Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Cesare Garlati (Consumerization Evangelist)

    What enterprises need to consider as large numbers of staff prepare to work away from the office.

    A large proportion of staff are set to work remotely this summer as the Olympic Games disrupt the UK’s transport networks. In a recent video interview, Stuart Sumner of Computing asked me whether remote working during the Olympics will create any new security risk for UK firms. My answer is I don’t think so. Remote access and remote working have been present in many companies for a long time now. IT security is certainly a big concern for many firms. However, let’s not forget other critical factors, such as remote access software licensing and scalability.

    During the Olympics it is reasonable to expect the whole employee base to access corporate applications and data from home – likely from employee-owned devices. Let’s not forget that most of the software eventually used in this way may not be licensed for this specific use case – i.e. Microsoft Windows or Office home editions used for work.

    The scalability of the system also needs to be taken into consideration. Typically, remote work is supported from a network perspective through VPN. Well, the VPN architecture usually requires a concentrator or some sort of backend component. This backend component needs to be scalable enough to support not just travelers or a few occasional remote users, but the whole population of the company. The same consideration applies to Remote Desktop and Virtual Desktop infrastructure.

    There has been a precedent we can look at. We had a similar situation in Japan in 2011, when Japan was struck by the triple tragedy of earthquake, tsunami and nuclear disaster. What happened ‑ based on my conversations with many customers ‑ is that most of corporate Japan IT infrastructure collapsed. Firms kept operations going by relying on highly scalable consumer technology such as Yahoo mail, Google apps, Dropbox, Skype and millions and millions of personal mobile devices – such as smartphones and tablets.

    In conclusion: with larger numbers of staff requiring remote access than usual this summer, VPN scalability and software licensing deals – to ensure that the terms are not being infringed by remote workers – are two critical aspects your firm should consider.

    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog

    Posted in Mobile | Comments Off on Remote Working During the Olympics: Any New Security Risks?

    This post is based in part on my remarks at the upcoming Direction 2012 conference in Tokyo on August 7.

    I’ve been talking about Consumerization and BYOD – bring-your-own-device – for quite a while now. What has changed in that past year since my presentation at the CIO Summit in Singapore?

    What has changed is that more and more organizations are adopting BYOD. Executives and IT managers are learning about the benefits and the perils of BYOD first-hand.

    Trend Micro has been working with industry analysts like Decisive Analytics and Forrester Research to take the pulse of IT decision-makers, to help us understand their challenges and what solutions we can offer. They also give us great insights into the state of the union of BYOD.

    So, let’s start with the most obvious question: how widespread is BYOD? Last year, as part of our Consumerization Report, we found that just over half – 56% of those surveyed – said their companies allowed BYOD. Our new studies in 2012 found that this number had gone up quite significantly: the Forrester study found that this figure was now above 76%. What’s most interesting is that you have countries which were relatively resistant to BYOD becoming more accepting today.

    What devices are being used in BYOD? Mostly, what you’d expect: laptops, smartphones, and tablets. It’s the latter two that can cause organizations the most problems. Corporate IT knows how to secure and manage laptops running traditional operating systems; many organizations may not know yet how to properly deal with new mobile platforms stemming from unconventional IT vendors such as Apple (iOS) and Google (Android).

    Even as enterprises adapt BYOD, they’re facing risks and real world consequences. The biggest worries – by far – are data security, compliance, and employee privacy. Not only that, around half of the companies surveyed have admitted that because of BYOD, they’ve lost data.

    What are companies already doing to ensure that BYOD does not turn into a security nightmare? For starters, in almost all cases IT administrators are installing security and remote management software into user devices. They’re also making it easier for IT to wipe personal devices if corporate data is put at risk.

    Both of these are good places to begin, but to properly secure BYOD administrators have to understand two things: what they are securing, and what the threats are.

    IT administrators generally regard the top mobile OSes as being fundamentally identical to one another when it comes to security and manageability. However, that’s not completely accurate.

    As part of the Consumerization Report, we also looked at the inherent security features of four mobile platforms: Blackberry, iOS, Windows Phone, and Android. That’s also the order we scored the four OSes: from most secure to least secure.

    If you’re an IT administrator, that’s quite a problem: the most secure OS is also one that is dying; meanwhile the most popular mobile OS is the most exploited! IT managers have to understand the threat landscape for each mobile platform is subtly different, and protect against these accordingly.

    Let’s look at the two biggest mobile OSes to understand what the risks are. First: the Apple iOS platform.

    The perception is that Apple is a closed, secure platform. However, it’s not immune to risks: if you look at the number of vulnerabilities that are disclosed publicly, the numbers for iOS are far higher in 2012. There’s also jailbreaking, which breaks the Apple “walled garden”, thus lowering security. So iOS has its share of risks, too.

    Android, however, is where the real action is as far as threats are concerned. Consider the chart below:

    Android malware is growing at a rate that’s even exceeding our forecasts.

    Another problem with Android is how many versions are out there in use. Consider the chart below:

    More than 80% of Android devices out there are on rather old versions of Android. That means that vulnerabilities may not be fixed. New security features may not be available.

    Fundamentally, where iOS is a closed platform, Android is an open one. This allows all sorts of threats to proliferate, even within the official Android app store. Let’s just look at the following incidents, which all took place just this year:

    • February 2012: a fake version of Temple Run
    • February 2012: developer pretended to be Rovio, known for the Angry Birds franchise
    • May 2012: 17 malicious apps totaled more than 700,000 downloads; these included a spying app
    • May 2012: another spytool app

    So, in short, the threats in mobile platforms do exist. However, BYOD is going to happen to your organization – whether you like it or not. What IT managers should do is find a way to make it safe for enterprises so it’s not a blind leap of faith, but a reasoned move towards the future.

    The three things I want you to take away from this talk are:

    1. Embrace Consumerization.

    It’s going to happen; it also brings about a more productive and engaged workforce. IT administrators should realize this and work to make BYOD a success within their organization.

    2. Understand the risk profile of the various mobile platforms.

    Each mobile platform has different capabilities available to it, as well as risks facing it. Understanding these is key to making BYOD secure.

    3. Deploy new security and management tools

    Once you have an understanding of the threats and dangers facing your users, you can now deploy the appropriate tools and technologies to guard against these problems.


    You can follow Cesare at or on Twitter at

    Posted in Mobile | Comments Off on BYOD: A Leap Of Faith For Enterprise Users?

    This blog post is based on my talk at the annual “IDC Asia/Pacific CIO Summit” held last July 28, 2011. I regularly blog about this topic at the Trend Micro Consumerization Blog.

    The world of enterprise IT is going through lot of changes right now. One of the most important trends that’s causing these changes is consumerization.

    Now, what is consumerization? Simply put, it’s the trend wherein employees use their own personal IT devices for work. The most obvious consumerization devices are smartphones. More and more smartphones are being sold to consumers today. In fact, 92 million computers were sold in the last quarter of 2010 but more than 100 million smartphones were sold within the same time frame.

    These devices are ending up in the hands of tech-savvy users who have never known a world without the Internet… or a world without immediate connectivity and access. Businesses are going to have to make some real adjustments to lure this new wave of talents and that’s going to require offering them more choices than traditional, standard-issue office laptops.

    However, consumerization is about so much more than just smartphones. There are also so many online services that people are using for work. These can range from social networking sites like Facebook and Twitter to storage services like Dropbox and YouSendIt to voice over IP services like Skype. Skype is a perfect example of the “bring your own IT” concept, as it allows employees to save on roaming fees. Instead, they just need to spend on “premium” Skype subscriptions, which only currently costs about US$20 per month.

    Read the rest of this entry »

    Posted in Mobile | 1 TrackBack »


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice