Apple vs FBI – the complete saga

Apple vs FBI
Last month the stage was set for a battle of the Titans starting on 16th March 2016 with an Order by a Federal judge in California to Apple to assist the FBI to bypass security on an iPhone owned by US San Bernardino gunman, Rizwan Farook.

Shortly after this request was received, CEO of Apple, Tim Cook published an open letter on their website explaining his concerns with the requests and calling it an ‘unprecedented step’.

The iPhone in question was a 5C with a pin lock, which enables encryption, set with limited login attempts before the phone would wipe itself. The FBI request was for Apple to update this phone with custom firmware to be created by Apple that would remove the limited login attempts. The FBI would then apply brute force login techniques to get through the pin lock.

Tim Cook stressed in his letter inviting comment from the public, that creating such software would involve rewriting their own encryption technology which would “weaken those protections and make our users less safe”.

Following the posting of the letter, numerous other technology companies came out to support Apple’s stance against the FBI request, including competitor Google’s CEO, Sundar Pichai stated “Forcing companies to enable hacking could compromise users’ privacy”.

March 21st 2016 was the date of Apple’s March event which saw the reveal of both smaller iPhones and iPad Pros. Apple kicked off the event however addressing the current conflict between them and the FBI and reinforced its stance of protecting user’s privacy and continuing to fight the FBI on this request.

Later in the day the FBI responded in a surprising way asking for an upcoming crunch hearing to be postponed with proceedings suspended at least until the following month. The FBI would then seek to use that time to test an alternate method for unlocking the iPhone that would not involve, as it had originally sought, Apple building a specially crafted version of the iOS firmware.

On March 29th 2016 the Department of Justice dropped its case against Apple, reasoning that pursuit of the case was no longer required as they had successfully, with the assistance of a third party, cracked and retrieved data out of the iPhone 5C.  They have since said that the technique used on the iPhone 5C would not work on new iPhone models.

Where it could all have been simpler

It is important to note that the terrorist’s iPhone was in fact a work phone, the terrorists personal phone having been destroyed. This entire legal back-and-forth could have been entirely avoided if the work device was enrolled in corporate Mobile Device Management at which point it could simply have been legally unlocked by the employee’s IT team.

With the FBI confirming the technique used this time would not work on the latest iPhones, we could see a similar saga arise if a newer, more secure iPhone needs to be opened up by the FBI in the future.

Microsoft adding MDM to Office 365

Microsoft has announced this week that Mobile Device Management (MDM) capabilities will be coming to all their Office 365 commercial plans – for no extra cost.

The new MDM features are focused around the Office apps for Android and iOS and will include setting security polices to allow only compliant devices to connect, Device Management to force pin lock requirements and jailbreak detection as well as selective wipe to remove just Office 365 data without remove a user personal information.    In addition to the above healthy package other extended features are also available if you subscribe to Microsoft Intune (part of the Microsoft Enterprise Mobility Suite). These extended features include restricting clipboard features such as copy and paste and saving documents to other applications.    Microsoft is boasting its new mobile management suite is the only one that can fully manage its mobile Office apps.

With Office mobile apps being a natural consideration for organisations currently using Office on laptops and desktops – this play from Microsoft to both add additional control to organisations to protect their data ‘on the go’ and to make the service so reliant on their own Office 365 subscription is a smart one.

Managed Service Providers get to add their value here too, as Office 365 accounts can be fully or partially managed by a provider, whilst also offering local and around-the-clock support on both technical issues and emergency tasks such as wiping a lost phone.

It will be interesting to see how this develops with the imminent release of Windows 10 on both phones and small tablets – and where Microsoft will draw the line, if at all, on mobile and non-mobile devices and what is supported.

Office-365-New

This Week’s Technology News – 10th November 2014

Microsoft-Logo

Microsoft’s wants government at the table for “arms race” privacy talks
Speaking at Harvard Law School, Brad Smith, Microsoft’s general counsel, described the increasing battle between technology companies and governments over data access and user privacy as unworkable, along with the need for integrated discussions from different government departments. “Ultimately there are only two ways to better protect peoples privacy: stronger technology or better laws,” he said.  Smith confirmed that a new consensus had to be sought to balance public safety and personal privacy – hence the spate of courtroom battles in Europe and the US to protect their position (as last reported in our blog on 8th August).

A reminder that Microsoft’s first sea change was in response to the 9/11 terrorist attacks in September 2001 when Microsoft and other internet companies and telecoms organisations agreed to voluntarily share data with US law agencies.   Microsoft adopted the principle that if it was legally obligated to do something it would comply, but otherwise it would not and that if its Government desired greater powers that had to be agreed by Congress.

The second game changer was the leaking of classified information about widespread surveillance and data collection by the US government, from disaffected NSA worker Edward Snowden. The impact of this was an immense loss of trust of technology companies by enterprise customers, with heightened concerns in Europe, Brazil and Japan.  Microsoft’s own survey found a 10-15% overall drop in trust from customers.

Besides strengthening encryption, Microsoft’s counter was to bolster its legal position around its enterprise client’s data:  “We said, if the US government came and served a subpoena on us, seeking the email or other records of an enterprise customer, we would resist that, we would go to court, we would argue to a federal judge that that subpoena ought to be served on the customer, not on us. Second, we said that if the data in question were stored exclusively outside the United States, we would go to court and challenge the extraterritorial reach,” Smith said.

Smith continued:  “One could understand a rule that would say, if you have an American citizen or resident, that is storing data in another place, one could imagine a public policy rationale that would enable the US government to serve a warrant. That stands in sharp contrast to the current position that the Department of Justice is taking in the lawsuit. They are basically saying, if the data center was built or is operated by an American company then they can reach anything inside. That really goes to the heart of sovereignty.”

US citizens might start to bristle if they thought about the long game.  For example, Chinese firm Alibaba is likely to go ahead and build a data centre in the US.  What then if the Chinese Government, Russian, Iranian or North Korean Government wanted to gain access to data stored in an offshore country?  How are those citizens’ rights protected, as it would no longer be by its own constitution and laws.

It is right for Microsoft to push this issue hard on the principle, as it goes right to the heart of the debate around safeguarding data, and on which our business rests.  But it is also about the policies and governance of that data along with compliance, to ensure end to end assurance and retain the trust of our business customers.

 

Microsoft changes direction with its Office strategy boosting BYOD in the process
For Microsoft, both Windows and Office have been the two big money makers for a long time. Despite the continued success of Microsoft Office, big changes are looming due to the rise of small, smart devices.

For many years, shareholders and consumers alike were demanding Office should also be available on devices like the iPad and Android tablets, as this is where the mobile market share was, in addition to Microsoft’s own tablets. This year Microsoft delivered the app, however users needed a paid Office 365 account to edit documents with no option the buy the app outright as with competitors’ alternatives.

Now Microsoft has changed their tune yet again, opening mobile Office for all.   Now users can download the free app and edit documents without either a one-time payment or a subscription charge. This marks a huge strategic change of direction for the Office team, once a premium, mobile consumers and workers alike can use best-of-class Office for free instead of look-a-likes.

In addition to a change in business direction for Microsoft, giving everyone free and easy access to Office on the go makes going BYOD a much simpler proposition. Now, no matter if a user comes in with an iPhone, iPad, or Android phone or tablet (Windows Phones already came with Office so were always easier to manage), you can now direct them, even automatically with an MDM platform, to download the free Office apps without the need to worry about subscription accounts or managing paid downloads.

Of course with employees even more likely than ever to be editing documents on their mobile device, the need for a coherent MDM policy to secure and contain the data becomes paramount.

 

Microsoft “catapaults” new technology to the visually impaired
Microsoft have announced a unique partnership with Guide Dogs UK charity and urban design group Future Cities Catapault to empower and offer independence to blind and partially sighted people in the UK. This has the potential to change the lives of over two million people in the UK alone.

Most successful projects have a personal connect which drives effort forwards. In this case it was a visually impaired Microsoft employee who cued the firm into collaborating on the pilot.  Microsoft acknowledges a lot of information comes from GPS and annotated maps in the Cloud, not just the lampposts on which the beacons sit.

The technology uses a headset that talks visually to the user with 3D sound conducted through bone conducting headphones ie. “parked cars and overhanging trees ahead” and clicking noises to confirm a desired route and assure the user they are staying on course.  The relayed information on location and navigation data is made via a smartphone (Windows or android) along a boosted route indoors or outdoors with wifi hotspots and bluetooth beacons.  It is like an intelligent Sat Nav for the walker enabling those affected to step out with increased confidence to safely navigate a town or city thoroughfare.

The spinoffs are two fold.  From an employment perspective, the potential for the visually impaired to seek employment and travel to work for the first time when they would not have done so before is huge. With 246 million people across the UK and US visually impaired and 65% out of work, this could change the landscape for accessing employers.   Secondly, the wider ramification of a near invisible technology could extend into an additional technology lifestyle assist, with realtime traffic information (“Your bus is running 10 minutes late”), to assistance in exploring cities or finding places.

This week’s technology news – 25th July 2014

Policing Cloud and data policies provides good practice
The evolution of big data and the harnessing of data in the Cloud has, with all its technological innovation and wider corporate adoption, flagged up ever increasing policing needs around compliance and information risk management. These must be reviewed regularly and intensely by the CISO to protect the organisation.  Failure to do so will make the threat of fines and penalties (which can be more severe than fines) ever more likely.

If strong information security measures and good governance practice are put in place, this can keep organisations ahead of regulatory mandates.  The speed of change in data and privacy laws does not make it easy to stay on top but a vigilant CISO will be thinking ahead constantly.

Cloud services may be offered by multiple suppliers using multiple data centres, sending data around the world. This crossing of borders gets complicated as each country has its own jurisdictions, making safeguarding complex especially if the review is triggered by incident versus proactively controlled and selected.

The right of respect for personal information data held by organisations is at the heart of information security. Accordingly, companies need to know what information they hold and whether it is “Personal Identifiable Information” (PII).  Protecting PII is the responsibility of the data controller.  Apart from names and addresses, PII can include medical records, bank account details, photos, videos, personal preferences, opinions and work locations. It does not however, have to include a name to be PII.  Privacy is a compliance AND business risk area.

Approved jurisdictions are recognised by the EU as having an adequate levels of protection under local regulation.  Countries which have satisfied the requirements outside Europe include:  Argentina, Canada, Israel, Uruguay and New Zealand.   The US is a jurisdiction that is missing from the list.  Their ‘work around’ is the Safe Harbour Treaty, that allows EU information to be transferred to US based organisations, but this may still not provide sufficient regulatory assurance or liability for some organisations or public bodies.

The decision to use Cloud systems should be accompanied by an information risk assessment concentrating on the complexity not only of the Cloud system, but privacy regulations too – and the level of security required for that data.  Once analysed, the right path for each organisation becomes less complex and the knowledge and understanding of the CISO increases, as does the confidence of the Board that they and their data is in “safe hands”.

Reputations are lost quickly in the modern age.  Trust which may have taken years to build, when lost, is gone forever – and the swift migration of consumers will always hit the bottom line. Governance is not always present in the information security function and breaches may be more often down to an inadvertent mistake rather than criminal intent, but all steps taken to reduce risk, so long as it still enables the organisation to reach its goals, will smarten the way business operates and reacts.  So wake up and smell the coffee:  be close to your Cloud provider to know and understand where your information will be stored and processed.

Plastering on the care
digital patch plaster

A very clever battery-operated, wireless, sticking plaster-sized, patient monitoring patch has been developed by Oxford based firm, Sensium Healthcare. The monitoring patch could revolutionise patient care and increase the amount of time medical staff can give to those patients in greatest need.   Currently, patients requiring monitoring are hooked up, immobile and require constant observation, normally in four hour cycles.  The new monitoring patch enables the patient to get up and move around (encouraged as part of the process of speeding up recovery) and vital sign data is updated every few minutes, passing the data via a ‘router box’ in each room to the hospital IT system.

It is not intended to replace routine checks, but nursing staff report that it has helped take off some of the pressure on ward rounds.  The patches provided early detection of deterioration in 12% of patients wearing them in the tests at the Brighton hospital.   With a high incident of 12,000 recorded preventable deaths in England in 2012, of which one third were down to monitoring, this could be a significant game changer for NHS England – and at only £35 each and lasting 5 days, it is a refreshingly cheap solution for the Minister for Health to consider!  http://www.bbc.co.uk/news/health-28317509#

The next big thing in Mobile Memory
rice-rram
Tablets have come a long way in the last 10 years: from Windows XP tablet PC edition, to all the options that exist today. But memory is one of the areas where we have not seen great strides. Rice University in Texas is claiming a breakthrough in this field. Their silicon oxide technology – a type of RRAM – has been in development for five years and is nearing mass production, having gone through several refinements. The technology is undergoing prototyping of chips,  capable of storing one Terabyte, the size of a postage stamp. The cost of a chip so memory-dense would likely be sky high but the technology also provides all size variants in-between.

When Operating System and Device makers have a lot more memory to play with, how we use our devices could change. Being able to dump all of your apps into memory mean you could access all your information instantly. This can change how we both multitask and perform complex tasks on mobile devices.  As always cost and power consumption will be vital in what role this technology does play in the future, but with the right balance struck, this could be a turning point for mobile devices.

MDM vs Containerisation
Last year certain analysts were predicting that traditional mobile-device-management (MDM) was on the way out, to be replaced with containerisation of both data and apps. It would seem the market has taking a different approach after all. Application level management has in fact grown but MDM is still the preferred method for BYOD security. This has led to many a heated discussion on which path is best for mobile security going forwards.

So what is the right choice? Many companies are taking a two pronged attack, taking advantage of the strengths of each to use either, or both, when best appropriate. Just because MDM and containerisation can exist together does not mean that is what is best for your own organisation.  Define your own device use cases and security / governance requirements beforehand to decide which solution best suits your needs  Then you will be able to deliver the best options for your organisation’s needs.

 

Your latest news in technology by Amicus ITS

Samsung Galaxy S4 comes to UK with 4-core not 8-core processor
A follow-up from last week’s launch details on the Samsung Galaxy S4 phone. Samsung has announced the UK variant will not in fact come with its latest 8-core processor which was boasted at during the launch last week, but a weaker 4-core unit similar to what is found in its predecessor. Will this decrease interest in Samsung’s latest flagship phone? Which has already achieved a 40% higher demand than the Galaxy S III.

Microsoft launches Windows Embedded 8
Following the release preview just 2 weeks ago, Microsoft has announced the general availability of Windows Embedded 8. Windows Embedded powers POS terminals used widely across retail, healthcare and manufacturing industries. Microsoft state that their latest embedded platform shortens development cycles, has more immersive and natural user experiences while bringing the latest security technologies. However will the current mainstream attitude towards Windows 8 hesitate organisations adopting this next embedded OS?

Half of all companies lose devices with important data
A recent study has uncovered some unsettling results, including the statistic of 50% of employees reporting that someone at their company has lost a mobile device with important data. The real question of course is was this data secured? With the correct MDM solution you can mandate complexity of lock screens for employees, locate and even wipe devices to ensure your data does not fall into the wrong hands.

BlackBerry 10 doesn’t pass security standards for government workers
The new Blackberry 10 platform hasn’t passed the high security standards of the Communications Elections Security Group unlike its previous Blackberry OS BB 7.1. BlackBerry has stated it is now working closely with CESG to get BB10 approved for government workers here in the UK. We can speculate due to the history of the BlackBerry platform’s security and use in government environments, that BlackBerry are currently hard at work to get their latest phones green lit for government use.

This week’s technology news from Amicus ITS

Cloud security fundamental to BYOD

A recent study suggests that cloud computing plays a vital role in the success of BYOD in the work environment. The study stated that although 54% of respondents identified BYOD as an area for growth, 78% stated that the trend could pose a ‘significant’ risk to information security. We believe that with increased efforts to educate users on cloud computing, fears surrounding BYOD may begin to dispel and the benefits, including operational costs and user experience, can be rewarded.

NHS to become paperless by 2018

Health Secretary, Jeremy Hunt, has announced his plans for the NHS to become paperless by 2018. The NHS will be joining a list of organisations already paperless, including 38% of Fortune 1000, saving them costs of up to £4.4 billion. We believe that this is overly ambitious and the concept of a fully paperless office is far from reality.

Gartner show shift in PC market

This week Gartner have stated how there is a current “structural shift” in the PC market as tablet demand continues to grow. The research firm has stated that shipments of PC’s are down by 4.9%, due to users opting for tablet devices instead of laptops and PC’s. So what does this mean for mobile device management? We believe that this shift will continue through 2013 and into 2014 with mobile devices becoming more prevalent in the workplace as they become more adaptable for the workforce.

What technology skills will be needed in 2013?

MSP mentor have released a list for top technology skills needed in 2013. Topping the list for in-demand technology knowledge include; business intelligence, mobile projects and cloud technology. These skills can cover a multiple of sins including, virtualisation, big data and app development. We believe a number of organisations have already made the move in understanding mobile and cloud technology.  However, business intelligence is still seen as a specialist area, and requires a different level of expertise and investment for organisations to fully understand and capitalise on this opportunity.

Your first stop for this week’s MSP news in technology

MDM? Not without MSP’s help  

Even though the BYOD trend is gaining significant momentum, some organisations are still refraining from implementation.  Adopting MDM requires investment in technology, training, staffing and policy creation, meaning organisations can’t justify the funding.  However we believe there is a solution to this problem; introducing MDM through a managed service provider.  MSP’s can offer all the MDM benefits including 24×7 managed support, but save customers time as well as costs.  This will allow even small businesses to work more mobile.

Looking into the future in the Tablet market

The big three: Microsoft, Google and Apple are now all runners in the tablet market share race.  In recent months Apple has seen its sales decrease due to the increased popularity of cheaper Google devices. At this pace we may see Android over take Apple in Q2 2013. As Microsoft’s devices have only been on the market for less than a quarter, we are expecting a slow and steady uptake.  As more devices and apps come over to Microsoft’s new platform next year, we predict the market will shift.

‘Appy’ Christmas

Microsoft has announced that their Windows Phone app developers will be hard at work this festive season.  Since the launch of Windows Phone 8, mobile app requests have increased by 40%, seeing a recent surge in the last couple of weeks.  However, some companies refuse to jump on the bandwagon. Google have declared they have no plans to develop apps for either Windows Phone 8 or Windows 8. We believe that Google might be missing a trick.  As Windows 8 adoption grows momentum in 2013, we are predicting Microsoft’s app store will take off in a big way, enabling both a consumer and a corporate environment.

Microsoft release Cloud Deployment programme

Microsoft has released a new Cloud Deployment programme designed at educating partners as to how they can get the most out of Office 365.  Organisations have currently been viewing the Cloud as a threat to their security rather than an instrument for success.  With Microsoft’s latest partner programme, MSP’s will be able to offer management tools and expertise to help consumers understand the Cloud.  We believe that this will give MSP’s the opportunity to add value to the Cloud, helping customers with its set up and running.