tag:blogger.com,1999:blog-21727813364956105452024-03-12T18:19:42.156-07:00Patrick's BlogMostly things mobility and security. Lots on System Center Mobile Device Manager (aka 'Yona').Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.comBlogger56125tag:blogger.com,1999:blog-2172781336495610545.post-75321653043109520042010-02-13T03:54:00.001-08:002010-02-13T03:55:35.111-08:00With apologies...I kinda dropped off the face of the earth for a while there but will be back blogging again soon.<br /><br />Family had to come first.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com2tag:blogger.com,1999:blog-2172781336495610545.post-25550441733584298652009-04-20T08:19:00.000-07:002009-04-20T08:21:18.329-07:00Webcast on SCMDMLink here: <a href="http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032410692&EventCategory=4&culture=en-US&CountryCode=US">http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032410692&EventCategory=4&culture=en-US&CountryCode=US</a><br /><br />This is actually on of the sessions I had lined up (and approved) for doing at Tech Ed in LA next month, but times being what they are the $'s to cover travel etc didn't happen. Still, this stuff is and remains too good to keep to myself, so come one come all! :-)Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-8134753259938297402009-03-20T04:02:00.000-07:002009-03-20T04:12:56.056-07:00UK survey on mobile phones being vulnerable to Identity Theft.Interesting survey by Credant (<a href="http://www.credant.com/">http://www.credant.com</a>) just published byAuntie Beeb about the kind of data Brits are storing on phone and the risks of identity theft. The risk-taking is jaw-droppingly bad.<br /><br /><a href="http://www.credant.com/phone-data-makes-4.2-million-brits-vulnerable-to-id-theft.html">http://www.credant.com/phone-data-makes-4.2-million-brits-vulnerable-to-id-theft.html</a><br /><br />Apart from observing that it's a disaster waiting to happen, what jumped out at me was this "99% of people use their phones for some sort of business use – even though 26% have been <strong><u>instructed</u></strong> by their employer not to do so ".<br /><br />Instructed? So who's going to pay any attention to that? Given convenience and expedience over obeying 'instructions' it's pretty obvious what users are going to do.<br /><br />Why make it easy for them? Why knowingly introduce risk into the enterprise, let alone have so many people running around begging to have their identities stolen? Dumb.<br /><br />Correctly configured and implemented, this risk is pretty much eliminated by WM & SCMDM. Microsoft really thought this through well and made it easy for administrators to implement common sense protection measures (well, common sense to Redmond and me and a bunch of others), and also comply with a whole gamut of regulations such as HIPPA, SOX, GLB to name but 3 US ones and with a high degree of confidence that much the same applies to UK legislation.<br /><br />A train wreck waiting to happen.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-83780271638165643362009-03-18T17:17:00.000-07:002009-03-18T17:23:13.032-07:00When my iPhone grows up...it still won't get close to my WM device!<br /><br />Don't know the original source of the following, but it's very good and completely true!<br /><br />FWIW, on my WM 6.1 device I have ActiveSync running constantly in the background therefore mail, contacts, calendar and tasks are always in synch, IE is always open, OneNote Mobile (love it!) MyPhone beta and Live Mesh for Mobile. And my battery lasts all day.<br /><br />OK, so if I fire up gps or use BT for prolonged periods I'll need to plan on a charge top-up at some point, but all in all it really does work as advertised!<br /><br />Enjoy!<br /><br /><br />WinMo: Hey, iPhone. How's it goin'?<br />iPhone: Hey, WinMo. Be right with you. Have to finish with this iFart app.... ...Sorry 'bout that. I'm a one-track phone, ya know.<br /><br />WinMo: So I hear. Isn't that going to change when you get your 3.0 upgrade?<br />iPhone: I was afraid you'd bring that - oops. Hang on. Got a text message. Hit my home button, will ya? ... ...<br />Sorry 'bout that. What were you saying? Oh, yeah. What's that called, what you were talking about? Multifrisking?<br />WinMo: Multitasking.<br />iPhone: Never heard of it. I'm getting background notifications. Is that the same thing?<br />WinMo: Not hardly. Oh, well. Never mind.<br /><br />iPhone: Oh, c'mon, WinMo. Can I give it a shot? Huh? Can I? Can I?<br />WinMo: I dunno. It's pretty tough stuff. Not sure that you're up to it. Never mind that those Apple people say it robs me of my power 80 percent faster. I can handle it. You, on the other hand ...<br />iPhone: C'mon, WinMo! Puleeeeeeeeeze?<br />WinMo: Fine. But don't say I didn't warn you. Hope you've been working out.<br /><br />iPhone: OK, I got special permission from my mommy to try this. Here I go. iFart: Open. Crossword puzzle: Open. E-mail: open. Safari: Open. ...<br />Wait. I'm starting to feel a little dizzy. Something's not right. Can't ... keep ... screen ... on. Wuzzhappenintome?<br /><br />WinMo: Oh, no, iPhone! Your battery can't handle the big-boy workload! Quick! Better swap it out!<br />iPhone: Can't. Still ... Only ... Have ... Baby ... Built-in.<br /><br />WinMo: Uh oh. Here, use my USB-cable (with its handy micro/mini-USB connector).<br />iPhone: Can't. Only ... Use ... Proprietary ... 30-pin. Good-bye ... Win ... Mo ...<br /><br /><br />Moral of the story: Some phones are meant for getting things done. Others are meant to be shiny. Maybe next time you'll get your multitasking, little iPhone.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-21285852462844979562009-03-12T04:28:00.000-07:002009-03-12T04:33:54.099-07:00WM Device Lockdown WebcastMy colleague, Dave Field, is doing a webcast for MS on April 9th on how to leverage the extensive capabilities of device lockdown to manage the applications running on your WM device.<br /><br />This is an area where MS have invested considerable effort into giving the administrator and device owner a very high degree of granularity over which applications will actually execute on your device. As part of a 'defense in depth' strategy, having the capability to define which applications may run goes a long way towards addressing issues over malware and viruses that have been so prevelent in the PC world.<br /><br />I already know this is going to be a really good session, extremely informative, and well-presented. Dave really knows what he's talking about, and can articulate it in a fashion that can be understood by mere mortals (like me!).<br /><br /><a href="http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407365&EventCategory=4&culture=en-US&CountryCode=US">http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407365&EventCategory=4&culture=en-US&CountryCode=US</a>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-20782158275514821192009-03-03T12:35:00.000-08:002009-03-03T12:39:31.870-08:00Design genius!Kudos to those nice people at HTC for their amazing creativity with the HTC Touch Pro (avail through AT&T as the "Fuze").<br /><br />Color me impressed!<br /><br />Check out the back of the phone. This is seriously cool. Couldn't cut and paste (otherwise I would have done, d'uh!), but if you go here <a href="http://www.htc.com/www/product/touchpro/gallery.html">http://www.htc.com/www/product/touchpro/gallery.html</a> and look at the 3rd pic down on the right which shows the back of the device, and you'll see how they've incorporated stealth technology.<br /><br />Stealth technology in a phone? Wow!<br /><br />Tell me that isn't cool?<br /><br />The net result is that when you get really ticked at the phone and throw it across the room it will be <em>completely undetectable by radar!</em> Now that is seriously innovative thinking!Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-14531584363450255152009-02-18T11:43:00.001-08:002009-02-18T11:45:33.835-08:00My all time favorite Dilbert<div>Can't see someone trying (and failing) to surreptitiously check their email without this Dilbert coming to mind!</div><br /><div></div><br /><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6Dv9cpTnVypyr5jsBPxYi_ubx7bPH-n5YcO21ve57lyU6agOnTr1bIkaADZtDIDdnSqUejswZ9uKOysuxfT8sLZLSpVtUQ9ZLupqukYRQGn1Hy1CHcNudEVl74xvJlKiT4mXIPTaikd35/s1600-h/dilbertblackberry.gif"><img id="BLOGGER_PHOTO_ID_5304225685255837490" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 400px; CURSOR: hand; HEIGHT: 144px" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6Dv9cpTnVypyr5jsBPxYi_ubx7bPH-n5YcO21ve57lyU6agOnTr1bIkaADZtDIDdnSqUejswZ9uKOysuxfT8sLZLSpVtUQ9ZLupqukYRQGn1Hy1CHcNudEVl74xvJlKiT4mXIPTaikd35/s400/dilbertblackberry.gif" border="0" /></a></div>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-22263403741426889832009-02-17T14:20:00.001-08:002009-02-17T14:24:15.046-08:00Mcfee report on Mobile SecurityGood reading. It's nice to know that I'm not alone in having concerns as to what's happening - or rather isn't happening - in the enterprise.<br /><br />Manufacturers get it. Carriers are clearly feeling the pain. Microsoft get it. How long before everyone else wakes up and smells the coffee? Or it is going to require something nasty to happen in order for folks to get the message that there are major risks to implementing this technology without first conducting appropriate due diligence.<br /><br /><a href="http://www.mcafee.com/us/local_content/reports/mobile_security_report_2009.pdf">http://www.mcafee.com/us/local_content/reports/mobile_security_report_2009.pdf</a><br /><br />more related links:<br /><a href="http://www.securecomputing.net.au/News/137422,mobile-manufacturers-express-security-fears.aspx">http://www.securecomputing.net.au/News/137422,mobile-manufacturers-express-security-fears.aspx</a><br /><a href="http://www.computerweekly.com/Articles/2009/02/16/234838/security-a-top-concern-for-mobile-manufacturers-survey.htm">http://www.computerweekly.com/Articles/2009/02/16/234838/security-a-top-concern-for-mobile-manufacturers-survey.htm</a><br /><a href="http://www.mcafee.com/us/local_content/reports/mobile_security_report_2009.pdf">http://www.mcafee.com/us/local_content/reports/mobile_security_report_2009.pdf</a><br />Internet Storm Center Comment: <a href="http://isc.sans.org/diary.html?storyid=5875">http://isc.sans.org/diary.html?storyid=5875</a>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-75492777193359109462009-02-17T13:07:00.000-08:002009-02-17T13:12:31.234-08:00Make this make sense to me, pleaseTaking it as a given that the only way to effectively use an iPhone - especially if one has any view towards security - is to Jail Break it, why on earth are Apple arranging for anyone who does this to wind up getting first-hand experience of prison showers?<br /><br /><a href="http://blog.wired.com/27bstroke6/2009/02/apple-says-ipho.html">http://blog.wired.com/27bstroke6/2009/02/apple-says-ipho.html</a><br /><br />As a propet of doom and gloom, I'd venture that it's silliness like this which brings closer to reality that my prediction about just how ugly things are going to get once a lost iPhone containing critical data hits the news wires. There's some really bad press a comin'. Just watch.<br /><br />Loved the comment by the guy who says he's already doing everything on his WM phone that the iPhone does, only immediately find myself asking questions such as "Really? What kind of apps? Running on what device?".<br /><br />Hmmm.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-90208449479549712902009-02-02T19:57:00.000-08:002009-02-02T19:59:23.880-08:00Excellent paper on WM Application SecurityMy brilliant and talented colleague Dave Field has written a comprehensive technical paper “Windows Mobile Application Security Configuration for Enterprise Deployments.” It recommends how enterprises can take advantage of the powerful security features of Windows Mobile to defend against malicious and unsupported application use. Taking a very pragmatic approach, Dave outlines how various features work and how to implement them. <br /> The paper is available for download on the Enterprise Mobile website, at <a href="http://www.enterprisemobile.com/resources/white-papers.htm">http://www.enterprisemobile.com/resources/white-papers.htm</a>.<br /><br />Highly recommended reading. Dave's taken complex material and presented it in a highly readable and understandable fashion.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-58227637574011128312009-01-13T05:25:00.001-08:002009-01-13T05:25:46.618-08:00Obama's new PDAInteresting. All WM devices.<br /><br /><a href="http://news.cnet.com/8301-13578_3-10141398-38.html?part=rss&subj=news&tag=2547-1_3-0-20">http://news.cnet.com/8301-13578_3-10141398-38.html?part=rss&subj=news&tag=2547-1_3-0-20</a><br /><br />Now, why am I not surprised?Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-35955329006036919782008-11-25T10:21:00.000-08:002008-11-25T10:33:40.423-08:00iPhone best for businessWTF???<br /><br />As reported on cnbc.com, JD Powers have awarded the iPhone the prize as the best for business. Link here: <a href="http://www.cnbc.com/id/27575986">http://www.cnbc.com/id/27575986</a><br /><br />Read it once, then read it a 2nd time and look for the word "security". Don't see it? Me neither. Amazing!<br /><br /><br />It's merely question of time before the bad news hits the press about someone losing an iPhone that had critical personally identifiable information on it, with no way of wiping it, recovering the data or doing anything but waiting for bohica to hit. IMNSHO, that's when it's really going to hit the fan.<br /><br /><br />and thanks to my colleague, Chris de Herrera for passing these 2 links through to me on why the iPhone isn't going to be 'business ready' any time soon:<br /><br />Why iPhone 2.0 won't yet rule the roost in the enterprise The 13 key omissions Apple must fix before it can really compete with BlackBerry and Treo - <a href="http://www.infoworld.com/article/08/07/24/30TC-iphone-enterprise-flaws_1.html?source=fssr">http://www.infoworld.com/article/08/07/24/30TC-iphone-enterprise-flaws_1.html?source=fssr</a><br /><br />Reports are that these items are still not fixed.<br /><br />iPhone 2.2 update doesn't fix key business flaws - <a href="http://www.macworld.com/article/137070/2008/11/iphone_business.html?lsrc=rss_main">http://www.macworld.com/article/137070/2008/11/iphone_business.html?lsrc=rss_main</a>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-42735026037105608722008-11-20T04:34:00.000-08:002008-11-20T04:56:38.432-08:00Another resounding SPLAT!Interesting article in this week's Business Week entitled "The Only True SmartPhones" by Stephen H. Wildstrom.<br /><br />Link here: <a href="http://www.businessweek.com/magazine/content/08_47/b4109000821845.htm?chan=technology_tech+maven+page+-+new_this+week%27s+column">http://www.businessweek.com/magazine/content/08_47/b4109000821845.htm?chan=technology_tech+maven+page+-+new_this+week%27s+column</a><br /><br />Coming from his perspective - that of user and consumer - I'd agree with him. He makes a number of points, which when viewed solely from the user perspective do indeed possess a high degree of validity and merit.<br /><br />I just did a quick search on his article looking for the word "business". Didn't find it. Hmm. Isn't this Business Week?<br /><br />Tried the same thing with "Enterprise". Nope. Struck out.<br /><br />Because of this he has entirely missed the point of WM (+SCMDM). It's an enterprise product aimed at the business user, period. Everything he points out as being detrimental to the user experience is addressed by a properly managed device (for example, you only want your users to have Opera? Great! You control whether it's there or not - not the OEM's and not the Carriers).<br /><br />The only way for a SmartPhone to be accepted as a business-class device and as the wonderful business tool that it is, is for it to be treated as such. This means having the capability to manage it exactly as you would a laptop or desktop - exactly as MS have done through SCMDM.<br /><br />It also means that a SmartPhone must be trusted to the same degree as a laptop or desktop. Without having the mechanism for secure access to mission critical resources beyond just email, a SmartPhone is merely another useful gadget. Given trusted access to, say, a CRM or Sales-Force Automation-type application, however, and it suddenly becomes an immensely powerful tool which also permits the enterprise to save significant $'s - which, given the current climate, is of paramount importance.<br /><br />As for the huge weaknesses in both the iPhone and Blackberry, well, again this is completely overlooked because of being viewed from the wrong perspective.<br /><br />iPhone's are beautiful consumer devices. No security (to speak of) therefore unusable in the enterprise. I'd go as far as saying that any mention of the iPhone is simply inappropriate and mis-placed in a business-targeted article such as this. It's not a business tool and any attempt at making it so is going to be as successful as every other attempt to put a round nail in a square hole. On the other hand, SCMDM was built with security baked in therefore there's no need to to try add it on later.<br /><br />And as for BlackBerry, Business Continuity is one of the key drivers for the enterprise and in addition to failing to scale to the enterprise, introduces 2 horrible single points of failure, the 1st being the NOC itself, which has a tendency to go down every time MS makes another announcement on Mobility, plus the Blackberry Enterprise Server (BES) themselves which have no failover or redundancy capability. SCMDM has neither of these weaknesses meaning that it is now viable to consider the SmartPhone an enterprise-class device.<br /><br />I hope that as the paradigm continues to shift - as it must, given that the domestic (US) market is effectively saturated with little room for differentiation between the various consumer products - that authors such as Mr Wildstrom come to recognize that mobile phone can only truly become enterprise-class devices when they are treated as such. This is exactly what Microsoft have done with Windows Mobile 6.1 and SCMDM.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-60783071991141913272008-11-16T18:03:00.000-08:002008-11-16T18:12:14.119-08:00New words entering the English languageBought a phone recently?<br /><br />There's a lot of stuff on it that you don't want, isn't there? Especially the stuff that the carriers want you to click on and maybe sign up for (can we say "Cha Ching"?).<br /><br />True, there's some useful stuff (like AT&T's GPS service. If you want to throw away $9.99 a month then knock yourself out, but it's easily hacked - hint do a search on BlackJack II Hacks. You'll find it) but it's all aimed at the consumer and is an inconvenience to the enterprise. Or ringtones - everyone should spend $3-$5 on a happy little tune instead of uploading the .mp3 of your choice. Yes, I'm being sarcastic.<br /><br />Hence the creation of two new words. Credit goes entirely to Scott Bedrick of Pfizer.<br /><br />(Noun): Crapware. Everything that's put out there purely for generating revenue for the carriers.<br />(Verb): Decrappify. The process (ideally automated) of removing all the crapware that really shouldn't be there in the first place.<br /><br />We're living in interesting times, folks. Either they're enterprise devices or they're not - and I emphatically come down on the side that says they are.<br /><br />It would be no more acceptable to get laptops sourced with a whole bunch of crapware on them (OK, so the manufacturers do this with the consumer market, but they know better than to try that with enterprises).<br /><br />The paradigm is shifting. This is a very cool place to be!Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-60007717478335679072008-11-05T18:09:00.000-08:002008-11-05T18:10:21.439-08:00Quantum Cryptography is here!Very, very, very cool!<br /><br /><a href="http://news.bbc.co.uk/2/hi/science/nature/7661311.stm">http://news.bbc.co.uk/2/hi/science/nature/7661311.stm</a>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-53165748082154833052008-11-05T06:51:00.000-08:002008-11-05T06:54:24.823-08:00Free Exchange2007 BookThanks to Michael Francis from simple-talk.com for letting me know about the free Exchange book they're giving away, Sybex’s Best of Exchange Server 2007. Link here: <a href="http://www.simple-talk.com/exchange/">http://www.simple-talk.com/exchange/</a><br /><br />Did I mention 'free'? <g>. OK, there's no free lunch. You sub to their monthly newsletter in return for getting the book, but from what I've seen the articles are well worth reading, so it's win-win.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-54978339679799117912008-11-04T15:43:00.000-08:002008-11-04T15:46:14.801-08:00Webcast w/AT&TI'll be doing a Microsoft Webcast on Nov 18th with AT&T. This ties into their SCMDM service offering that was announced back in August.<br /><br />· Title: Microsoft Webcast: How to Take Advantage of Windows Mobile to Enhance Productivity in Your Organization (Level 100)<br />· Presenter: Patrick Salmon<br />· Webcast Length: 60 minutes<br />· Date/Time: 11/18/2008 1:00:00 PM PACIFIC<br /><br />Attendee Registration URL:<br /><a href="http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032393171&Culture=en-US">http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032393171&Culture=en-US</a>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-54578727154543059502008-10-24T15:32:00.000-07:002008-10-24T15:40:21.426-07:00Sorry, Bob. Not this timeRobert X. Cringely, whose articles I've read for years and have thoroughly enjoyed his perspective, just put this article out basically stating the Windows Mobile is dead.<br /><br />Link here: <a href="http://www.pbs.org/cringely/pulpit/2008/pulpit_20081023_005500.html">http://www.pbs.org/cringely/pulpit/2008/pulpit_20081023_005500.html</a><br /><br />His premise is that in a market which will become more and more competitive (d'uh!), there won't be room for WM. It'll simply be squeezed into non-existance.<br /><br />Based on the reasoning in his article I'm inclined to agree with him.<br /><br />Where he's missed the point is that WM is so much more than that. WM vs iPhone vs RIM vs Android is a stretch as an apples-to-apples comparison.<br /><br />RIM won't scale without killing you.<br />iPhone is a wonderful product that is not designed for the enterprise. Period<br />Android? Remains to be seen.<br /><br />Each has worth and considerable standing in its own right. None of the above has a genuine enterprise-oriented focus.<br /><br />WM + Yona is a truly tremendous combination and he speaks not one word to the real needs of the enterprise-focused technology which addresses real business needs.<br /><br />Nice try, Bob. Thanks for playing.<br /><br />One of us is wildly wrong, and I don't think it's me.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com1tag:blogger.com,1999:blog-2172781336495610545.post-46213245481947372912008-10-17T14:58:00.000-07:002008-10-17T14:59:41.888-07:00iPhone and SecurityInteresting article: <a href="http://blogs.securiteam.com/index.php/archives/1148">http://blogs.securiteam.com/index.php/archives/1148</a><br /><br />Also worth noting on that site is the list of 'sploits and issues on the right hand side of the screen. Runs the gamut of pretty much everything. Good resource and worth book-marking.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-8236950324966753642008-10-16T13:20:00.001-07:002008-10-16T13:20:19.328-07:00Windows 7 AnnouncementsLove it!<br /><br /><a href="http://gadgets.boingboing.net/2008/10/14/microsoft-announces-1.html">http://gadgets.boingboing.net/2008/10/14/microsoft-announces-1.html</a>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-3377439869485690282008-10-07T12:00:00.001-07:002008-10-07T12:01:51.258-07:00Hotel wirelessApart from the $10-$15+ fee per day that many hotels hit you with, here's another reason why tethering your WM phone (or using an AirCard) is a much more cost-effective and secure means of conducting business when on the road.<br /><br /><em>A study from the Cornell University School of Hotel Administration found that most hotels do not take adequate security precautions on the Internet connections they provide for their customers. The study compiles data from 147 written survey responses and from visits to 46 hotels. Twenty percent of the hotel networks use simple hub topologies, making them unsecured networks. Most of the other hotel networks channel guest traffic through switches or routers, which are more secure than hubs, but still make users susceptible to man-in-the-middle attacks. The researchers recommend that the hotels set up Virtual Local Area Networks (VLANs) to best protect guests from Internet threats.<br /></em><a href="http://www.gcn.com/online/vol1_no1/47290-1.html?topic=security"><em>http://www.gcn.com/online/vol1_no1/47290-1.html?topic=security</em></a><br /><a href="http://www.hotelschool.cornell.edu/research/chr/pubs/reports/abstract-14928.html"><em>http://www.hotelschool.cornell.edu/research/chr/pubs/reports/abstract-14928.html</em></a>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-66059479364919334232008-10-06T18:33:00.000-07:002008-10-06T18:43:38.770-07:00Gartner Symposium ITExpo 2008Link here: <a href="http://www.gartner.com/it/sym/2008/sym18/sym18.jsp">http://www.gartner.com/it/sym/2008/sym18/sym18.jsp</a><br /><br />I'm doing a session on Weds (13th) on WM/SCMDM Adoption. Have built considerably on the vs. RIM Migration session webcast that I did back in March and have some seriously good comparitive numbers to share - this is the content that MS Legal wouldn't let me share publicly before because it required data from 3rd parties that they couldn't (easily) get permission to use.<br /><br />Got a boatload of cool info from Palm to work with on WM and the stuff they're doing, too.<br /><br />Oh and I'm looking for someone to come out play golf with me Thurs at Falcon's Fire (and no, neither I nor EM are picking up your tab).Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-81044569020034114392008-09-26T08:48:00.001-07:002008-09-26T08:50:00.715-07:00Great pricing on RedflyAnnounced today, Celiocorp (<a href="http://www.celiocorp.com/">http://www.celiocorp.com</a>) are releasing a limited quantity of Redflys at $199 ea through Oct 31st. Great deal.<br /><br />I lurv my Redfly. It's incredibly useable.<br /><br />Available here: <a href="https://store.enterprisemobile.com/">https://store.enterprisemobile.com/</a>Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-8578849108976560902008-09-26T06:49:00.001-07:002008-09-26T07:31:05.048-07:00what the good guys (and the bad ones) are doing to get at the data on your phoneJohn mentioned CSI Sticks in the Network World article. Worth reading more on to educate yourself a bit about what they do:<br /><br /><a href="http://news.cnet.com/8301-1009_3-10028589-83.html">http://news.cnet.com/8301-1009_3-10028589-83.html</a><br /><br />Available here: <a href="http://www.csistick.com/">http://www.csistick.com/</a>. Note the list of devices isn't that large.<br /><br />Even better (or worse, depending on your viewpoint) is this: <a href="http://www.cellebrite.com/">http://www.cellebrite.com/</a>.<br /><br />So, the onus is more and more on the people implementing and supporting mobile phones in the enterprise to educate your users.<br /><br />The greatest risk is, imo, human. Social engineering is a long-standing practice which gets used a lot for the simple reason that it works.<br />If I'm sitting next to you in the airport and ask to borrow your cellphone to let my wife know that my flight is delayed, the probability is really high that you'd agree. Where's the harm, eh?<br /><br />If, however, you're not educated to the risks and make the simple mistake of not treating a corporate resource appropriately - exactly as you would, or rather should do with a laptop - you're opening the door to the bad guys.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com0tag:blogger.com,1999:blog-2172781336495610545.post-40532173775584316452008-09-26T06:42:00.000-07:002008-09-26T06:48:52.462-07:004 Steps to take control of your mobile deviceHot off the press from Network World (hard copy comes out next week). Mighty quick, as John only interviewed me on Monday for contributing to this piece. He's done a good job of getting the salient points out:<br /><br /><a href="http://www.networkworld.com/news/2008/092508-mobile-security.html">http://www.networkworld.com/news/2008/092508-mobile-security.html</a><br />4 steps to take control of your mobile devices<br />Managing every iPhone, Android device and connection is key, wireless experts say<br />By <a href="http://www.networkworld.com/Home/jcox.html">John Cox</a> , Network World , 09/25/2008<br /><br />If you've ever let a stranger borrow your corporate <a href="http://www.networkworld.com/topics/pdas.html">smartphone</a>, you may have just given him a gift of your company's data.<br />The reason: he might have palmed a small USB device called the <a href="http://www.csistick.com/details.html,">CSI Stick</a>, and surreptitiously plugged it into your phone. The device can drain every bit of data from a cell phone in seconds, says Patrick Salmon, a mobility architect for Enterprise Mobile, a technology services company that specializes in <a href="http://www.networkworld.com/topics/windows.html">Windows</a> Mobile deployments.<br />Increasingly, companies want to give mobile or field-based employees direct, instant access to critical corporate applications previously accessible only from a desktop. To do so, existing security, authentication and management infrastructures have to be extended and adapted so that mobile devices, along with their data and <a href="http://www.networkworld.com/topics/wireless.html">wireless connectivity</a> (cellular or Wi-Fi), are managed as surely and fully as desktop PCs.<br />(Compare <a href="http://www.networkworld.com/buyersguides/guide.php?cat=876555">client management products</a>.)<br />But that's not the case in many mobile deployments today, according to consultants who, like Salmon, specialize in working with enterprise customers. "What we see is an ill-defined policy regarding devices," says Dan Croft, president and CEO of Mission Critical Wireless, a technology services company that specializes in mobile deployments.<br />Often personal handhelds are granted wireless access, something that would never be allowed with a personal computer, creating <a href="http://www.networkworld.com/topics/security.html">security</a> vulnerabilities, manageability challenges and tech support burdens, Croft says. Companies don't plan beforehand about how to handle lost, stolen or broken devices, or the data on them. "IT needs to get control of wireless [mobility] within their company," he says.<br />Taking control falls into four broad areas, says Jack Gold, principle of J. Gold Associates, a mobile consulting company: securing and managing every device; managing every connection; protecting every piece of data; and educating every user.<br /><strong><u></u></strong><br /><strong><u>Securing and managing every device<br /></u></strong>Mobile devices, whether bought by the company or by the individuals, are accessing company networks and company data. Device security and management are closely intertwined, because you have to be able to monitor the devices in order to enforce policies.<br />In most cases, practitioners recommend standardizing on two or three mobile device models, minimizing the support, security and <a href="http://www.networkworld.com/topics/management.html">management</a> challenges. "Other smartphones [brought in by users] might not be capable of supporting your specific security and administration polices," Enterprise Mobile’s Salmon says.<br />Using mobile device passwords or PINs is advised. "If your enterprise doesn't enforce a password policy on those devices, you might as well stop with all your [other] security measures," Croft says. Salmon favors PINs, coupled with a limit on the number of access attempts. After that number, the next attempt triggers an automatic lock or wipe of the handheld.<br />Enforcing effective passwords is one of the essentials at Florida Hospital, in Orlando, where wireless notebooks are widely used by staff and nurses, along with BlackBerry devices for e-mail. The hospital also is exploring what's involved in granting access to clinical systems from physicians’ smartphones.<br />The hospital enforces regularly changed passwords (a function of its enterprisewide identity management infrastructure), up-to-date antivirus software and some ability to remotely wipe data from mobile clients, says Todd Franz, associate CTO. "We see the need to protect the data on these mobile devices just as much as we do on a desktop PC," he says.<br />On selected notebooks, the hospital also uses the CompuTrace service from Absolute Software, a kind of "LoJack for laptops." A stolen computer can be traced and tracked down. Franz won't say how often hospital laptops have been stolen, but the hospital has successfully resolved 100% of the cases involving CompuTrace-protected laptops. According to some accounts, 10% to 15% of all <a href="http:///">mobile devices go missing</a>.<br />Consider using comprehensive device management applications such as <a href="http://www.networkworld.com/news/2008/070208-sybase.html">Sybase’s Afaria</a>, Credant's Mobile Guardian, Nokia's Intellisync, <a href="http://www.networkworld.com/news/2008/040308-ctia-microsoft.html">Microsoft's System Center Mobile Device Manager</a>, and others from the likes of Checkpoint and Trust Digital, to name just a few. These policy-driven suites blend monitoring and enforcement capabilities focus on mobile clients, and typically work with back-end authentication and other servers.<br />It's also important to have the ability to wipe, lock or kill any mobile device that’s stolen, lost or unaccounted for on a moment’s notice, including its SD card if it has one. A network manager should be able to issue a command that locks a device until the right password is used, wipes or deletes some or all of the corporate data on it, or shuts it down entirely, Croft says.<br /><br /><strong><u>Managing every connection<br /></u></strong>"These connections are a pretty significant exposure if they're not done right," Gold says. "Don't leave it up to the end users."<br />These practitioners favor enforcing <a href="http://www.networkworld.com/topics/firewalls.html">VPN connections</a> with IPSec for mobile deployments. "SSL, which uses TCP port 443, is the path of least resistance," Enterprise Mobile's Salmon says. "I consider this the weaker of the two options." That's chiefly because while the target server has a certificate and is trusted, the SSL client is not. IPSec requires that ports have to be specifically opened, but both ends of the connection have certificates, he says.<br />A related issue is allowing mobile devices to connect only if they pass muster. Is the <a href="http://www.networkworld.com/topics/spam.html">antivirus software</a> up-to-date? Is the VPN active? Is the Wi-Fi connection from a public hotspot?<br /><br /><strong><u>Protecting every piece of data<br /></u></strong>Selective data encryption should be an essential item in any mobile deployment.<br />With a managed mobile device, you can distribute and enforce encryption policies for specific data. "Document folders, your e-mail in-box, user data, contacts, certificates, and so on as the kinds of things that should be encrypted," consultant Gold says. Also consider encrypted or encryptable removable storage devices, such as high-capacity SD cards, he says.<br />"Unless you're in a 'James Bond environment,' most encryption levels will give you far more security than sending an unencrypted e-mail over the Internet, which happens all the time," Croft says.<br /><br /><strong><u>Educating every user<br /></u></strong>"Few companies educate end users on the proper procedures and policies to safeguard [mobile] corporate assets," Gold says. "Get the users on your side."<br />"The greatest vulnerability is human," Enterprise Mobile's Salmon says. "If a stranger asked to borrow your laptop for five minutes to check his stock portfolio, you'd say 'No!' because you've been educated about the risks. There's no way you're going to let a stranger use your laptop. The same thinking has to apply to your mobile phone."<br />To school its nurses in mobile technology, Florida Hospital relies on trainers who also have been, or are, nurses. "They speak the same language as the users," Associate CTO Franz says. "We try to keep IT people out of the way of this training, because they do not speak the same language."<br />Franz makes a key point about nurses and mobile technology that's relevant to all such deployments. "People don't go to nursing school to become a clerk-typist," he says. "They go because they want to help people. Technology can assist them in doing that."<br />Acceptable use policies should be short and to the point, otherwise they won't get read. Training should cover all the elements (explaining the device, applications and intended usage), says Alphons Evers, global solutions manager with the mobility practice of Getronics, a global IT services company.<br />Educating users means willing to be educated yourself. Franz says Florida Hospital discovered that one major problem facing nurses with wireless laptops was finding enough convenient surface space with electrical power so they could be recharged, and finding a lockable locker or drawer to store the laptops when not in use. That was one aspect of mobility that hadn’t been anticipated.Patrick Salmonhttp://www.blogger.com/profile/13041362096920526330noreply@blogger.com2