for a workplace environment.

Here are some little-known facts about Dropbox — six things to consider before adopting Dropbox in the workplace.

  • Dropbox is the No. 1 most commonly blacklisted app

In general, BYOD and the advent of mobile applications has made employees more productive. But when it comes to mobility, there are some applications that companies should avoid. In a survey by Fiberlink of over 4,500 corporate and employee devices, Dropbox was the No. 1 most blacklisted app on iOS and Android. Business owners and IT administrators are blacklisting Dropbox applications because the popular file sync service lacks the administrative control and oversight necessary to avoid data leakage risks. Rounding up the top five blacklisted apps were SugarSync, Box, Facebook, and Google Drive. [i]

  • Dropbox shares can be accessed by anyone

Sharing with Dropbox is easy. Protecting your files with Dropbox? Not so easy. When a user shares a file or folder, Dropbox generates a public URL that can be accessed by anyone, without any password enforcement. In a study conducted by Intralinks, these fully clickable URLs were used to access sensitive files, including tax returns, a mortgage application, bank information,

and personal photos. Intralinks also found evidence of intermingling of personal and corporate files. All of this begs the question: when you share files and folders with Dropbox, who are you actually sharing it with? [ii] [iii]

  • Dropbox only retains deleted files and revisions for 30 days

Business-class file sync services maintain a rich file and folder history so that companies may recall historical data, including deleted files and revisions. Moreover, retention of data is important for business that handle sensitive data and legally required for certain verticals. The Sarbanes-Oxley Act, the Federal Rules of Civil Procedures, tax laws, and other federal and local statues have distinct requirements for the retention of data. Dropbox’s decision to permanently remove deleted files and revisions after 30 days is inconvenient and puts businesses at risk of legal and compliant disputes. If Dropbox customers want to retain deleted files and revisions for more than 30 days, they are directed to download and pay for a third-party application. [iv] [v]

  • Dropbox uses a single encryption key

Encryption is the primary safeguard against hacking and security breaches. Unfortunately for Dropbox customers, the keys to encrypt and decrypt files are with Dropbox – not on each user’s machines. Worse yet, Dropbox uses a single encryption key for all customer’s data. This insecure architectural design prompted Christopher Sighoian, a prominent security researcher, to issue an FTC complaint against Dropbox in 2011. His complaint alleged that Dropbox puts users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits. In light of these charges, Dropbox scrambled to change language that appeared on its website. But the facts remain: Dropbox does not provide a way for users to encrypt files before they are transmitted to the cloud, Dropbox employees have access and can see the contents of a user’s storage, and Dropbox has exposed its users to unnecessary risk of data theft by hackers, who if given the chance to break into the company’s servers, may be able to steal users’ data and the keys necessary for decryption. [vi] [vii]

  • Dropbox reviews your data to save costs

When a user uploads a file, Dropbox will review the data to see if it has been uploaded by a different user. If it has been uploaded before, Dropbox deduplication technology will point to the previously uploaded file, thus saving Dropbox from keeping two copies of the same file. According to Dark Reading (InformationWeek), “For starters, deduplication can make it easy for outsides to know what’s already on the Dropbox servers, since the website studies a file to see if it’s seen it before.” In sum, the deduplication technology imposed by Dropbox saves the company storage costs, but places your files at risk. [viii]

  • Dropbox does not guarantee uptime or offer live support

FAQs and Forums not good enough? Because Dropbox does not offer live support, you’ll have to fill out a form for someone to get back to you. In addition, Dropbox has experienced outages, downtime, and security breaches over the years, causing business users to reconsider the reliability of the service. According to ReadWrite, “(Dropbox) checkered history of security breaches may make it a tough sell in the enterprise,” including “a (2011) bug in the company’s authentication mechanism, allowing third parties to log into user accounts and access files,” and a 2012 breach that “allowed attackers to penetrate accounts used by Dropbox employees, including a document from which they may have been able to harvest email addresses…those email addresses were apparently used to send Dropbox users spam.” In March of this year, Dropbox suffered an outage which caused errors and rendered the desktop and mobile file sync feature useless. In light of these events, a lack of live support is only the beginning of service issues that Dropbox faces. [ix] [x] [xi] [xii]

Conclusion

As your trusted IT service provider, we promise to work with you to minimize these risks and support your file sync needs. eFolder Anchor is a business-ready cloud file sync service that we stand behind and guarantee.

eFolder Anchor – Secure Cloud File Sync

  • Access files from anywhere
  • Collaborate with ease
  • Share files securely
  • Control your data
  • Eliminate FTP and VPN

 

Call us to learn how file access can be easy, safe, and secure.

 

Phone: +1 (320) 281-7033

Email: support@kdssys.com

[i] TechRepublic, Will Kelly, “Top mobile security concerns: Blacklisted apps and password protection,” December 11, 2013

[ii] ReadWrite, Anthony Myers, “How Documents Stored On Box And Dropbox Could End Up On Google,” May 7, 2014

[iii] CollaboristaBlog, John Landy, “Your Sensitive Information Could Be at Risk: File Sync and Share Security Issue, May 6, 2014

[iv] Dropbox Help, “What happens to my old and deleted file versions?” accessed on May 12, 2014

[v] ASAE, The Center for Association Leadership, “Designing a Compliant Electronic Record-Retention Policy for Your Association, July 2007

[vi] Gizmodo, Adrian Covert, “Dropbox Told Us Our Files Were Encrypted and Private. Turns Out They Aren’t?,” May 13, 2011

[vii] WIRED, Ryan Singel, “Dropbox Lies to Users About Data Security, Complaint to FTC Alleges,” May 13, 2011

[viii] InformationWeek Dark Reading, Mathew J. Schwartz, “Dropbox Accused of Misleading Customers on Security,” April 16, 2011

[ix] ReadWrite, Mark Hachman, “Dropbox To Business: Never Mind The Breaches, Come Store Your Stuff With Us!,” April 10, 2013

[x] ZDNet, Zack Whittaker, “Dropbox hit by outage; file sync busted,” March 14, 2014

[xi] ZDNet, Ed Bott, “Dropbox gets hacked … again,” August 1, 2012

[xii] Dropbox Tech Blog, Akhil Gupta, “Outage post-mortem,” January 12, 2014

Hosted Desktop for Registered Investment Advisors – IVDesk Transforms Business

Registered Investment Advisors are facing SEC compliance along with auditing and security risks like never before. Even the largest firms have found the challenges overwhelming. Until now!

IVDesk addresses all of your SEC compliance, auditing and security requirements through a robust, vertically-focused IT solution called RIA Complete. Created specifically for today’s most progressive investment and wealth management firms, our completely virtualized service transforms IT from a tactical expense into a strategic business driver.

In addition to thwarting hackers and improving overall security, RIA Complete also ensures that you can access your data securely no matter what platform you are on or your location.

Key Benefits

IVDesk has built a specific, specialized practice related to the RIA industry based on our expertise in installing and running critical applications RIAs rely on every day. This practical experience and deep understanding make us the leading IT partners in your industry.
• Complete SEC Compliance
Moving all your IT to our virtualized platform allows IVDesk to manage and monitor all of your compliance systems, operations and audits.
• Complete Reliability & Redundancy
Our unique technical infrastructure and system management make downtime a distant memory. Your systems, software and data are always available – 24/7/365.
• Complete Security
Our maximum security offering provides 100% protection but allows you to ease restrictions to accommodate individual user permission, preferences and other parameters.
• Complete Mobile Access
The ability to work from anywhere, anytime on any digital device is a key enhancement to productivity. No more VPNs and access struggles. All your current data and apps are right there with the same familiar look as your desktop!

All Your Current Applications – Available Anywhere

Our complete, virtualized approach to IT already includes over 800+ popular business applications and also accommodates your custom solutions. Don’t see one of your apps in the list below? Ask us.

Critical Applications

Advent Portfolio Exchange (APX) Advent Software
Axys
FactSet
Investment View
Junxure
Laserfiche
MorningStar Office
Moxy
PortfolioCenter
Pro Tracker
QuickBooks Intuit
Revenue Center
Schwab Data Delivery
Telemet Orion

Vendor
Advent Software
Factset
Thomson Reuters
Junxure
Laserfiche
Advent Software
Schwab
Pro Tracker Software
Advent Software
Schwab
Telemet

Contact KDS Systems at 320.281.7033 to learn more about solving all of your SEC compliance, auditing and security requirements with IVDesk’s RIA Complete virtualized IT solution.

Finally, security hardware catches up with the 21st Century

The Downlow – We’ve been waiting. Watching various providers market the futuristic ‘Jetsons’ home that is completely automated from the touch of our smartphone. This technology is up and coming, and works great today with even greater promise for tomorrow. However, in reality 90% of the time you will be interacting with your system from the main panel. It is the device seen hanging on the wall, probably near your main entry, that you walk by hundreds of times each week. The brains behind your system, it controls everything from managing the security and automation points to informing the viewer of current status. The security devices we have tested to date have been, well, lackluster. When it comes to Touchscreen in the security world, Fisher Price makes a better unit in the ‘5 and Under’ section. To someone who spends their day with technology and depends on an arsenal of laptop/tablet/smartphone for productivity, units tested from major security players have been very disappointing in the area of ergonomics, control, user interface, and aesthetics. (Putting a glossy-grey piece of cardboard around a 2.5″ depression-sensitive screen does not make a 10″ ‘Touchscreen’ in our book)

The player. We have actually discussed wall-mounting an Android Tablet as the main control point, and installing the ‘actual’ control out of sight in a utility area. Fortunately Qolsys has beat us to the punch and released a fully functional control unit based on a 7″ Android Tablet. And it actually looks and works like you would expect in the modern world.

Check out the video below for a fast-paced overview.

Security Qolsys Controller

Security and automation in a modern container

  • 7″ Touchscreen
  • Cellular/WiFi/Z-Wave Radio’s
  • Camera
  • Speaker/Microphone
  • Siren
  • 24-Hour Battery Backup
  • SD Card Slot

Will your company have a CDO by 2017?

CDO is becoming a vital role in many companies.  In 2012 Harvard Business Review named Chief Data Scientist as the ‘sexiest job of the 21st Century’, and Gartner has predicted that 25% of organizations will have a Chief Digital Officer by 2017.  Are these indications that business leaders of all shapes & sizes recognize that all things connect digitally?

A CDO provides vision and strategy for all data management activities and is responsible for digital quality control and managing digital vendor relationships across an organization. Metrics of this operation are reported on and provided to CEO/CFO/CIO to summarize clearly the health and benefit of digital systems that businesses depend on. CDO provides owners with the Big Picture.

The CDO is able to maximize quality of data and digital systems through continual root cause assessment as day to day issues arise. While employees encounter system crashes, errors and nuances directly; a CDO is able to identify patterns and commonalities across isolated incidents. This enables high level decisions and changes that PREVENT OR AVOID system and/or end-user errors that would have resulted in productivity loss and potentially bad data.

Standardization. The only way to manage the fast paced evolution of technology is though standardization of systems and policies in real-time. Staying in tune with a company’s vision, constraints, and culture is critical to leveraging technology as a tool rather than a hindrance. Lest we become buried in the bureaucracy of our digital systems.

Navigate and succeed in mastering unstructured data. Social media, email, transactional records, images, video, and media are very real aspects of any businesses digital day. But they don’t necessarily compute on a one-to-one basis very well. Understanding how to implement, manage, store, and report on very different technology models is crucial to a successful CDO and ultimately a company’s digital health.

Master of all things Digital. A CDO begins to shine as the technology they manage begins to benefit people in quantifiable ways. Decision makers who have quick access to accurate information, and weary employees who begin to experience mundane, time consuming tasks becoming automated become a CDO’s greatest advocators.

Windows Phone 8.1 review and initial reaction

2 years ago many of you know I drank the Microsoft Kool-Aid and went to all Microsoft driven technology tools.  Windows 8 Desktop, Laptop, Surface RT Tablet, and Windows Phone.  I started using Skydrive (now OneDrive) to sync my personal data and Office 365 with Skydrive Pro for my business data.  The immediate benefits included a common interface amongst the devices.  Once you figure out how to do something on your laptop, chances are you can find it on your phone.  I loved the picture syncing, and abandoned carrying a digital camera around.  One disappointment was the camera on the Surface – it’s terrible.  But my HTC Windows phone has taken some great pictures – especially outdoors.

A little history of the ‘mobile-me’.  I had been a die-hard Blackberry user for years, from the green screen calculator through the failed attempts at combining sleek design with a full or partial keyboard.  I would regularly type up the equivalent of a 1-2 page draft or fully thought out email.  At one point, in search of better multi-media and apps I switched to Android for a year.  I never fully recovered from not having a full keyboard, though I did become fairly proficient with swipe.  After a fatal screen-shattering drop, I went back to Blackberry – electing the Torch touchscreen with a vertical slide out keyboard.  This device brought me through to electing the Windows phone, about the time that Windows 8 released.

So 8.1, my point of writing.  To get the pre-release, I had to join the developer club and void all warranty from T-Mobile.  My phone was 6 updates behind, so I spent an afternoon accepting updates and letting them run.  It went smoothly but was time consuming.  The finishing touches are great – in my mind polishing out most (if not all) of my laments for other platforms.

Camera:  Just as I went Windows, Blackberry released 10 with a great bursting feature on its camera.  Windows phone 8.1 now has burst mode!  As I mentioned, my phone is my on hand camera and this is great for getting just the right look – especially with kids, pets, and events.

Keyboard:  Still missing my full keyboard, Microsoft now has swipe.  A close runner up!  Maybe my responses will start to be more than “Got it – thanks”  (or maybe people appreciated short and to the point).

Background:  The solid-color theme choices were a little stale and limiting.  My background is now an amazing sunset picture that I took (with my phone) and the first impression of grabbing my phone is ultra-modern.  Love-it.

Cortana:  The idea of telling my phone what I want and getting an appropriate and accurate answer is still a little distant.  Like anything automatic, accuracy less than 99% and the manual approach is more effective.  Still the idea of giving Siri some competition is sexy and fun, and they’re bound to get this technology dialed in someday.  So far I have not heard her voice, though the articles claim she has one.  She has called the correct people for me, and run a couple of web searches.  I’ll give her more testing over the next week, but at the first mis-dial she’ll get demoted to the mailroom.

Settings from the homescreen.  Very Android-like but needed.  They pull down from top of screen with quick access to Wifi, Bluetooth, Airplane mode (??), and Rotation Lock.  ‘All-Settings’ are one more click out.

Those are the big ticket items that come to mind.  The upgrade went well and all my Apps continue to work, which was my biggest concern of going ‘Beta’.  Now if the last of my ‘short-sighted’ providers would release Windows apps, all would be perfect in Windows land (Hello SONOS!!!!)

 

7 Risks of Dropbox to Your Corporate Data

This insight is brought to you by KDS Systems and Anchor Cloud File Sync

Introduction

We live in a world where information equals power. With the influx of online file-sharing solutions, distributing information has become easier than ever. As a result, it’s now easier for information to fall into the wrong hands intentionally or unintentionally.
-Enterprise file sync-and-share, Terri McClure, Kristine Kao, TechTarget
Bring-your-own-device (BYOD) policies and an increasingly mobile workforce are putting new pressures on IT and changing the requirements for how workers want (and need) to access corporate data.
With over 200 million users, Dropbox has become the predominant leader for mobile file access. Unfortunately, what works for family pictures does not work with corporate files. In most cases, Dropbox quick to install, easy-to-use, consumer services present unacceptable security, legal and business risk in a business environment.
Here are 7 Risks of Dropbox to Your Corporate Data.

01 – Data theft

Most of the problems with Dropbox emanate from a lack of oversight. Business owners are not privy to when an instance of Dropbox is installed, and are unable to control which employee devices can or cannot sync with a corporate PC. Use of Dropbox can open the door to company data being synced (without approval) across personal devices. These personal devices, which accompany employees on public transit, at coffee shops, and with friends, exponentially increase the chance of data being stolen or shared with the wrong parties.

02 – Data loss

Lacking visibility over the movement of files or file versions across end-points, Dropbox can improperly backup (or not backup at all) files that were modified on an employee’s device. If an end-point is compromised or lost, this lack of visibility can result in the inability to restore the most current version of a file or any version for that matter.

03 – Corrupted data

In a study by CERN, the European Organization of Nuclear Research, silent data corruption was observed in 1 out of every 1500 files. While many businesses trust their cloud solution providers to make sure that stored data maintains its integrity year after year, most consumer file sync services, including Dropbox, do not implement data integrity assurance systems to ensure that any bit-rot or corrupted data is replaced with a redundant copy of the original.

04 – Law suits

Dropbox gives carte blanche power to employees over the ability to permanently delete and share files. This can result in the permanent loss of critical business documents as well as the sharing of confidential information that can break privacy agreements in place with clients and third-parties.

Many compliance policies require that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict control over how long files are kept and who can access them. Since Dropbox has loose (or non-existent) file retention and file access controls, businesses that use Dropbox are risking a compliance violation.

05 – Compliance violations

Many compliance policies require that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict control over how long files are kept and who can access them. Since Dropbox has loose (or non-existent) file retention and file access controls, businesses that use Dropbox are risking a compliance violation.

06 – Loss of accountability

Without detailed reports and alerts over system-level activity, Dropbox can result in a loss of accountability over changes to user accounts, organizations, passwords, and other entities. If a malicious admin gains access to the system, hundreds of hours of configuration time can be undone if no alerting system is in place to notify other admins of these changes.

07 – Loss of file access

Dropbox does not track which users and machines touched a file and at which times. This can be a big problems if you’re trying to determine the events leading up to a file’s creation, modification, or deletion.

If you would like to LEARN MORE about file storage and mobile device syncing in a secure, compliant, and safe manner CONTACT KDS SYSTEMS for insight and pricing.

How to choose a mobile smartphone platform for your business

I’m pretty neutral on this, our smartphones have become such a critical part of our daily lives that they have to work for our individual needs. Like a favorite pair of jeans, each is unique and we create odd connections to them. Amongst the devices themselves there is much conjecture, and it’s really just a matter of personal preference. From a company standpoint, it makes sense to standardize and use a common platform. Like anything else it will work better for some than others and we just need to decide what will work best overall. As such, I wouldn’t set expectations of any device being more reliable than another as there isn’t data supporting that.

Having mobility apps that are compatible with the corporate mobile platform is key. What is the factory software that you’ve been looking at? We can research the apps and development roadmap. Properly selected and implemented core infrastructure will support all mobile platforms equally. ActiveSync works with iPhone, Android, and Windows for email, calendar & contacts. Windows has released a free Remote Desktop App that will connect to IVDesk for the full Windows desktop. Surprisingly, Microsoft has not released that App for their own Windows mobile platform, citing that the need and usability of a Windows desktop on a phone is not that great. There are 3rd party Remote Desktop apps for Windows mobile, and Microsoft does publish an App for RT – the Surface Tablet operating system that works very well with IVDesk’s remote gateway.

For the ‘enabled road warrior’ mentality, I’ve seen good results from the Galaxy Note 3. It’s huge, 5.7” and comes with a stylus. It has a steel frame construction with a leatherish back. http://www.techradar.com/us/reviews/phones/mobile-phones/samsung-galaxy-note-3-1178226/review