Tuesday, March 29, 2011

Network Nightmare? Personal Phones on Agency Networks

March 28, 2011 By Hilton Collins

Elayne Starkey, Delaware’s chief security officer, was worried. In 2010, she was concerned about state employees accessing the government network with personal smartphones despite the availability of state-issued BlackBerrys. The Department of Technology and Information gave employees BlackBerrys that were secured to the government’s liking. Employees’ personal smartphones, however, were a different story. Owners may have had security controls on them; they may not have.

The idea of employees using unsecured devices to access the state network didn’t make the state’s security chief happy. And employees voiced concerns of their own: The current standardization model wasn’t working.

“They were carrying around their personally owned smartphone anyway, thinking, ‘Why can’t we just combine all this access into a single device? Why do I have a BlackBerry on one hip and my personal smartphone on the other?’” Starkey said.

So on Nov. 15, 2010, Delaware state employees no longer had wholesale access to the state network on personal devices. If someone wanted to use a personal device for government business, he or she needed a manager’s approval. And the phone in question had to meet specific security standards to get the green light.

“I’m sleeping easier at night because I know that, as of Nov. 15, we have closed a significant vulnerability,” Starkey said. “Before Nov. 15, there was unfettered access to state data.”

Mobile security in general has caused quite a few headaches. The National Association of State Chief Information Officers (NASCIO) cited numerous laptop breaches in a two-part report, Security at the Edge — Protecting Mobile Computing Devices, including 2007 Ponemon Institute data claiming that more than 42 percent of all U. S. data breaches — public and private — came from lost or stolen laptops. The estimated average cost of each breach was nearly $50,000.

With smartphones entering the picture, the possibilities for data loss and corruption dramatically increase. Kevin Murray, vice president of product marketing at iPass, a network and mobility services company, said mobile devices — and their dangers — are here to stay. “In 2010 and before, mobile workers were essentially the exception, not the rule, and what we’re seeing in IT in general is that the mobile worker is really setting the rules now.”

The iPass Mobile Workforce Report, released in November 2010, found that 22 percent of employees surveyed breached corporate policy by using an unauthorized smartphone for work even when their companies had a strict policy against it.
Shifting Demands
Delaware changed its mobile device strategy to meet employee demands, but not without setting rules. If employees want to use their personal mobile phones for work, their managers must agree that there’s a need for it. And even after approval, some smartphones may not make the cut.

Delaware still distributes state-issued BlackBerrys, but non-state-issued mobile devices must meet seven controls that include strong passwords that expire, inactivity time-outs, encryption, lockouts after seven failed password attempts and remote wiping capabilities in case of loss or theft.

The Department of Technology and Information also created a list of devices that support the security controls, and supplied information to employees on what to tell their providers if they need assistance.

Starkey would like her department to be even more helpful, but that’s not feasible. “As much as I’d love to be an expert on every single mobile device out there and every single operating system version that’s available on those devices, we just can’t do it,” she said. “It’s really impractical for them to look at the state help desk as their hotline for their personally owned smartphone questions.”

Many would likely agree that it’s unwise to lay security responsibilities mainly in the hands of the employee. Murray is one of them. “It can’t be, ‘Here’s your phone,’ or, ‘Here’s the instructions on what phone to buy. Good luck,’” he said. “The critical thing is, IT still has to be involved with enforcing the policy on that device, even if it’s user liable.”

Charles Robb, a NASCIO senior policy analyst, wrote in part two of the Security at the Edge series that of 36 surveyed states, 14 had policies allowing the use of personally owned smartphones for work, 10 prohibited their use, six were reviewing state policy on the matter, and six left the decision to individual state agencies rather than central IT.

Theresa A. Masse, Oregon’s chief information security officer, agrees with others about the impending threats smartphones pose, especially when government IT doesn’t own or control them. “Now you potentially have state information on a personally owned device, so we don’t know what’s on it,” she said. “We don’t know who else is using it. We don’t know how it’s stored. It’s a huge issue. Are people patching it? Where are they wandering around on their own personal device? What are they looking at?”

Masse’s department, the Enterprise Information Strategy and Policy Division, doesn’t issue government mobile devices en masse. The state leaves it up to individual agencies to decide how they’ll approach smartphone use on the job.

“We ask them to make it as a business decision and to consider the risk,” Masse said. If agencies decide to go mobile, they must develop internal policy on network access and information storage. Oregon’s policies on acceptable use and controlling portable and removable storage devices were implemented in 2007.

Nebraska’s stance is tougher: Employees aren’t allowed to use personal devices if they can access confidential information. The risks are too great. “If they have information that could walk away from state government, we have no ability to make sure that we are protecting the state against what that personal device could introduce to our networks,” said Nebraska CIO Brenda Decker.

The Mobile Lockdown
The first Security at the Edge paper cites 2008 National Institute of Standards and Technology (NIST) recommendations on cell phone and PDA security, which may not be as up-to-date as some might like, but it’s certain that people from the organization have some insight on the issue.

For starters, anyone assuming that federal information would be more attractive to cyber-criminals than state or local information should think again. “It depends,” said Tom Karygiannis, a senior researcher at NIST. “Los Angeles, how big is that economy, right? Or California, for example — the state of California is huge.”

Government users can download unsafe apps onto their smartphones just as they can with laptops or PCs. And losing a smartphone could be a recipe for disaster even if it has nothing to do with a traditional hacker-victim breach. “Let’s say you’re drafting some memo in the public sector and it’s just a draft,” Karygiannis said. “It’s meant for internal use and just discussion. This thing gets out and then people start writing articles on it. It’s not even true.”

He said users could compromise security out of device confusion. If a lab employee has a personal phone and a corporate one, it’s possible he may accidentally take a top-secret photo with a personal device instead of with the corporate phone. It’s an honest mistake, but now a top-secret image is on a personal network. “That’s just a goofy example, but you could be in an area where there are privacy issues and people shouldn’t be taking pictures,” Karygiannis said. NIST publishes guidelines and recommendations for various technologies at http://csrc.nist.gov.

The iPass report recommends that enterprise IT look beyond the laptop when it comes to IT security — rising smartphone and tablet adoption demand a more holistic approach. And managers should ensure that employee devices meet established security criteria before they’re approved.

http://www.govtech.com/security/Personal-Phones-on-Agency-Networks.html

Saturday, March 5, 2011

AmeriStar Network Inc. Completes 1-for-2 Reverse Stock Split and the Merger of SecurDigital Inc.

NEW YORK, NY -- (MARKET WIRE) -- 02/28/11 -- AmeriStar Network Inc. (PINKSHEETS: AMWKD) announced today that FINRA has put the 1-for-2 Reverse Stock Split on the FINRA Daily List. In addition, the merger of SecurDigital Inc. into a wholly-owned subsidiary of AmeriStar became effective.

The Company is also pleased to announce that Mr. Bruce Magown, the co-founder, President and CEO of SecurDigital Inc., was elected to the Board of Directors. Mr. Magown will continue to manage the day to day operations of SecurDigital.

SecurDigital Inc. developed proprietary technology to protect corporations, governments and even individuals from scanning, hacking and espionage that constitutes a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.

SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability for WiMAX and WiFi products globally.

Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Compnay filings with the Securities and Exchange Commission.

Contact:

O. Russell Crandall
Chairman
AmeriStar
Email: Email Contact
Phone (435) 229-1955

Source: AmeriStar Network Inc.

AmeriStar Network Inc. Files Merger Agreement With SecurDigital Inc

NEW YORK, NY -- (MARKET WIRE) -- 02/09/11 -- AmeriStarNetwork, Inc.(PINKSHEETS: AMWK), quoted on OTC Markets (Pink) (see www.otcmarkets.com) under the symbol AMWK.PK, announced today that it has received certifications from the Delaware Secretary of State consummating the merger with SecurDigital, Inc. and the 1 for 2 reverse stock split; the effective date of both corporate actions is February 15, 2011. The Company has filed these State certifications with FINRA and believes it has met the filing requirements of that regulatory body.

Secur Digital, Inc., a private company, has developed proprietary technology to protect corporations, governments and even individuals from hacking and espionage that is a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.

SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability" for WiMAX and WiFi products globally.

The headquarters of the merged enterprise will be moved to New York City, with branch offices located in Washington, D.C., Connecticut and Utah. The merged company intends to change its name to SecurDigital, Inc. and to apply for a new trading symbol after the effective date of the merger.

Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Company filings with the Securities and Exchange Commission. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.

Nothing in this press release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.

Contact:
O. Russell Crandall
Chairman AmeriStar
Email: Email Contact
Phone (435) 229 - 1955
URL: www.ameristarnetwork.comSource: AmeriStar Network, Inc.

Ameristar Networks, Inc. (AWWKD), Bringing Disruptive Technologies to Market

NEW YORK, NY -- (MARKET WIRE) -- 01/10/11 -- AmeriStarNetwork, Inc. (the "Company") (PINKSHEETS: AMWK) announced today that it has filed documents with FINRA, the securities industry regulatory body, to provide notification of corporate actions and has received from FINRA a request for additional documents; the Company expects to deliver all required documents within the next few days. AmeriStarNetwork, Inc. has negotiated the acquisition of SecurDigital, Inc., a private company that has developed significant technology in the protection of wireless transmissions from hacking and espionage, as a merger of equals. The Company and SecurDigital, Inc. will consummate the merger ten days after delivery of all information requested by FINRA, which could be in mid-January.

Among the requirements of the Merger Agreement with SecurDigital, Inc., AmeriStarNetwork, Inc. has agreed to reverse split the presently outstanding stock on the basis of two old shares for one new share, and this reverse split was approved by a majority of the shareholders of the Company on December 16, 2010, and will be effective at the time of the merger. While a majority of the shareholders of SecurDigital, Inc. have indicated a willingness to proceed with the merger, they have the right to cancel the merger if the Company has not accepted a minimum amount of subscriptions to its offering by January 15, 2011, which requires only $200,000 more in subscriptions. The Company anticipates achieving the minimum during the next ten days and closing the merger shortly thereafter.

At present, the AmeriStarNetwork, Inc. corporate offices are located in Utah, and SecurDigital, Inc. has offices in Washington, D.C., Connecticut and New York City; it is anticipated that the headquarters of the merged enterprise will be moved to New York City.

About Secur Digital , Inc.

The founders of SecurDigital, Inc. are experienced technology entrepreneurs and business professionals, possessing a breadth of functional experience in software product development, system, network integration, the marketing of emerging products, new technologies, strategic collaborating, and corporate finance.

The technology developed by SecurDigital, Inc. is unique and is a major advance in the delivery of wireless encrypted secure and interoperable communications. Eliminating the exposure of wireless communications to scanners or hackers, SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model. There are no charges for installing the SecurVoice™ software, and subscribers are charged a modest monthly subscription fee as long as they utilize the application.

SecurVoice™ technology is agnostic as to carrier, operating system and hardware, performing "Wireless Interoperability" for WiMAX and WiFi products globally. It is an unrecognizable digital transmission, hence secure or private, depending on the level of encryption, and is the world's first totally secure, wireless, digital communications "software only" solution for security and INTEROPERABILITY over wireless and VoIP communications.

Secur Digital, Inc. believes that the SecurVoice™ software, with its unique and versatile interoperable technology, is the best solution to secure voice, data, audio, video transmission, since it is designed for VoIP, wireless cell phone transmission, smart phones, satellite phones and push-to-talk (radio) units.

About Ameri Star Network, Inc.

Ameri Star Network, Inc. is a non-reporting public company listed on Pink Sheets Markets under the symbol AMWK.PK. The Company has invested in technology enterprises for over a decade and is managed by seasoned executives, most of whom have been shareholders of the Company since 2000. AmeriStarNetwork, Inc. currently holds a 20% interest in Mortgage Internet Technologies, Inc., a mortgage industry software development company founded in 1997. That company's proprietary flagship technology is called the Virtual Lender® (www.vLender.com), which completely automates the process of creating a full service online loan origination web site and business process management system for both the mortgage company and the mortgage loan originator.

Forward-Looking Safe Harbor Statement

Statements in this news release regarding future financial and operating results, future growth in research and development programs, potential applications of technology, opportunities for the Company and any other statements about the future expectations, beliefs, goals, plans or prospects expressed constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements that are not statements of historical fact (including statements containing the words "will," "believes," "plans," "anticipates," "expects," "estimates" and similar expressions) should also be considered to be forward-looking statements. There are a number of important factors that could cause actual results or events to differ materially from those indicated by such forward-looking statements, including limited operating history, need for future capital, risks inherent in the development and commercialization of potential products, protection of the Company's intellectual property and economic conditions generally. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.

Nothing in this news release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.

Information about AmeriStarNetwork, Inc. is available on the Company's web site at www.ameristarnetwork.com or contact O. Russell Crandall, Chairman, by mail at the offices of the Company, by email at info@ameristar.com or call (435) 229 - 1955.

Contact:
O. Russell Crandall
Chairman
Email Contact
(435) 229-1955

Source: AmeriStar Networks, Inc.