Offensive security involves proactive deception tactics

Going on the offense doesn’t mean actively targeting cybercriminals, experts say. Deceptive tactics, phony documents can help trip up attackers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google


14 Days of Facebook Marketing Tips Starts Today! Tip #1: Ask For Opinions on Facebook. Create Engaging Content.

TIP#1: Ask Your Tribe Questions. People Love To Give Their Opinion

Welcome to 14 Days of Facebook Marketing Tips, on the occasion of the upcoming launch of “The Facebook Guide to Small Business Marketing” (Wiley) by Ramon Ray, of Smallbiztechnology.com and Infusionsoft.

Buy Ramon’s latest book on February 19th and get a digital box of goodies as your gift for buying the book, educating yourself and growing your business with Facebook.

In The Facebook Guide to Small Business Marketing, you will overall learn how to get more customers and keep the ones you have. You’ll also learn how to leverage overall online marketing, how to better use social media and, more specifically, how to use the power of Facebook for YOUR business.

TIP #1: Ask Your Tribe Questions. People Love To Give Their Opinion

For the last few weeks I’ve been posting surveys on Facebook, with an article from Smallbiztechnology.com as the basis for the survey.

For example, on Smallbiztechnology.com we had an article about web browsers for small businesses. I then went on Facebook and posted a survey asking my Facebook audience (that’s you), what YOUR favorite browser for business was. This received thousands of views and thousands of votes, as I recall.

What’s the lesson learned

Instead of using Facebook to try to SELL use Facebook to get insight from your customers or at the very least to simply engage them and interact with them about something related to what you do.



Oracle issues out-of-band patch to repair 50 Java vulnerabilities

A significant patch to Oracle's Java SE was released today, two weeks ahead of schedule. According to the advisory accompanying the update, fully 49 of the 50 fixes contained in the patch are remotely exploitable.

Writing in a blog, Software Security Assurance Director Eric Maurice said the company "decided to accelerate the release of this Critical Patch Update because active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed."

This is not the first out-of-band update to Java this year. A zero-day vulnerability that was spotted in the wild was patched on Jan. 13 -- only to have two new Java vulnerabilities announced within days.

The large number of significant security issues has caused discussion in some security circles about whether Java should remain in general use, but has also engendered some criticism of Oracle for not communicating its plans for dealing with Java security concerns. Milton Smith, Java's senior principle security product manager, said in a recorded conference call that, "The plan for Java security is really simple. It's to get Java fixed up," he said. "And then number two, to communicate our efforts widely."




14 Days of Facebook Marketing Tips Starts Today! Tip #1: Ask For Opinions on Facebook. Create Engaging Content.

TIP#1: Ask Your Tribe Questions. People Love To Give Their Opinion

Welcome to 14 Days of Facebook Marketing Tips, on the occasion of the upcoming launch of “The Facebook Guide to Small Business Marketing” (Wiley) by Ramon Ray, of Smallbiztechnology.com and Infusionsoft.

Buy Ramon’s latest book on February 19th and get a digital box of goodies as your gift for buying the book, educating yourself and growing your business with Facebook.

In The Facebook Guide to Small Business Marketing, you will overall learn how to get more customers and keep the ones you have. You’ll also learn how to leverage overall online marketing, how to better use social media and, more specifically, how to use the power of Facebook for YOUR business.

TIP #1: Ask Your Tribe Questions. People Love To Give Their Opinion

For the last few weeks I’ve been posting surveys on Facebook, with an article from Smallbiztechnology.com as the basis for the survey.

For example, on Smallbiztechnology.com we had an article about web browsers for small businesses. I then went on Facebook and posted a survey asking my Facebook audience (that’s you), what YOUR favorite browser for business was. This received thousands of views and thousands of votes, as I recall.

What’s the lesson learned

Instead of using Facebook to try to SELL use Facebook to get insight from your customers or at the very least to simply engage them and interact with them about something related to what you do.



Google Forms Update Allows for Easier Collaboration

Google Forms, the online app within Google Drive that allows users to ask questions and collect data into spreadsheets, just got an update that makes real-time collaboration between team members easier.

With Google Forms, you can build questionnaires and surveys and distribute them, then the data is automatically put into a Google Drive spreadsheet. This technology isn’t specifically reserved for businesses, but it’s clear how it can be useful for companies or entrepreneurs looking to collect and organize data from consumers or even other team members.

collaboration form

With Forms, you can ask customers questions about their experiences with your company’s products or services, collect general demographic information from people who visit your company’s website, get RSVP’s for events, and even collect opinions from employees or other team members.

Now, when editing forms, you can work simultaneously with other team members and even chat with each other in a box on the right hand side, as shown in the above photo. You can also see how many other viewers are working on the same form, as well as how to add items, choose themes, view responses and a number of other functions.

Previously, if multiple team members had to view and edit a document before distributing it, they would have to take turns making edits and giving feedback. This new system will allow you to simply set a time with team members to make quick edits together, giving feedback as you go.

But even those working alone can enjoy some new minor editing features, including undo and redo options, keyboard shortcuts, improved copy and paste, and auto saving. You can also download a .csv file with your completed data.

Most of these changes are fairly minor, but together they can help save some time and cut down on steps when working with others on creating and editing Forms.

The other features of Google Forms will remain unchanged, including the ability to share forms directly through Google+ or Gmail.

Other Google Drive apps include Docs, Sheets and Slides, which also allow real-time collaboration.




Google Forms Update Allows for Easier Collaboration

Google Forms, the online app within Google Drive that allows users to ask questions and collect data into spreadsheets, just got an update that makes real-time collaboration between team members easier.

With Google Forms, you can build questionnaires and surveys and distribute them, then the data is automatically put into a Google Drive spreadsheet. This technology isn’t specifically reserved for businesses, but it’s clear how it can be useful for companies or entrepreneurs looking to collect and organize data from consumers or even other team members.

collaboration form

With Forms, you can ask customers questions about their experiences with your company’s products or services, collect general demographic information from people who visit your company’s website, get RSVP’s for events, and even collect opinions from employees or other team members.

Now, when editing forms, you can work simultaneously with other team members and even chat with each other in a box on the right hand side, as shown in the above photo. You can also see how many other viewers are working on the same form, as well as how to add items, choose themes, view responses and a number of other functions.

Previously, if multiple team members had to view and edit a document before distributing it, they would have to take turns making edits and giving feedback. This new system will allow you to simply set a time with team members to make quick edits together, giving feedback as you go.

But even those working alone can enjoy some new minor editing features, including undo and redo options, keyboard shortcuts, improved copy and paste, and auto saving. You can also download a .csv file with your completed data.

Most of these changes are fairly minor, but together they can help save some time and cut down on steps when working with others on creating and editing Forms.

The other features of Google Forms will remain unchanged, including the ability to share forms directly through Google+ or Gmail.

Other Google Drive apps include Docs, Sheets and Slides, which also allow real-time collaboration.




10 Ways to Avoid Becoming a Social Media Robot

social robotWhen I wrote “10 Ways to Avoid Becoming a Content Robot,” the response was so great, I was inspired to tackle another common downfall small business owners make when it comes to marketing: social media automation.

We’ve all seen it:  tweet after tweet that look like they were cut and pasted and scheduled for every hour:

“Buy my product! Click my link!”

It’s a turnoff, and doesn’t do much to help you find new customers. Below are 10 ways to avoid being that type of social media robot:

1. Write 95% of Your Updates Manually

There is a time and a place for automated updates. It’s perfectly acceptable to set up your blog RSS feed to automatically post to Twitter, Google + and Facebook. Just don’t make that your whole strategy.

People follow brands that seem like they’re run by humans. Show that yours is by writing your tweets like â€" you guessed it â€" a person.

2. Respond to People

Autotweeting anytime someone follows you does not count as a response. Find someone who’s having an interesting conversation and weigh in. Thank someone for sharing your content. Engage directly with people on social sites individually.

Robots can’t do that. You’ll find that you start to build relationships this way.

3. Watch Redundancy

Sure, it’s easy to copy and paste your updates and schedule them multiple times. But who said marketing was supposed to be easy

Even if you tweak your update just slightly, it shows you put in the effort to do so, and it won’t annoy your followers.

4. Aim for a Mix

Here’s a little formula I use to ensure what I’m posting online is diverse enough to provide value to my followers:

  • Auto share my blog content
  • Share content with a question to give people a reason to click
  • Respond directly to individuals
  • Ask questions to foster conversation
  • Offer personal tidbits

I don’t go crazy with the personal stuff, but I don’t make much separation between me and my business. So it’s fine for my business followers to know I’m going kayaking over the weekend. It makes me â€" yep â€" human.

5. See What Other People Do

How do those other Tweeters get tens of thousands of followers Pay attention to their tweets to find out. If you read through their updates, you’ll see some of the elements I listed in #4.

Matt Mansfield does a great job of staying on topic (content marketing) while responding to people who comment on his G+ posts. Joe Pulizzi (@juntajoe) rarely autotweets anything, and responds to everything sent his way. That’s why he’s got more than 22,000 followers.

6. Cut Back on Promotions

Yes, you want people to click your links and buy from you. But if you constantly post links to your site, you’ll scare off potential customers. The marketplace has changed; customers no longer want you to put promos in front of them (did they ever).

They’d rather get to know you as a brand and find your promotions through other channels, like email.

7. Enough About Me - Let’s Talk About You

We hear that cocktail party example a lot, and it works. If you were at a party, would you talk constantly about yourself Maybe, but you’d turn off everyone you talked to. Same applies online.

Talk about other people. Ask them questions. Pull them out of their shells. If they want to know about you and your brand, they’ll ask.

8. Be Regular…but Not Too Regular

I like to take certain times of day to schedule my tweets. It’s important to me to have near-constant activity on Twitter, and less so on Facebook and other channels. At most, I schedule one tweet an hour. Usually less. Any more than that, and I’m just clogging up everyone’s Twitter stream.

Aim to be present, but don’t go overboard on any one site.

9. Vary Your Updates Across Platforms

It’s too easy to paste an update from Twitter onto Facebook or LinkedIn. Or better yet, click all your social icons in Hootsuite and send the same update to all. But if someone is following you on multiple channels, consider how annoying it is to see the same thing every time.

Instead, mix it up slightly. You can share the same link; just post a different description on each site. This gives people a reason to connect with your brand on multiple channels.

10. Take a Break

Sometimes I get over tweeted. I need a break from social media. In those cases, I schedule whatever tweets and updates I want to go out for the next few days, and I close it down. Having some space from this virtual world that often sucks me in clears my head and helps me start fresh when I return.

It isn’t hard to humanize your social media updates. Put in a couple of hours a week, take advantage of scheduling updates, and you’ll see your followers number rise.

Social Robot Photo via Shutterstock




Tellagami: Bringing Storytelling Back into Fashion

In a world that speaks in 140 character tweets and ubiquitous texting abbreviations, Tellagami tries to revive the art of telling a good story. It is an amusing app designed for iOS that turns you into a raconteur the teller of a “gami” or a story.

It’s a tool that helps you tell a story, narrate an experience, or share an insight; you can even tell a joke or send a unique personalized greeting to someone. Tellagami is a spinoff of Xtranormal, a digital entertainment company that produces do-it-yourself animation software for the Web and desktop, which turns your words into an animated movie. (If you can type, you can make movies).  However, Tellagami is a simpler interface with fewer features.

video storytelling app

You select a character, the background you want, and even the clothing you want it to wear. Once the character is set up, you either speak or type to get the character to start mouthing the words. You can also pick the expressions on the animated character’s face: happy, sad, angry, surprised, silly, scared, etc.. The goal is to make it funny, raise a few laughs.

You can see the type of character in the screenshot above from iTunes. I couldn’t get a screenshot from my iPad2 where I downloaded the app (user challenges).

You have the option to preview it before sharing it via social networking sites or email. You can post it on Facebook; even MMS it to someone. The amusement potential is immediately obvious. A teen could tell the story of an incident in school; you could tell a pictorial story of a recent holiday;  or, you could create a tutorial, make lists, create a diary, or just update your status in an interesting format.

This software has obvious uses for small businesses and makers too.

What I like:

  • It allows you to ‘speak’ in your own voice to your customers, so you can share or advertise your idea, product, or service.
  • Loads of potential uses for vlogs and blogs.  You can make it as formal or informal as you like - even dress up as smart (virtually) as you like.

What I’d like to see:

  • An Android app is essential. I imagine it is in development. iOS always comes first due to the install base and app ecosystem. My Galaxy S3 from Ting mobile is itching to try it out.

Ultimately you can tell the story - gami - of your business in a way that helps grow it. Easy sharing of your story means that you could put the word out there without much investment.

Have you seen or used Xtranormal  If you have, then you’ll immediately get what Tellagami is all about.

What tools are you using to create video or animation in an affordable and easy manner




Tellagami: Bringing Storytelling Back into Fashion

In a world that speaks in 140 character tweets and ubiquitous texting abbreviations, Tellagami tries to revive the art of telling a good story. It is an amusing app designed for iOS that turns you into a raconteur the teller of a “gami” or a story.

It’s a tool that helps you tell a story, narrate an experience, or share an insight; you can even tell a joke or send a unique personalized greeting to someone. Tellagami is a spinoff of Xtranormal, a digital entertainment company that produces do-it-yourself animation software for the Web and desktop, which turns your words into an animated movie. (If you can type, you can make movies).  However, Tellagami is a simpler interface with fewer features.

video storytelling app

You select a character, the background you want, and even the clothing you want it to wear. Once the character is set up, you either speak or type to get the character to start mouthing the words. You can also pick the expressions on the animated character’s face: happy, sad, angry, surprised, silly, scared, etc.. The goal is to make it funny, raise a few laughs.

You can see the type of character in the screenshot above from iTunes. I couldn’t get a screenshot from my iPad2 where I downloaded the app (user challenges).

You have the option to preview it before sharing it via social networking sites or email. You can post it on Facebook; even MMS it to someone. The amusement potential is immediately obvious. A teen could tell the story of an incident in school; you could tell a pictorial story of a recent holiday;  or, you could create a tutorial, make lists, create a diary, or just update your status in an interesting format.

This software has obvious uses for small businesses and makers too.

What I like:

  • It allows you to ‘speak’ in your own voice to your customers, so you can share or advertise your idea, product, or service.
  • Loads of potential uses for vlogs and blogs.  You can make it as formal or informal as you like - even dress up as smart (virtually) as you like.

What I’d like to see:

  • An Android app is essential. I imagine it is in development. iOS always comes first due to the install base and app ecosystem. My Galaxy S3 from Ting mobile is itching to try it out.

Ultimately you can tell the story - gami - of your business in a way that helps grow it. Easy sharing of your story means that you could put the word out there without much investment.

Have you seen or used Xtranormal  If you have, then you’ll immediately get what Tellagami is all about.

What tools are you using to create video or animation in an affordable and easy manner




Testing, assessment methods offer third-party software security assurance

Gary McGrawSoftware is not created equal, especially when it comes to security. I’ve done my fair share of talking in this column about how to create and measure a software security initiative to make sure the software you build yourself is secure and I’ve even talked about how to get started with a brand new software security initiative. How can you tell whether the software you buy or outsource to others to build is secure enough Do you trust your vendors Do all vendors do the same thing when it comes to software security (Hint: the answers are “good question,” “why” and “no.”)

Every enterprise depends on software

Every modern enterprise uses lots of software. Some enterprise software is homegrown, but a vast majority of enterprise software is third-party software built and maintained by outside vendors. Third-party software itself comes in several flavors: it can be custom built to specification, it can be commercial off-the-shelf software (COTS), and it can live in the cloud as part of a Software as a Service (SaaS) model.

Many large firms are working hard on vendor control and supply chain security issues. This is especially apparent when it comes to software vendors providing goods to financial services organizations. A typical multi-national bank has thousands of vendors, several hundred of which directly impact software security posture.

Big firms are busy exploring two basic options for software security and vendor control. The first involves directly assessing the security of a particular piece of software. The second involves measuring the software security capabilities of a vendor. Both approaches are valuable.

Third-party software security assurance: Measuring software directly

A badness-ometer approach to software measurement works on the same theory as penetration testingâ€"try breaking something and see how far you get. The idea is to carry out a series of straightforward black box tests against a given application. If the canned tests break the software, you know it’s truly bad and should not be trusted. (On the flipside of the coin, if the canned tests don’t break the software, well, you have a very small amount of evidence that the software is secure.)

The good news about badness-ometers is they are straightforward and cheap to apply, especially when it comes to measuring third-party code. Just aim the tests at the application in question and away you go. If the application fails the tests, then let the vendor know the application they built is not good enough to use. Firms like Veracode and my firm Cigital will even carry out these kinds of tests for you. Largely the direct measurement approach is cheap enough that you can apply it to your entire portfolio.

There are two main drawbacks to direct measurement. The first is that software is always changing, and direct measurement is limited to a somewhat cursory point-in-time look. Think about how often the software you rely on automatically updates itself, and multiply that number times distinct platforms, geographic locations, software environments, and so on. Should you really have to constantly test all of your vendor’s code

The second main drawback to direct measurement is that badness-ometers are not security meters, no matter how much we would like them to be. There is no ultimate set of tests that can ensure security, so don’t let anybody tell you there is (especially a software vendor). Direct measurement is useful and economically feasible, but it’s no panacea.

Measuring capability with BSIMM and vBSIMM

Microsoft has spent a ton of time and treasure both creating and marketing software security and the secure development lifecycle (SDL). If you are a big firm, you most likely rely on Microsoft software in some capacity. In a way, the existence of the SDL provides some peace of mind that Microsoft is paying attention to security and attempting to build software you can rely on. But what about your other vendors

Enter the BSIMM, an ever-expanding study of 51 firms’ software security initiatives. All 51 firms participating in BSIMM4 have a software security initiative underway and an SDL equivalent (though they are not all at the same level of maturity). The BSIMM measurement is a way of describing, comparing and contrasting these SDLs. And the BSIMM Community as a collective is very serious about software security.

At the most basic level, participation in the BSIMM may be enough to winnow the grain from the chaff among your software vendors. Sadly, some vendors may not even be able to spell the word security, or may wonder exactly what in the heck you are talking about when you query them about it. Those would be the vendors to worry about. The vendors with an active software security initiative They’re probably not going to be your biggest risk.

Of course, BSIMM participation is intense. It involves direct in-person measurement of 111 software security activities, deep dives into particulars, and an objective scoring system. As such, participation in the BSIMM may be too high a bar for vendor control.

That’s why we created the vBSIMM with the help of JP Morgan Chase. If you think of the BSIMM as a measuring stick, you can think of the vBSIMM as a ruler. When it comes to setting the right height on the vendor software security bar, the vBSIMMâ€"which measures only 15 software security activities (instead of 111) and relies on attestationâ€"provides a much lighter weight alternative to the BSIMM.

The vBSIMM scheme is far from perfect and it does nothing to guarantee that any particular vendor product is actually secure enough for all uses. But the vBSIMM scheme is far superior to no vendor control at all. It’s particularly useful when a vendor produces multiple applications for you.

There are drawbacks to an approach like the BSIMM/vBSIMM, since the metrics involve an indirect, process-oriented measurement of software security capability. The real questions are, “How well does the software security initiative in question actually work Are the activities carried out by your vendor effective Does the vendor really create secure code consistently”

Vendor control

In the end, an approach that combines both indirect measurement of capability with direct measurement of applications is probably the way to go. At any rate, software security is just as important when it comes to your software vendors as it is when it comes to your own developers.

About the author:
Gary McGraw, Ph.D., is CTO of software security consulting firm Cigital. He is a globally recognized authority on software security and the author of eight best-selling books on this topic. Send comments on his column to feedback@infosecuritymag.com.

This was first published in January 2013



BYOD security strategies: Balancing BYOD risks and rewards

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: The China Syndrome: Security factors to consider before buying Chinese IT."

Download it now to read this article plus other related content.

Mobile devices come in all shapes and sizes, from smartphones, notebooks and tablets, to the new-breed hybrid convertibles and detatchables that made headlines at the Consumer Electronics Show 2013. While mobility boosts enterprise employee efficiency by delivering “anywhere access” to business data and systems, it obliterates what’s left of the increasingly ineffective corporate network perimeter.

Many security managers have already discovered the disconcerting implications: less control than ever over enterprise data access from a myriad of consumer devicesâ€"including a groundswell of bring your own devices (BYODs)â€"and more difficulty determining which devices are accessing which systems and data.

So it’s no surprise that as use of personal mobile devices grows and becomes pervasive inside and outside the office, employers are struggling to enable secure use of BYODs. Anthony Peters, director of information technology at Burr Pilger Mayer Inc., a 400-strong financial services firm headquartered in San Francisco, said his tidy, policy-driven corporate BlackBerry world was shattered several years ago by the Apple iPhone craze.

Ask anyone who says they don’t have BYODs to review their logsâ€"I guarantee they’ll find Mobile Safari.

Dave Martin, CSO, EMC Corp.

“Today, we’re almost entirely BYOD,” Peters said. “We allow iPhone 3GS and above, Windows Mobile and Android. We have just 7 BlackBerrys left that I’m hoping to retire soon.”

Burr Pilger Mayer is not alone. Enterprise BYOD adoption rates vary by region and industry, but by analyst estimates, have reached 40% to 75%â€"driven largely by consumer smartphones and tablets. According to Black Diamond, Wash.-based market research firm Osterman Research, there are now nearly twice as many personally owned iPhones, iPads and Android devices today than their corporate-issued counterparts. Simply banning BYODs from the workplace rarely works.

“Ask anyone who says they don’t have BYODs to review their logsâ€"I guarantee they’ll find Mobile Safari,” said Dave Martin, vice president and CSO at Hopkinton, Mass.-based EMC Corp. “Disallowing BYODs just pushes them underground where you lose visibility. I’d rather see BYODs and deal forensically with risks than try to convince myself that I can block them outright. Experience has shown that’s a failed strategy; users find a way in. But if you’re too permissive, you’re open to data loss. We are unable to lock down BYODs in the same way, so we need to be smarter about how we use them.”

Getting a handle on BYOD risks

BYODs pose many business risks; some widely recognized and others less-understood. The Security for Business Innovation Councilâ€"a team composed of Global 1000 information security leadersâ€"cited lost or stolen BYODs as its top concern. The danger here is clear: Although BYODs that go missing may well contain sensitive data, according to Osterman Research, less than 1 in 4 can be remotely wiped.

What’s more, employers often cannot assess data breach exposure on unmanaged BYODs. “It comes down to losing control of your data,” Martin said. “When email is retrieved [over cellular] and opened on a BYOD, I lose visibility into data access. In a phishing attack, I’d have no idea it even happened, and I [would] lose any chance of [forensic investigation].”

When BYODs bypass inbound filters normally applied to corporate devices, they’re vulnerable to malwareâ€"a fast-growing risk, particularly in regard to Android devices. BYODs that bypass outbound filters elevate risk of non-compliance with data privacy laws and regulatory requirements. As BYOD use grows, so will the frequency of these risky behaviors.

It’s tempting to tackle these risks by locking BYODs down just like corporate devices, but organizations that have tried run head-long into personal privacy barriers. “In the beginning, we had a lot of push-back,” Peters said. “[Users worried there would be] too much Big Brother and we’d be too involved in their personal lives. We talked to senior management, HR and legal from the start, spending significant time with individuals, showing them how [BYOD security policies] would work. That was really helpful in policy design.”

Balancing BYOD risk versus privacy

This push-back is precisely why many mobile device management (MDM) vendors are adding more granular policies and tools. For example, some MDM products can now be configured to collect and display location and call histories from corporate devices, but not BYODs. Such options emerged because employers with international presence face additional risk when it comes to privacy regulations.

“Lack of clarityâ€"especially for multi-nationals with EMEA presenceâ€"is giving employers pause,” said John Marshall, CEO of AirWatch, an MDM vendor based in Atlanta. “They don’t want to allow BYOD as a convenience and then find they’re not in compliance with some country’s regulations. We’re seeing customers being more careful about personal privacy expectationsâ€"not inventorying personal apps installed on BYODs, [and] not wiping personal data on BYODs, and the like.”

Although regulations vary from country to county, many require informed consent to access personal information. This has given rise to enrollment processes that notify users about all possible MDM capabilities, whether employed or not, followed by customized “terms of service” that describe how the employer intends to manage the BYODâ€"what information will be collected, what actions can be taken, and what workers must agree to in order to complete enrollment and gain access to business data and systems.

An organization can address many BYOD privacy and compliance concerns by focusing on business assets. “We’ll always have to manage devices; we’ll always have to manage users, but what we manage about them can be narrower,” said Jonathan Dale, marketing manager with Blue Bell, Pa.-based mobile service provider Fiberlink Communications Corp. He said it is now possible and preferred for IT to secure mail, apps, content and users’ browser experience by applying different policies to certain user groups.

The MDM market is flooded with vendors offering integrated and standalone tools to manage sandboxed enterprise applications, corporate data containers and secure Web browser environments. “If you’re just managing apps or content, there’s no way you can make a mistake and see or wipe personal data,” Marshall said. “This approach generally allows a company to extend BYOD to a much larger audience.”

Policies that work for BYODs

At Burr Pilger Mayer, which uses Fiberlink’s Maas360 Software as a Service (SaaS)-based MDM product, BYODs are redirected to an enrollment portal, where user and device eligibility is determined. “Next, users must agree to give IT some controlâ€"for example, if your device goes missing, call us first so that we can wipe your phone before you call your provider,” Peters said. “Then we apply PIN length/change, encryption and wipe requirements.”

These controls are widely embraced by the industry as table stakes for all devices. But BYOD success or failure lies in policy specifics. “Many people want to treat smartphones like desktop extensions. This is a disaster in practice,” said Ahmed Datoo, chief marketing officer of Citrix Inc.’s Zenprise MDM unit. “Smartphone users don’t have the patience to tap in eight-character passcodes, including caps and numbersâ€"especially given frequent re-entry. All it takes is one device wipe accident and users will start removing [IT-managed controls].”

If you’re just managing apps or content, there’s no way you can make a mistake and see or wipe personal data.

John Marshall, CEO of AirWatch

In fact, 26% of the 500,000 corporate and BYODs under Fiberlink MaaS360 control have policies that don’t require passcodes. Of the rest, 53% require a 4-5 digit PIN, 16% 6-7 digits, and a mere 2% require alphanumeric passcodes, Dale said. While a malicious hacker could more easily crack a short PIN once he or she has possession of a device, it appears that employers are willing to accept that risk in trade for basic device restrictions, visibility and as-needed control.

For restrictions, full-device encryption is standard-issue on iPhones, iPads, BlackBerrys and brand-new Windows 8 phones, but only a subset of Androids. Dale reported that 44% of MaaS360 policies enforce encryption on Android devices. A growing number of employers may be adopting strategies similar to Burr Pilger Mayer, namely allowing unencrypted Androids, but compensating by storing corporate documents in a secure data container or using self-encrypted/authenticated sandboxed applications.

“We make sure that our documents are encrypted and prevented from getting into the wrong hands,” Peters explained. “We also track which documents people download and when they are synchronized with the cloud or forwarded.” By focusing [on] only these business assets, Peters said the company has been able to fully embrace BYOD without risking non-compliance or losing its ability to control and report on access.

Avoiding BYOD security management pitfalls

Limited BYOD management also enables more granular wipe. “Selective wipe has become the de facto standard,” Dale said. “Our customers are no longer using full-device wipe on either corporate or BYO devices.”

Wiping only corporate settings, data and apps can protect business assets while leaving personal data and settings intact. Here again, policy matters: A scorched earth approach may mitigate business risk, but it removes MDM control and visibility, inhibiting assisted remediation. Instead, a more measured approach begins with user/IT notification, followed by as-needed escalation.

For example, Burr Pilger Mayer uses blacklists to detect when data-sharing apps are installed. “We go talk to employees about what they’re using apps for and not to share our data,” Peters said. “If we see that same app on 100 devices, we can assess the trend and decide how to respond.”

At Zenprise, customer use of blacklists and whitelists is growing for different reasons. “If you look at blacklisted apps, they’re either games or sharing apps like Dropbox,” Datoo said. “Step back and consider why users download these. They aren’t looking to bypass security; they’re just trying to be productive. IT should think about how to meet those needs more securely, such as letting devices link to SharePoint docs, surrounded by data leak prevention.”

Focusing on enablement

Enablement is a common thread among many organizations with large, successful BYOD populations. Rather than thinking of BYOD as the replacement of corporate devices, Marshall said it’s better to conceptualize it as a strategy to enable mobility for those who never carried corporate devicesâ€"a formal BYOD program with automated, over-the-air onboarding and configuration can do wonders for productivity.

Integration between MDM and network infrastructure to automate on-boarding is growing, while precisely what those BYODs can access is shrinking. “We want to make our network easy to access and provide value, but if we gave BYODs access to legacy systems, that would be a miserable experience,” EMC’s Martin said. Instead of allowing BYODs to access core network resources, the company selectively publishes enterprise data to new mobile apps; users get the data they need, and the company ensures it can be accessed securely and wiped quickly and easily if necessary.

Dale sees growth geo-fencingâ€"combining current location with policy, such as disabling cameras on mobile devices when they are inside high-security areas. “We see geo-fencing used in education and retail to enforce policies that prohibit taking pictures of students or require secure Web browsing on campus,” he said. “Geo-fencing can be great for use cases where it’s helpful to re-provision the device based on location.”

To ensure safe, effective use of BYODs in the enterprise, Martin said IT and security teams should work in partnership to assess emerging tools such as data containers and sandboxed apps while getting started with basic controls. Those controls can allow for less arbitrary permit/deny decisions each time a user carries in a new type of device.

“If you’re doing nothing about BYODs, don’t sit on the fence and wait,” Martin said. There’s significant risk that can be addressed at relatively little cost.”

About the author:
Lisa Phifer owns Core Competence Inc., a consulting firm specializing in network security and management technology.
 


This was first published in January 2013



Contests & Awards: Heartland Makeover, Small Biz Book Awards, 2 Innovation Competitions + More

Here’s a fresh list of awards, contests and competitions for growing companies and entrepreneurs.

There are some great contests and awards in this week’s roundup.

If you’ve entered and won a contest or award listed here, let me know so we can share your news.

This list is brought to you every other week by Small Business Trends and Smallbiztechnology.com.

*****

Brother CreativeCenter “Back to Business” Contest
Ends March 4, 2013

BizSugar is running a contest where you get to show your creativity. Three winners will receive a prize suite of Brother products including a printer, labelmaker, ink and supplies - valued at approximately $500. To enter just go to the Brother CreativeCenter and use the free tools to design a brochure, business cards, poster, calendar or other item. Then post it at BizSugar.com.

Contest sponsored by Brother. Contest details here.

Culture@Work in the Heartland Contest
Enter by February 10, 2013

This ten-day, nine-state road trip designed to recognize the important contributions made by startups in the U.S. Heartland while illustrating the connection between great office design and company growth. Companies based in Chicago, IL, Des Moines, IA, Omaha, NE, Kansas City, MO, and Dallas, TX can submit to win a $20,000 office makeover. The contest will give five small and emerging businesses - companies with less than 100 employees - in the aforementioned cities a chance to win a $20,000 office makeover.

2013 Infusionsoft Northern California Innovator of the Year Award
Enter by February 17, 2013

Infusionsoft is inviting all small businesses headquartered in Northern California to nominate themselves for the 2013 Small Business Innovator of the Year Award. Your small business could win the title of “Small Business Innovator of the Year” and the grand prize, valued at $10,000 in marketing education and promotion for your business. These awards honor the entrepreneurs in our community who exemplify the spirit of innovation.

One Spark
Enter by February 22, 2013, Jacksonville, FL

Jacksonville Jaguars owner Shahid Khan is partnering with One Spark to offer up to $1 million in capital investment for entrepreneurs who participate in the event in April.

One Spark, an arts-and-innovation festival with the goal of connecting entrepreneurs and capital resources, will hold its inaugural event April 17 to 21 in Downtown Jacksonville.

Inc. Enrich Your Pitch Contest
Enter by February 25, 2013

In this fast-paced competition, entrepreneurs will go head-to-head for the chance to win big. Contestants will have 90 seconds to pitch their business live on stage at Inc. GrowCo, and judges will ask questions and provide feedback about their pitch and business concepts. The all-star panel of seasoned experts will judge the pitches and choose a winner.

$35K Innovative Product Competition
Enter by February 26, 2013

Fishbowl and Intuit present a competition where entrepreneurs can enter their cool idea or recently launched product for a chance to win between $5,000 and $20,000 in cash prizes and more. See website for details.

2013 Small Business Online Marketing Contest
Enter by February 28, 2013

Constant Contact has launched the 2013 Small Business Online Marketing Contest in partnership with the Chicago City Treasurer’s Office. The contest is open from now until February 28th, and will award more than $12,000 in cash and prizes to Chicago small businesses for best email marketing and social media marketing campaigns.

The Small Business Book Awards
Nominations open through March 3, 2013

The 5th Annual Small Business Book Awards, presented by Namecheap.com, are open for nominations. These distinguished awards bring recognition from fans, the public, the industry and your peers.

Business books may be nominated in the following categories: marketing, technology, management, social media, economics, startups, personal finance, leadership/memoirs, and self-help.

New this year is also a category for “Classics” which allows books regardless of year of publishing, to be nominated. For the first time, there is also a category for book resources, which will recognize and honor publishers, publishing platforms, publicists and other resources for authors. Print books and electronic books (ebooks) are welcome.

2013 Northeast Kentucky Small Business Awards
Enter by March 8, 2013

Morehead State University’s Ashland Small Business Development Center is accepting nominations for the 2013 Northeast Kentucky Small Business Awards. The public is encouraged to nominate outstanding small-business owners and/or advocates in three northeastern Kentucky counties â€" Boyd, Carter and Greenup.

Crain’s New York Business Top Entrepreneurs
Enter by March 15, 2013

Crain’s New York is seeking successful businesspeople for its annual Top Entrepreneurs feature to run in May. Companies must be located in New York City, been in business for at least three years, and have revenue of less than $100 million. See website for entry form and eligibility rules.

American Technology Awards
Enter by March 15, 2013

Known as the Termans after Frederick Terman the widely credited father of Silicon Valley, the awards are the only national “Best Of” for technology products and services across the technology industry. Awarded on the basis of a thorough evaluation by industry experts and technology leaders, the Termans are presented at the Technology and Government Dinner in Washington, D.C.

Dell $100M Innovators Credit Fund
Ongoing

Dell has launched a $100 million Innovators Credit Fund, with the purpose of helping entrepreneurs “maximize potential for innovation, speed to market and job creation.” The credit fund will offer both funding and technology resources with IT support, depending on what each start-up needs.

To be eligible, you must have already received some angel funding or venture capital before you can apply. Start-ups can get up to 10% of its current funding or up to $150,000 with limited credit terms. See website for details and application.

If you are putting on a small business contest, award or competition, and want to get the word out to the community, please submit it through our Events & Contests Submission Form. (We do not charge a fee to be included in this listing.) Only events of interest to small business people, freelancers and entrepreneurs will be considered and included.

Please note: The descriptions provided here are for convenience only and are NOT the official rules. ALWAYS read official rules carefully at the site holding the competition, contest or award.

[photo credit: Shorts and Longs Flickr]



So Long Elevator Pitch Welcome Personal Branding Statement

personal branding statementSay so long and ’au revoir’ to the elevator pitch and welcome the personal branding statement. It’s part of the AOL to Gmail, Boomer to Millennial, desk top to mobile shift.

“What do you do”

By far the question we are asked, and will be asked, the most on a daily basis when out meeting new people and expanding our networks. It’s the ultimate opportunity to make a first impression and peak someones interest.

It’s the branding question whose answer most people struggle to articulate into one succinct, clear sentence that we remember.

The answer to ‘what do you do’ is much more than talking about products and services. The elevator pitch was fine when the product was out front. Now we are fronting our products and services more.

Creating our branding statement is the most important personal marketing activity we all need to get right.

Coming Up with the Right Personal Branding Statement is a “Process of Refinement”

It’s the sum total of where we are and what we are doing now, plus all the experiences and knowledge we bring from what we have done, driven by our personality, charisma and energy. Our charisma is what makes us stand out.

We change and the world changes and that changes our answer over time. Things work, then they don’t work. Circumstances force us to change. Trends lead us to change. Regardless of change, articulating our core values, who we are and what we believe in shouldn’t.  

If you keep up with these things, you will always have what you need to update and deliver your ‘what do you do’ question:

  • Be in your zone and sweet spot so you’re authentic and not forced.
  • Make sure your visual marketing and messaging is relevant and fresh.
  • Be consistent and purposeful with your networking and content marketing.

The reason we remember is because the person, their value, message and how it is consistently delivered strikes a chord with us.

One of the best resources for personal branding is Millennial Branding expert Dan Schawbel, and his Personal Branding Blog. Having a fully developed Linked In profile is also a must.  Here are some great examples of brand statements that work because they grab our attention.

Are you a Sales Whiz, a Career Catalyst a Turnaround Ace

What do you do in one clear, succinct and engaging sentence

Career Branding Catalyst: I help plug in and power up personal branding for small business, entrepreneurs and professional consultants through networking, social media and content marketing so they stand out, get noticed and are remembered better.

Is your personal branding statement ready

What Do You Do Photo via Shutterstock




Contests & Awards: Heartland Makeover, Small Biz Book Awards, 2 Innovation Competitions + More

Here’s a fresh list of awards, contests and competitions for growing companies and entrepreneurs.

There are some great contests and awards in this week’s roundup.

If you’ve entered and won a contest or award listed here, let me know so we can share your news.

This list is brought to you every other week by Small Business Trends and Smallbiztechnology.com.

*****

Brother CreativeCenter “Back to Business” Contest
Ends March 4, 2013

BizSugar is running a contest where you get to show your creativity. Three winners will receive a prize suite of Brother products including a printer, labelmaker, ink and supplies - valued at approximately $500. To enter just go to the Brother CreativeCenter and use the free tools to design a brochure, business cards, poster, calendar or other item. Then post it at BizSugar.com.

Contest sponsored by Brother. Contest details here.

Culture@Work in the Heartland Contest
Enter by February 10, 2013

This ten-day, nine-state road trip designed to recognize the important contributions made by startups in the U.S. Heartland while illustrating the connection between great office design and company growth. Companies based in Chicago, IL, Des Moines, IA, Omaha, NE, Kansas City, MO, and Dallas, TX can submit to win a $20,000 office makeover. The contest will give five small and emerging businesses - companies with less than 100 employees - in the aforementioned cities a chance to win a $20,000 office makeover.

2013 Infusionsoft Northern California Innovator of the Year Award
Enter by February 17, 2013

Infusionsoft is inviting all small businesses headquartered in Northern California to nominate themselves for the 2013 Small Business Innovator of the Year Award. Your small business could win the title of “Small Business Innovator of the Year” and the grand prize, valued at $10,000 in marketing education and promotion for your business. These awards honor the entrepreneurs in our community who exemplify the spirit of innovation.

One Spark
Enter by February 22, 2013, Jacksonville, FL

Jacksonville Jaguars owner Shahid Khan is partnering with One Spark to offer up to $1 million in capital investment for entrepreneurs who participate in the event in April.

One Spark, an arts-and-innovation festival with the goal of connecting entrepreneurs and capital resources, will hold its inaugural event April 17 to 21 in Downtown Jacksonville.

Inc. Enrich Your Pitch Contest
Enter by February 25, 2013

In this fast-paced competition, entrepreneurs will go head-to-head for the chance to win big. Contestants will have 90 seconds to pitch their business live on stage at Inc. GrowCo, and judges will ask questions and provide feedback about their pitch and business concepts. The all-star panel of seasoned experts will judge the pitches and choose a winner.

$35K Innovative Product Competition
Enter by February 26, 2013

Fishbowl and Intuit present a competition where entrepreneurs can enter their cool idea or recently launched product for a chance to win between $5,000 and $20,000 in cash prizes and more. See website for details.

2013 Small Business Online Marketing Contest
Enter by February 28, 2013

Constant Contact has launched the 2013 Small Business Online Marketing Contest in partnership with the Chicago City Treasurer’s Office. The contest is open from now until February 28th, and will award more than $12,000 in cash and prizes to Chicago small businesses for best email marketing and social media marketing campaigns.

The Small Business Book Awards
Nominations open through March 3, 2013

The 5th Annual Small Business Book Awards, presented by Namecheap.com, are open for nominations. These distinguished awards bring recognition from fans, the public, the industry and your peers.

Business books may be nominated in the following categories: marketing, technology, management, social media, economics, startups, personal finance, leadership/memoirs, and self-help.

New this year is also a category for “Classics” which allows books regardless of year of publishing, to be nominated. For the first time, there is also a category for book resources, which will recognize and honor publishers, publishing platforms, publicists and other resources for authors. Print books and electronic books (ebooks) are welcome.

2013 Northeast Kentucky Small Business Awards
Enter by March 8, 2013

Morehead State University’s Ashland Small Business Development Center is accepting nominations for the 2013 Northeast Kentucky Small Business Awards. The public is encouraged to nominate outstanding small-business owners and/or advocates in three northeastern Kentucky counties â€" Boyd, Carter and Greenup.

Crain’s New York Business Top Entrepreneurs
Enter by March 15, 2013

Crain’s New York is seeking successful businesspeople for its annual Top Entrepreneurs feature to run in May. Companies must be located in New York City, been in business for at least three years, and have revenue of less than $100 million. See website for entry form and eligibility rules.

American Technology Awards
Enter by March 15, 2013

Known as the Termans after Frederick Terman the widely credited father of Silicon Valley, the awards are the only national “Best Of” for technology products and services across the technology industry. Awarded on the basis of a thorough evaluation by industry experts and technology leaders, the Termans are presented at the Technology and Government Dinner in Washington, D.C.

Dell $100M Innovators Credit Fund
Ongoing

Dell has launched a $100 million Innovators Credit Fund, with the purpose of helping entrepreneurs “maximize potential for innovation, speed to market and job creation.” The credit fund will offer both funding and technology resources with IT support, depending on what each start-up needs.

To be eligible, you must have already received some angel funding or venture capital before you can apply. Start-ups can get up to 10% of its current funding or up to $150,000 with limited credit terms. See website for details and application.

If you are putting on a small business contest, award or competition, and want to get the word out to the community, please submit it through our Events & Contests Submission Form. (We do not charge a fee to be included in this listing.) Only events of interest to small business people, freelancers and entrepreneurs will be considered and included.

Please note: The descriptions provided here are for convenience only and are NOT the official rules. ALWAYS read official rules carefully at the site holding the competition, contest or award.

[photo credit: Shorts and Longs Flickr]



Subscribe to: Posts (Atom)