My latest posting on NoJitter is now available:
- PilotHouse Vendor Rating
- Contact Center and Customer Engagement
- Cloud and Data Center
- Cost Models and Total Cost of Ownership
- Enterprise Trusted Advisor
- IT Innovation, Transformation, and Enterprise Technology
- Mobile and Network Services
- Security, Risk Management, and Compliance Research Initiatives
- Unified Communications and Collaboration
At last week’s Enghouse Interactive Analyst Event, I had a chance to get up close and personal with some of their contact center products.
Incoming CISOs like to joke that the first item they’re issued when they begin the new job is a T-shirt with a target on it.
App Store’s Late HTTPS Fix Underscores Ongoing Mobility Vulnerability
Apple released a fix in the latest version of its iOS mobile operating system, well-known as system that powers the company’s iPhones and iPads. Used by almost every site that is serious about encrypted traffic for the transmission of authentication or payment information, Hypertext Transfer Protocol Secure (HTTPS), was only partially implemented in Apple’s App Store. A Google researcher has documented a variety of different attacks an attacker could use to take advantage of non-HTTPS protected App Store transactions, including password stealing, app swapping, fake app upgrades, app upgrade/installation prevention and installed app list leak. These App Store vulnerabilities and exploits have been possible since at least July 2012, when they were first reported. While Apple has since patched the issue, the lack of HTTPS usage is largely unprecedented and the company’s delay in incorporating it is equally shocking.
While 46% of companies use mobile devices management (MDM) today, and more than 80% expect to have deployed a solution by the end of 2014, issues such as these demonstrate that MDM alone is not enough to secure iOS or Android devices.
ETA Bottom Line:
Mobile OS’ continue to show vulnerabilities and oversights in security that requires manufacturer intervention to fix. To truly safeguard mobile devices and the infrastructure they use, companies should evaluate network-based MDM (NMDM) and app control solutions.