Category: Uncategorized

Security remains a key concern in the cyber-space, with cyber-attackers striking at will, limited only by the extent of their determination.  Many incumbent security apparatuses have big holes, but the security industry is ever-evolving, constantly adapting to remain one-up on cyber-criminals and offer robust security for new paradigms such as mobile and cloud at the same time.

Here are some of the emerging security technologies to consider for your organization

Newer Malware Detection Models

With many traditional models being an utter flop in preventing cyber-breaches, organizations are looking at newer models to detect malware.

The ingenuity of cyber criminals has rendered the traditional signature-based model of detecting malicious files obsolete. Many organizations now consider other methods, such as machine learning-based mathematical models, or testing suspicious files in a virtual sandbox. Cost-effective SaaS-based security scanning services has also caught on in a big way,  considering most attackers target the configuration weakness and code vulnerabilities.

Many security providers offer solutions that fix attribution on attackers and profile them. San Francisco-based Mykonos Software fingerprint cyber criminals based on their intent and skills and inject the attack platform with a token to block future attacks.

Crowd-sourcing is making a mark in security as well. Palo Alto Networks, a Santa Clara, California-based company has pioneered this front with its Wildfire platform that uses a cloud-based malware analysis environment, to share threat information with all subscribers.

Improved Services

Even as some conventional security services has flopped, others such as trust services and encryption retain their relevance. However, these services too are under considerable stress, owing to developments in technology.

IoT boom overwhelms Trust Services with the need to support billions of devices, many with limited processing capability. Some leading-edge approaches adopted by organizations to cope up with the challenge include the use of distributed trust and block chain-like architectures.

Likewise, while full encryption of the data before saving it in the cloud addresses the security needs, it impedes usability. Homomorphic encryption, which allows categorizing and mining encrypted files, is gaining traction now, as a solution.

Erecting Forts

In today’s BYOD era, trying to control the employee’s phone is akin to ordering the tides to go back. Security experts have long realized the more efficient way is to enforce security at the application level, and deploy application containers or wrappers for the purpose.

Likewise, more and more organizations look at hardware isolation to contain attacks. Secure virtual containers are becoming familiar to insulate web browsers, PDF readers, and other executable files. Bromium, a Cupertino, a California-based company has launched a micro-visor that isolates system processes.

Another fortification measure that has caught on is “micro-segmentation,” or more intense granular segmentation of east/west traffic in the networks. Typically, attackers can move around the network at will, once they gain entry. Visualization tools that make explicit flow patterns, and allow admins to set segmentation policies, thwart such free movement and contain the damage to a small area. Point-to-point IPsec tunnels and cryptographic isolation between workloads are some tools that help contain the breach to the particular area, post-visualization.

Deceiving the Deceiver

With perimeter fencing having all but lost the battle to cyber-attackers, more and more organizations now resort to deception.

Deception technology tries to beat malware at its own game, by resorting to various deceptive tricks against it. The most common method is deploying honeypots to create fake vulnerabilities, and lure the attackers into distributed endpoint decoy systems. When the attackers touch an emulator that serves as a honeypot, the security system triggers the alarm.

Gartner predicts about 10% of enterprises to use deception tools and tactics, by 2018.

Dissuading the Attacker

If organizations can identify the motive of the cyber attacker, they can work to remove the motivation, and hence deter the attacker. Most targeted attacks aim to steal intellectual property and other information that has commercial value. Many organizations now indulge in comprehensive risk assessments, to identify tempting targets resident in their systems. They can either beef up security around such critical assets or even take such assets offline.

Denying the Attackers

Organizations now deploy various innovative measures to deny attackers.  One measure which has gained considerable traction is remote browsers. Most attacks target end-users with malware-infected URLs, email, and messages. A remote “browser server,” isolates the browsing function from the rest of the endpoint and corporate network, thereby keeping malware off of the end user’s system, and reducing the risk manifold.

Indulging in Deep Profiling

Accenture’s 2013 Technology Vision document is a perfect example of deep authentication, authorizing users based on their location, time of day, and several other factors that make it virtually impossible for even legitimate or familiar users to gain unauthorized access.

Today’s organizations go even beyond, many of them deploying artificial intelligence empowered systems that understand legit users’ daily activity profile, place login attempts in context, and take risk-based decisions in real-time. For instance, an employee who has no business to travel suddenly making a login attempt from Timbuctoo raise a serious red flag, and cause a lock-down.

User and entity behavioral analytics (UEBA) generates deep insights on not just user behavior, but also on endpoints, networks, and applications. Organizations need to factor in such analytics to an intelligence-driven security operations center (SOC) and adopt event-based monitoring in a big way.

Beefing Up the Authentication

Most organizations now employ multi-factor authentication. The password nevertheless remains the primary authentication mechanism. It has been a cat-and-mouse game between security experts and cyber criminals, with the increased complexity of the passwords invariably matched by advancements in password-cracking technologies. Security experts are toying with substituting passwords with biometric authentication methods. Only the difficulty in wrapping hardware and software around biometrics has prevented this move from becoming mainstream.

However, hardware tokens as part of the authentication process are now mainstream. Intel’s new, sixth-generation Core vPro processor offers “Authenticate” solution that validates a user through permutations of various hardware-enhanced factors. Hardware authentication is not just useful to secure traditional endpoints such as laptops and mobiles, but it even more critical in the IoT world, where a network needs to ensure the thing trying to gain access should have access to it.

Deploying the latest technology alone, however, does not guarantee security. Even the best security method falters in isolation. What is needed is a comprehensive analysis and deployment of the appropriate security measures as part of an integrated whole. Get in touch with us for a comprehensive security assessment and implementation of the right security suite, in the right way.

The age of mobility – where smartphones and tablets literally define the way we live and not a single person can spend even a few hours, let alone a whole day, without his/her mobile. This is the age that we live in now. Can you even imagine your life without your smartphone?

Difficult isn’t it?

I mean think of all the things you do through your phone now and the number of applications you use, to get things done. Taking into consideration the fast paced business environment that we live in, if you don’t own a smartphone, then you don’t really live.

This trend though, has also been putting lots of pressure on the developer’s end for creating more useful enterprise mobile applications. All companies in the business of mobility have been facing this crunch for quite some time now. Put together with issues like lack of adequate resources, infrastructure, and manpower, the pressure is even more.

Gartner says that by the end of 2017, the market demand for enterprise mobile application development services would surpass internal organization’s capacity to develop them. And by 2019, the sale of mobile phones would reach 2.1 billion units. This only means an even higher demand rate for mobile applications, that too, at the pinnacle of quality and performance.

It gets even more complicated

Apparently, in today’s digital business and work environments, people on an average use at least three different devices as part of their daily routines. And it doesn’t stop there. In the coming years, this number is only going to increase to five and six devices, as technologies like wearables and most importantly the Internet of Things (IoT) become mainstream. Moreover, the employees are also given the freedom to choose the applications, devices and even processes required to complete their jobs. All this increases the pressure on the developers to create different varieties of mobile apps in short time frames. Most enterprises these days, find it a great challenge to produce, deploy and distribute mobile apps at the very fast pace in which they are demanded. Finding and employing developers with all the necessary skills and expertise for the same is an increasingly difficult task, not to mention how expensive it is.

A survey on mobile app development conducted by Gartner in 2014, revealed that a large majority of organizations have developed and deployed only less than about 10 apps and a significant number of organizations did not release any mobile apps at all. This shows the hesitation that most organizations have and the difficulties they face related to resources, tools and platforms, that stop them from releasing more mobile apps, let alone their goal of 100 apps.

Handling the high demand for mobile app development services

In order to overcome such app development challenges and speed up the process of app development, there are certain practices that organizations can follow, as suggested by Gartner. Some of them are:

• Prioritizing app development – Owing to the high demands faced by most organizations, their mobile development teams are overburdened and hence fall short on app quality and timely, effective deployment. It becomes a first-come first serve approach, when it comes to usage of resources, which in turn leads to their inefficient use as well. Often, this lack of prioritization is what leads to the inability to meet demands. The entire mobile team needs to prioritize app development and formulate a better app development strategy. They need to analyze and understand the needs of the different business stakeholders and plan development activities according to their priorities. This helps in clearly defining mobile app development criteria for effective evaluation of mobile projects to a large extent.
• Bimodal IT approach – Adopting a bimodal IT approach, that integrates both innovation and agility to deliver apps more efficiently, can go a long way. It helps to create an agile API layer, that also simplifies the process of connecting mobile apps with different types of data sources.
• Rapid Mobile Application Development (RMAD) tools – RMAD tools help a great deal in filling the gap between demand and supply of mobile app development. Many approaches like drag-and-drop codeless tools, model-driven development, orchestration, code generation, virtualization and the like can be used effectively for rapid development of mobile apps. These help automate certain aspects of coding, which not only saves time but also simplifies the whole process of development, making it less difficult for even people with less programming skills to develop mobile apps and modify them.
• Mixed sourcing approach – Maintaining a full in-house development environment for mobile apps in all hot technologies could be difficult for a lot of organizations, given the increasing demand for the same. It also involves several specific capabilities like UX and UI designing, psychology and cellular coverage testing and the like, which call for experienced hands. Hence, it may be more effective to outsource certain complex and specific app development activities to third parties, who could handle them more easily, and retain the development of the rest. Over time, in-house production skills could improve, but to meet current pressures, this could be effective. Around 55% of organizations are found to be successfully delivering mobile apps using this mixed approach.

In order to keep up with the rapidly growing need for mobile app development services, organizations simply have to do something about their development capabilities, these steps can be a start for increasing efficiency and productivity.

At this point, due to several years of rapid technological advancement, we can safely estimate that there are billions of connected devices, and that number is increasing with each passing day. The Internet of Things (IoT), has become so commonplace, that we hardly even notice how they impact our businesses. We have a number of “smart” devices: interconnected and operating with synergetic effect. This provides a whole range of new opportunities for business enterprises across industries.

In the field service industry, companies are extending and taking advantage of IoT. Whether it is at the customer’s house or place of business or shop floor, service companies are finding new ways to improve operational efficiency and achieve higher levels of customer satisfaction. By utilizing the data collected from various connected devices and sensors, these companies can deploy personnel more effectively and provide better services. Improved data — and data collection methods — are driving the move to a more proactive approach in their maintenance and repair services.

The interoperability between devices and platforms

Field service technicians need interconnected devices and applications to achieve the optimal business value potential. Thanks to the greater availability of network access, field service technicians can see bigger payoffs from the constant connectivity among service providers, customers and dispatchers. As a result, they are able to make more and better real-time decisions, but only if they are able to get the right information at the right times. It also helps when they have faster and easier ways to collaborate with their colleagues and providers more effectively and efficiently, empowering them to make better, more informed decisions at the right times. When that happens, they get to complete their job on-time the first time. Providers with on-the-cloud field service applications, thus have the competitive advantage when compared to those that use only on-premise solutions.

Everything is changing

The connected devices, platforms and applications are changing the way field agents work. We all know that by now. The major impact here is the value of the real-time information generated and captured from the various endpoint assets, which literally changes the way we manage field service workforce. But on the flipside, these connected endpoints carry with it a few challenges as well, like data security and big data analytics. With so many devices, there can be an escalation in the amount of unwanted information that can get collected in the process. It can be a daunting task for enterprises to filter big data and extract useful insights from them. Field service companies need to make sure that they have the technology and the mechanisms necessary to maintain data integrity and also to share with the technicians, data that is relevant and related to the technicians relation with the endpoint device.

Wearables

Although wearables are still in their initial adoption phase for a majority of us, new wearable devices are coming on the market every day. The challenge is to find wearables that can be used in the context of a company’s business applications.

Most technicians have a problem of relating contextually relevant information from wearable end-points that have not considered carefully enough how to connect the technician to their tasks at hand. For the same reason, getting alerts, and updates to those in the field via wearables still remain challenges to its adoption.

Nevertheless, wearables are definitely increasing in adoption in the field service industry, but there are certain concerns that need to be addressed soon, like security, form factor and most importantly, making sure that sharing of data is relevant and is based on the field service agent’s relationship with the particular endpoint device or asset. Those companies that address this problem and focus on providing contextually relevant information along with a friendly user interface, will stand to gain.

It is anticipated that 75% of field service organizations, in the next 3 years, will be providing smart wearables like watches, glasses and the like, to their field technicians. This only means that the rest of the applications necessary to facilitate and support this kind of growth need to gear themselves up.

Image credits: Techradar

When would you go for a hybrid mobile application?
When you want your application to be compatible with more than one operating system and you have very less time for developing the application. These are the two basic factors that you might consider while choosing to go hybrid.

Hybrid applications are considered to be a lot easier to develop than native applications, essentially because most of the code, required for development can be reused in different platforms. For the same reason, they cost less and require much lesser time for development when compared to native mobile applications. With all these advantages, your chances of choosing to go for hybrid application development, are pretty high.

Hybrid mobile application development is often assumed to be a one-size-fits-all approach. A single set of code can be reused with minor tweaks across different operating systems or platforms. From an organizational perspective as well, hybrid applications might seem easier. Instead of hiring separate developers for each platform, a single set of developers can do the job.

One-size-fits-all: does it really apply?

However, the one-size-fits-all principle might not be entirely true. For hybrid applications to have access to device capabilities like the accelerometer, the camera etc. they need plugins, coded in the respective native language according to the platform. Now, these plugins, are actually the most crucial part of a hybrid application; without these, they are no better than a web application. There are several risks associated with these plugins though. They are not quite reliable in terms of consistency and sometimes may go missing altogether. This is especially true where the mobile platform for which the plugins are developed, gets upgraded. In other words, when several versions of a particular mobile platform are introduced, the plugins associated with it might get outdated or unreliable. Most often it is halfway through development, focusing on the features of the mobile platform, that you realize that the plugins are missing. Then you are forced to either do away with a feature altogether or code plugins yourself. And like I said, plugins are one of the most essential parts of developing a hybrid application, so without it, the whole purpose of hybrid apps is pretty much unserved.

Another problem associated with hybrid apps is that even though they are easy to develop and deploy, they don’t perform as well as native apps. The look and feel of hybrid apps is also not as smooth and natural as their native counterparts. Again, since they need plugins to work with a mobile device, that needs to be coded in their native language, you will need to spend way too much time fixing them in case of bugs. Also, they use separate webview implementations for different platforms, as they are hosted through each platform’s webview, which is not needed in case of native applications. Native applications can run in an operating system independently. In short, hybrid applications have several dependencies like plugins and webview implementations. They in turn vary according to the platform used for creating the application.

Hence, you really cannot rely on the fact that hybrid apps go with every platform and device, with little tweaks. In order to achieve maximum efficiency from your hybrid apps, you need to make sure that the essential APIs are in place and available well ahead of development.

iBeacons, one of the most thoughtful and effective recent innovations in the world of technology, have taken over the area of consumer interaction and experience in almost every industry now. They have been quite helpful in keeping consumers engaged and thereby increasing sales. iBeacons were introduced by Apple in 2013, as part of their efforts to provide better location-based services to consumers. Being a proprietary closed spec technology, it is not available for development by others, although there are other beacons using the iBeacon format.

Here we discuss 2 such different beacon technologies, that came into being after iBeacons:

1. AltBeacon – As the name suggests, it is a beacon that was developed as an alternative to iBeacons. It is an open source and free beacon design, developed by Radius Networks and has almost the same functionalities as iBeacon, except that it is not company specific. A noteworthy feature of AltBeacons is that they have 25 of 28 bytes available for user data, which enables more data to be delivered per message. It is also not limited to single-function devices and works with any device that is Bluetooth Low Energy (BLE) compliant. Considering that it is a very new technology, it is not being widely used yet. Although, in time, they are very likely to become popular because of the fact that they can carry more data and that they are open spec.
2. Eddystone – This is an open beacon format by Google developed as part of their Physical Web project. They are very similar to iBeacons except that they have a URL in the payload. They deliver short links to the web through BLE advertising packets. It Doesn’t require an external database. This allows for benefits like promotional codes that can be made available at retail stores which can be used to go to a webpage having a discount coupon or things like that.
   URIBeacon – It is another Google beacon developed as a part of their Physical Web project. URIBeacons have slowly evolved to be a part of the new Eddystone format. It uses 28 bytes of the 31 bytes available in an advertising packet. Just like Eddystone, they also support URLs through their BLE advertisement packets.It has a configuration service, unlike AltBeacons and iBeacons. These have to be updated with new information and they keep changing with time. How they differ from their new improved version (Eddystone) is that Eddystone supports a variety of payload types now, while URIBeacons do not. Also, Eddystone offers a lot more support for Unique IDs through its Eddystone-UID framework, which was again not the case with URIBeacons. Moreover, Eddystone is now more open to future innovations.

In short

iBeacons and AltBeacons are almost the same except for the fact that iBeacons are closed spec and AltBeacons are not. They both use external databases and broadcast Universal Unique IDs. Being Apple-branded, iBeacons are more widely used than AltBeacons. On the other hand, URIBeacons do not use external databases, instead they use web links to link the data directly. In that sense, the workload on the app side for URIBeacons is comparatively more. And they are slowly becoming a part of the Eddystone format.

Although iBeacons are the most popular form of beacon technology used nowadays, the other types are also slowly catching up. Together, they are likely to transform the way data is being transmitted, whether it is in the retail industry, or the finance industry or any industry. In all, the beacon technology is definitely here to stay and is wide open for innovations in future.