March 28, 2011 By Hilton Collins
Elayne Starkey, Delaware’s chief security officer, was worried. In 2010, she was concerned about state employees accessing the government network with personal smartphones despite the availability of state-issued BlackBerrys. The Department of Technology and Information gave employees BlackBerrys that were secured to the government’s liking. Employees’ personal smartphones, however, were a different story. Owners may have had security controls on them; they may not have.
The idea of employees using unsecured devices to access the state network didn’t make the state’s security chief happy. And employees voiced concerns of their own: The current standardization model wasn’t working.
“They were carrying around their personally owned smartphone anyway, thinking, ‘Why can’t we just combine all this access into a single device? Why do I have a BlackBerry on one hip and my personal smartphone on the other?’” Starkey said.
So on Nov. 15, 2010, Delaware state employees no longer had wholesale access to the state network on personal devices. If someone wanted to use a personal device for government business, he or she needed a manager’s approval. And the phone in question had to meet specific security standards to get the green light.
“I’m sleeping easier at night because I know that, as of Nov. 15, we have closed a significant vulnerability,” Starkey said. “Before Nov. 15, there was unfettered access to state data.”
Mobile security in general has caused quite a few headaches. The National Association of State Chief Information Officers (NASCIO) cited numerous laptop breaches in a two-part report, Security at the Edge — Protecting Mobile Computing Devices, including 2007 Ponemon Institute data claiming that more than 42 percent of all U. S. data breaches — public and private — came from lost or stolen laptops. The estimated average cost of each breach was nearly $50,000.
With smartphones entering the picture, the possibilities for data loss and corruption dramatically increase. Kevin Murray, vice president of product marketing at iPass, a network and mobility services company, said mobile devices — and their dangers — are here to stay. “In 2010 and before, mobile workers were essentially the exception, not the rule, and what we’re seeing in IT in general is that the mobile worker is really setting the rules now.”
The iPass Mobile Workforce Report, released in November 2010, found that 22 percent of employees surveyed breached corporate policy by using an unauthorized smartphone for work even when their companies had a strict policy against it.
Shifting Demands
Delaware changed its mobile device strategy to meet employee demands, but not without setting rules. If employees want to use their personal mobile phones for work, their managers must agree that there’s a need for it. And even after approval, some smartphones may not make the cut.
Delaware still distributes state-issued BlackBerrys, but non-state-issued mobile devices must meet seven controls that include strong passwords that expire, inactivity time-outs, encryption, lockouts after seven failed password attempts and remote wiping capabilities in case of loss or theft.
The Department of Technology and Information also created a list of devices that support the security controls, and supplied information to employees on what to tell their providers if they need assistance.
Starkey would like her department to be even more helpful, but that’s not feasible. “As much as I’d love to be an expert on every single mobile device out there and every single operating system version that’s available on those devices, we just can’t do it,” she said. “It’s really impractical for them to look at the state help desk as their hotline for their personally owned smartphone questions.”
Many would likely agree that it’s unwise to lay security responsibilities mainly in the hands of the employee. Murray is one of them. “It can’t be, ‘Here’s your phone,’ or, ‘Here’s the instructions on what phone to buy. Good luck,’” he said. “The critical thing is, IT still has to be involved with enforcing the policy on that device, even if it’s user liable.”
Charles Robb, a NASCIO senior policy analyst, wrote in part two of the Security at the Edge series that of 36 surveyed states, 14 had policies allowing the use of personally owned smartphones for work, 10 prohibited their use, six were reviewing state policy on the matter, and six left the decision to individual state agencies rather than central IT.
Theresa A. Masse, Oregon’s chief information security officer, agrees with others about the impending threats smartphones pose, especially when government IT doesn’t own or control them. “Now you potentially have state information on a personally owned device, so we don’t know what’s on it,” she said. “We don’t know who else is using it. We don’t know how it’s stored. It’s a huge issue. Are people patching it? Where are they wandering around on their own personal device? What are they looking at?”
Masse’s department, the Enterprise Information Strategy and Policy Division, doesn’t issue government mobile devices en masse. The state leaves it up to individual agencies to decide how they’ll approach smartphone use on the job.
“We ask them to make it as a business decision and to consider the risk,” Masse said. If agencies decide to go mobile, they must develop internal policy on network access and information storage. Oregon’s policies on acceptable use and controlling portable and removable storage devices were implemented in 2007.
Nebraska’s stance is tougher: Employees aren’t allowed to use personal devices if they can access confidential information. The risks are too great. “If they have information that could walk away from state government, we have no ability to make sure that we are protecting the state against what that personal device could introduce to our networks,” said Nebraska CIO Brenda Decker.
The Mobile Lockdown
The first Security at the Edge paper cites 2008 National Institute of Standards and Technology (NIST) recommendations on cell phone and PDA security, which may not be as up-to-date as some might like, but it’s certain that people from the organization have some insight on the issue.
For starters, anyone assuming that federal information would be more attractive to cyber-criminals than state or local information should think again. “It depends,” said Tom Karygiannis, a senior researcher at NIST. “Los Angeles, how big is that economy, right? Or California, for example — the state of California is huge.”
Government users can download unsafe apps onto their smartphones just as they can with laptops or PCs. And losing a smartphone could be a recipe for disaster even if it has nothing to do with a traditional hacker-victim breach. “Let’s say you’re drafting some memo in the public sector and it’s just a draft,” Karygiannis said. “It’s meant for internal use and just discussion. This thing gets out and then people start writing articles on it. It’s not even true.”
He said users could compromise security out of device confusion. If a lab employee has a personal phone and a corporate one, it’s possible he may accidentally take a top-secret photo with a personal device instead of with the corporate phone. It’s an honest mistake, but now a top-secret image is on a personal network. “That’s just a goofy example, but you could be in an area where there are privacy issues and people shouldn’t be taking pictures,” Karygiannis said. NIST publishes guidelines and recommendations for various technologies at http://csrc.nist.gov.
The iPass report recommends that enterprise IT look beyond the laptop when it comes to IT security — rising smartphone and tablet adoption demand a more holistic approach. And managers should ensure that employee devices meet established security criteria before they’re approved.
http://www.govtech.com/security/Personal-Phones-on-Agency-Networks.html
Tuesday, March 29, 2011
Saturday, March 5, 2011
AmeriStar Network Inc. Completes 1-for-2 Reverse Stock Split and the Merger of SecurDigital Inc.
NEW YORK, NY -- (MARKET WIRE) -- 02/28/11 -- AmeriStar Network Inc. (PINKSHEETS: AMWKD) announced today that FINRA has put the 1-for-2 Reverse Stock Split on the FINRA Daily List. In addition, the merger of SecurDigital Inc. into a wholly-owned subsidiary of AmeriStar became effective.
The Company is also pleased to announce that Mr. Bruce Magown, the co-founder, President and CEO of SecurDigital Inc., was elected to the Board of Directors. Mr. Magown will continue to manage the day to day operations of SecurDigital.
SecurDigital Inc. developed proprietary technology to protect corporations, governments and even individuals from scanning, hacking and espionage that constitutes a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability for WiMAX and WiFi products globally.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Compnay filings with the Securities and Exchange Commission.
Contact:
O. Russell Crandall
Chairman
AmeriStar
Email: Email Contact
Phone (435) 229-1955
Source: AmeriStar Network Inc.
The Company is also pleased to announce that Mr. Bruce Magown, the co-founder, President and CEO of SecurDigital Inc., was elected to the Board of Directors. Mr. Magown will continue to manage the day to day operations of SecurDigital.
SecurDigital Inc. developed proprietary technology to protect corporations, governments and even individuals from scanning, hacking and espionage that constitutes a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability for WiMAX and WiFi products globally.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Compnay filings with the Securities and Exchange Commission.
Contact:
O. Russell Crandall
Chairman
AmeriStar
Email: Email Contact
Phone (435) 229-1955
Source: AmeriStar Network Inc.
AmeriStar Network Inc. Files Merger Agreement With SecurDigital Inc
NEW YORK, NY -- (MARKET WIRE) -- 02/09/11 -- AmeriStarNetwork, Inc.(PINKSHEETS: AMWK), quoted on OTC Markets (Pink) (see www.otcmarkets.com) under the symbol AMWK.PK, announced today that it has received certifications from the Delaware Secretary of State consummating the merger with SecurDigital, Inc. and the 1 for 2 reverse stock split; the effective date of both corporate actions is February 15, 2011. The Company has filed these State certifications with FINRA and believes it has met the filing requirements of that regulatory body.
Secur Digital, Inc., a private company, has developed proprietary technology to protect corporations, governments and even individuals from hacking and espionage that is a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability" for WiMAX and WiFi products globally.
The headquarters of the merged enterprise will be moved to New York City, with branch offices located in Washington, D.C., Connecticut and Utah. The merged company intends to change its name to SecurDigital, Inc. and to apply for a new trading symbol after the effective date of the merger.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Company filings with the Securities and Exchange Commission. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this press release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.
Contact:
O. Russell Crandall
Chairman AmeriStar
Email: Email Contact
Phone (435) 229 - 1955
URL: www.ameristarnetwork.comSource: AmeriStar Network, Inc.
Secur Digital, Inc., a private company, has developed proprietary technology to protect corporations, governments and even individuals from hacking and espionage that is a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability" for WiMAX and WiFi products globally.
The headquarters of the merged enterprise will be moved to New York City, with branch offices located in Washington, D.C., Connecticut and Utah. The merged company intends to change its name to SecurDigital, Inc. and to apply for a new trading symbol after the effective date of the merger.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Company filings with the Securities and Exchange Commission. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this press release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.
Contact:
O. Russell Crandall
Chairman AmeriStar
Email: Email Contact
Phone (435) 229 - 1955
URL: www.ameristarnetwork.comSource: AmeriStar Network, Inc.
Ameristar Networks, Inc. (AWWKD), Bringing Disruptive Technologies to Market
NEW YORK, NY -- (MARKET WIRE) -- 01/10/11 -- AmeriStarNetwork, Inc. (the "Company") (PINKSHEETS: AMWK) announced today that it has filed documents with FINRA, the securities industry regulatory body, to provide notification of corporate actions and has received from FINRA a request for additional documents; the Company expects to deliver all required documents within the next few days. AmeriStarNetwork, Inc. has negotiated the acquisition of SecurDigital, Inc., a private company that has developed significant technology in the protection of wireless transmissions from hacking and espionage, as a merger of equals. The Company and SecurDigital, Inc. will consummate the merger ten days after delivery of all information requested by FINRA, which could be in mid-January.
Among the requirements of the Merger Agreement with SecurDigital, Inc., AmeriStarNetwork, Inc. has agreed to reverse split the presently outstanding stock on the basis of two old shares for one new share, and this reverse split was approved by a majority of the shareholders of the Company on December 16, 2010, and will be effective at the time of the merger. While a majority of the shareholders of SecurDigital, Inc. have indicated a willingness to proceed with the merger, they have the right to cancel the merger if the Company has not accepted a minimum amount of subscriptions to its offering by January 15, 2011, which requires only $200,000 more in subscriptions. The Company anticipates achieving the minimum during the next ten days and closing the merger shortly thereafter.
At present, the AmeriStarNetwork, Inc. corporate offices are located in Utah, and SecurDigital, Inc. has offices in Washington, D.C., Connecticut and New York City; it is anticipated that the headquarters of the merged enterprise will be moved to New York City.
About Secur Digital , Inc.
The founders of SecurDigital, Inc. are experienced technology entrepreneurs and business professionals, possessing a breadth of functional experience in software product development, system, network integration, the marketing of emerging products, new technologies, strategic collaborating, and corporate finance.
The technology developed by SecurDigital, Inc. is unique and is a major advance in the delivery of wireless encrypted secure and interoperable communications. Eliminating the exposure of wireless communications to scanners or hackers, SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model. There are no charges for installing the SecurVoice™ software, and subscribers are charged a modest monthly subscription fee as long as they utilize the application.
SecurVoice™ technology is agnostic as to carrier, operating system and hardware, performing "Wireless Interoperability" for WiMAX and WiFi products globally. It is an unrecognizable digital transmission, hence secure or private, depending on the level of encryption, and is the world's first totally secure, wireless, digital communications "software only" solution for security and INTEROPERABILITY over wireless and VoIP communications.
Secur Digital, Inc. believes that the SecurVoice™ software, with its unique and versatile interoperable technology, is the best solution to secure voice, data, audio, video transmission, since it is designed for VoIP, wireless cell phone transmission, smart phones, satellite phones and push-to-talk (radio) units.
About Ameri Star Network, Inc.
Ameri Star Network, Inc. is a non-reporting public company listed on Pink Sheets Markets under the symbol AMWK.PK. The Company has invested in technology enterprises for over a decade and is managed by seasoned executives, most of whom have been shareholders of the Company since 2000. AmeriStarNetwork, Inc. currently holds a 20% interest in Mortgage Internet Technologies, Inc., a mortgage industry software development company founded in 1997. That company's proprietary flagship technology is called the Virtual Lender® (www.vLender.com), which completely automates the process of creating a full service online loan origination web site and business process management system for both the mortgage company and the mortgage loan originator.
Forward-Looking Safe Harbor Statement
Statements in this news release regarding future financial and operating results, future growth in research and development programs, potential applications of technology, opportunities for the Company and any other statements about the future expectations, beliefs, goals, plans or prospects expressed constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements that are not statements of historical fact (including statements containing the words "will," "believes," "plans," "anticipates," "expects," "estimates" and similar expressions) should also be considered to be forward-looking statements. There are a number of important factors that could cause actual results or events to differ materially from those indicated by such forward-looking statements, including limited operating history, need for future capital, risks inherent in the development and commercialization of potential products, protection of the Company's intellectual property and economic conditions generally. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this news release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.
Information about AmeriStarNetwork, Inc. is available on the Company's web site at www.ameristarnetwork.com or contact O. Russell Crandall, Chairman, by mail at the offices of the Company, by email at info@ameristar.com or call (435) 229 - 1955.
Contact:
O. Russell Crandall
Chairman
Email Contact
(435) 229-1955
Source: AmeriStar Networks, Inc.
Among the requirements of the Merger Agreement with SecurDigital, Inc., AmeriStarNetwork, Inc. has agreed to reverse split the presently outstanding stock on the basis of two old shares for one new share, and this reverse split was approved by a majority of the shareholders of the Company on December 16, 2010, and will be effective at the time of the merger. While a majority of the shareholders of SecurDigital, Inc. have indicated a willingness to proceed with the merger, they have the right to cancel the merger if the Company has not accepted a minimum amount of subscriptions to its offering by January 15, 2011, which requires only $200,000 more in subscriptions. The Company anticipates achieving the minimum during the next ten days and closing the merger shortly thereafter.
At present, the AmeriStarNetwork, Inc. corporate offices are located in Utah, and SecurDigital, Inc. has offices in Washington, D.C., Connecticut and New York City; it is anticipated that the headquarters of the merged enterprise will be moved to New York City.
About Secur Digital , Inc.
The founders of SecurDigital, Inc. are experienced technology entrepreneurs and business professionals, possessing a breadth of functional experience in software product development, system, network integration, the marketing of emerging products, new technologies, strategic collaborating, and corporate finance.
The technology developed by SecurDigital, Inc. is unique and is a major advance in the delivery of wireless encrypted secure and interoperable communications. Eliminating the exposure of wireless communications to scanners or hackers, SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model. There are no charges for installing the SecurVoice™ software, and subscribers are charged a modest monthly subscription fee as long as they utilize the application.
SecurVoice™ technology is agnostic as to carrier, operating system and hardware, performing "Wireless Interoperability" for WiMAX and WiFi products globally. It is an unrecognizable digital transmission, hence secure or private, depending on the level of encryption, and is the world's first totally secure, wireless, digital communications "software only" solution for security and INTEROPERABILITY over wireless and VoIP communications.
Secur Digital, Inc. believes that the SecurVoice™ software, with its unique and versatile interoperable technology, is the best solution to secure voice, data, audio, video transmission, since it is designed for VoIP, wireless cell phone transmission, smart phones, satellite phones and push-to-talk (radio) units.
About Ameri Star Network, Inc.
Ameri Star Network, Inc. is a non-reporting public company listed on Pink Sheets Markets under the symbol AMWK.PK. The Company has invested in technology enterprises for over a decade and is managed by seasoned executives, most of whom have been shareholders of the Company since 2000. AmeriStarNetwork, Inc. currently holds a 20% interest in Mortgage Internet Technologies, Inc., a mortgage industry software development company founded in 1997. That company's proprietary flagship technology is called the Virtual Lender® (www.vLender.com), which completely automates the process of creating a full service online loan origination web site and business process management system for both the mortgage company and the mortgage loan originator.
Forward-Looking Safe Harbor Statement
Statements in this news release regarding future financial and operating results, future growth in research and development programs, potential applications of technology, opportunities for the Company and any other statements about the future expectations, beliefs, goals, plans or prospects expressed constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements that are not statements of historical fact (including statements containing the words "will," "believes," "plans," "anticipates," "expects," "estimates" and similar expressions) should also be considered to be forward-looking statements. There are a number of important factors that could cause actual results or events to differ materially from those indicated by such forward-looking statements, including limited operating history, need for future capital, risks inherent in the development and commercialization of potential products, protection of the Company's intellectual property and economic conditions generally. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this news release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.
Information about AmeriStarNetwork, Inc. is available on the Company's web site at www.ameristarnetwork.com or contact O. Russell Crandall, Chairman, by mail at the offices of the Company, by email at info@ameristar.com or call (435) 229 - 1955.
Contact:
O. Russell Crandall
Chairman
Email Contact
(435) 229-1955
Source: AmeriStar Networks, Inc.
Thursday, July 29, 2010
Wireless Technology Risks and Enterprise Security interview S. Garrett
Introduction
I recently had the pleasure of interviewing W. Steven Garret, Chairman of SecurDigital©, who has over thirty-five years of exceptional business experience as a CEO and Chairman of both private and public companies.
Steven has been involved in directing leading-edge technology start-up companies by providing corporate strategic planning, systems organization, business continuity methods, designing incident management, orientation, executive marketing, and sales management, IT and physical security and efficiency development.
Steven also has a wide variety of knowledge and experience in developing franchising, manufacturing plants, marketing & sales organizations, internet solution providers, software developers, security, and e-business systems.
Steven's latest project, SecurDigital©, is a global leader in delivering system-level technology solutions to the advanced wireless markets, is focused on the globally accepted FIPS 140-2, level 2 validations, and will then begin the process for the NSA's Secret and Top Secret Certifications.
SecurDigital© produces SecurVoice© - the world's first totally secure and interoperable digital communication software only solution. It protects voice, data, and video from being intercepted or scanned - it is an unrecognizable digital transmission.
The interoperable capability of SecurVoice© allows global connection to all types of cell, satellite, walkie-talkie, and VOIP devices. SecurVoice© functions independently of operating systems, application platforms, devices, and is carrier independent, so it works with all existing legacy systems, and operates on top of the existing network carriers.
Analysis
Q: What do you feel is single greatest threat to enterprise mobility systems today?
Identity Theft, 75% of our world has their infrastructure built on Cellular Towers providing communications for receiving pay and paying utility bills and purchases from auction sites, clothes, music, appliances, and electronics. Most Federal Governments depend on private Corporations to deliver national communications without regulating security.
Q: Mobile communication innovations have rapidly been adopted by businesses in the last five years, what kinds of vulnerabilities are companies facing that they may of be aware of.
The largest vulnerabilities are because the Smart Phone manufactures do not build security, it is not their job; they leave that to the major Wireless carriers, which have not taken security as their responsibility.
That is the reason that a new industry has emerged over the last two years in the private sector. SecurDigital, along with 5 other "Secure Voice" providers met by invitation with DISA (Defense Information Systems Agency) in a closed Roundtable discussion lead by Peter J. Zarrella of DISA's CTO office.
It has been accepted as a new technology industry to secure all Communications, especially Digital Voice, Data, and Video. For $149.95, you can buy a software package from "Cell Spy" to enable your cell phone to listen to any other targeted smartphone. All forms of communications are vulnerable to theft and illegal miss-use.
Q: With such variety available for devices, integration software, and enterprise networks, how can a business ensure they are not leaving themselves exposed to data loss from their communications systems?
Every communications device is a target; Cellular, satellite phones, Radio walkie-talkies (Law Enforcement) and all office phones using VoIP (Voice over IP) You may have all your contacts copied to another phone, anything stored in a smart phone today can not, CAN NOT be deleted. You may not see it but there is a (Ghost) copy built into your phones PC board.
Q: How do SecurDigital©'s solutions work to mitigate communication systems risk?
I have been working with various types of security with my partner, Bruce Magown, within my group of leading edge security companies for 4-5 years.
The PGC Consortium was blueprinting one of the worlds hardest above ground buildings in 2008. We held a large meeting at an old Air Strip and came to understand that we needed things that did not exist at the time.
We needed to provide cell, satellite, and VoIP communications to each floor of a 20 story building that gave each floor a faraday cage (protection from eaves dropping or an EMP, Electromagnetic pulse attack).
We developed SecurVoice© to be Device, Operating System, and Carrier Independent while having extremely high and hard security during the operation of the smart phone. Much like Skype, except a much stronger and harder method of delivering security.
Q: How is SecurVoice© unique when compared with other commercial solutions?
SecurDigital©' has used existing parts of software and designed a re-arrangement of software configurations to produce a common, yet hard architecture within Java and produced a small foot print of 38Kb that will be compliant tested with FIPS 140.2 validation, along with Secret and Top Secret Certifications during the coming year.
Q: Issues surrounding confidentiality and differing methods of electronic communication have yet to be fully addressed from a legal perspective, what kind of risk is a company assuming when using mobile systems to relay proprietary information?
We are seeing NEW HIPAA laws calling for secure communications for patients being remotely monitored, and to say that a Doctor giving a patients information over an un-secured cell phone is not being compliant with Patient Privacy of information laws surprises most Medical Centers and they7 now realize the damage they may be doing with carless actions with cell phones.
We are discussing client privacy rights with a couple of DC law firms that now realize how easy it could be to scan a cellular conversation.
Q: What can a company do to ensure they do not mistakenly forfeit their right to confidentiality when using wireless communications?
Every person, Company, Organization or Agency must realize and accept responsibility that unless they take positive actions to secure their business communications of cellular and radio, that they may lose their most prized positions, clients, trade secrets, and methods of operation that made them the success that they are today.
Q: SMB's, education, local government, and smaller organizations have a tough time keeping pace with technology upgrades and are falling further behind in regards to security efforts, how do SecurDigital©'s services impact ever tightening IT budgets?
The switch from hardware security to software is a very green and cost saving event. We stop manufacturing metals and plastics and the implementation of more and more hardware to create interoperability.
In a National Guard Demonstration in Melbourne, FL at the Conference for the Global Center for Preparedness in 2008, we saw five trucks loaded with hardware used to create open communications with a central command center, but to have the ability to cross talk directly.
Our Government has been using a hardware device to secure the Blackberry communications for years and the cost of that hardware is $3,350.00 retail, while the cost of using SecurVoice© with that huge number of users will be only about $0.99. Per month and in time we see the pricing dropping to $0.49 per month when the carriers put on millions of users.
Q: Consumers face many of the same security issues as enterprise, is the SecurVoice© software available for noncommercial users?
SecurVoice© is available to sets of two users for only $19.95 per month and will be downloaded directly from our web site by December. Bruce Magown of InterWeave has constructed a back office for SecurDigital that will accept payment, issue a license, and then download the soft ware directly to a laptop or phone, any type of phone instrument. We can audit and manage more than 250,000 licenses per day.
Q: Anything else you would like to add.
SecurDigital© is the product need for another solution of keeping people safe and secure during an event that could harm many people, either from man or Mother Nature. I have committed myself towards making a difference in life threatening emergencies to the human race.
I spent the morning of 9/11 watching a large screen TV with two friends that had been through the war in Vietnam. The correlation is the same for us now. Soldiers no longer wear uniforms; your next-door neighbor could be the one sending a Van loaded with explosives into the heart of New York City.
In my time of being self-educated in systems and methods of security, I found that you could never really be secure until you give up some privacy, which is the trade off. You make that decision.
Thank you for your consideration and well composed and thoughtfully contemplated questions, Anthony!
Conclusion
The Infosec Island community is extremely grateful at this opportunity to glean some of Steven's expertise and vast experience, and we appreciate his time and efforts!
I recently had the pleasure of interviewing W. Steven Garret, Chairman of SecurDigital©, who has over thirty-five years of exceptional business experience as a CEO and Chairman of both private and public companies.
Steven has been involved in directing leading-edge technology start-up companies by providing corporate strategic planning, systems organization, business continuity methods, designing incident management, orientation, executive marketing, and sales management, IT and physical security and efficiency development.
Steven also has a wide variety of knowledge and experience in developing franchising, manufacturing plants, marketing & sales organizations, internet solution providers, software developers, security, and e-business systems.
Steven's latest project, SecurDigital©, is a global leader in delivering system-level technology solutions to the advanced wireless markets, is focused on the globally accepted FIPS 140-2, level 2 validations, and will then begin the process for the NSA's Secret and Top Secret Certifications.
SecurDigital© produces SecurVoice© - the world's first totally secure and interoperable digital communication software only solution. It protects voice, data, and video from being intercepted or scanned - it is an unrecognizable digital transmission.
The interoperable capability of SecurVoice© allows global connection to all types of cell, satellite, walkie-talkie, and VOIP devices. SecurVoice© functions independently of operating systems, application platforms, devices, and is carrier independent, so it works with all existing legacy systems, and operates on top of the existing network carriers.
Analysis
Q: What do you feel is single greatest threat to enterprise mobility systems today?
Identity Theft, 75% of our world has their infrastructure built on Cellular Towers providing communications for receiving pay and paying utility bills and purchases from auction sites, clothes, music, appliances, and electronics. Most Federal Governments depend on private Corporations to deliver national communications without regulating security.
Q: Mobile communication innovations have rapidly been adopted by businesses in the last five years, what kinds of vulnerabilities are companies facing that they may of be aware of.
The largest vulnerabilities are because the Smart Phone manufactures do not build security, it is not their job; they leave that to the major Wireless carriers, which have not taken security as their responsibility.
That is the reason that a new industry has emerged over the last two years in the private sector. SecurDigital, along with 5 other "Secure Voice" providers met by invitation with DISA (Defense Information Systems Agency) in a closed Roundtable discussion lead by Peter J. Zarrella of DISA's CTO office.
It has been accepted as a new technology industry to secure all Communications, especially Digital Voice, Data, and Video. For $149.95, you can buy a software package from "Cell Spy" to enable your cell phone to listen to any other targeted smartphone. All forms of communications are vulnerable to theft and illegal miss-use.
Q: With such variety available for devices, integration software, and enterprise networks, how can a business ensure they are not leaving themselves exposed to data loss from their communications systems?
Every communications device is a target; Cellular, satellite phones, Radio walkie-talkies (Law Enforcement) and all office phones using VoIP (Voice over IP) You may have all your contacts copied to another phone, anything stored in a smart phone today can not, CAN NOT be deleted. You may not see it but there is a (Ghost) copy built into your phones PC board.
Q: How do SecurDigital©'s solutions work to mitigate communication systems risk?
I have been working with various types of security with my partner, Bruce Magown, within my group of leading edge security companies for 4-5 years.
The PGC Consortium was blueprinting one of the worlds hardest above ground buildings in 2008. We held a large meeting at an old Air Strip and came to understand that we needed things that did not exist at the time.
We needed to provide cell, satellite, and VoIP communications to each floor of a 20 story building that gave each floor a faraday cage (protection from eaves dropping or an EMP, Electromagnetic pulse attack).
We developed SecurVoice© to be Device, Operating System, and Carrier Independent while having extremely high and hard security during the operation of the smart phone. Much like Skype, except a much stronger and harder method of delivering security.
Q: How is SecurVoice© unique when compared with other commercial solutions?
SecurDigital©' has used existing parts of software and designed a re-arrangement of software configurations to produce a common, yet hard architecture within Java and produced a small foot print of 38Kb that will be compliant tested with FIPS 140.2 validation, along with Secret and Top Secret Certifications during the coming year.
Q: Issues surrounding confidentiality and differing methods of electronic communication have yet to be fully addressed from a legal perspective, what kind of risk is a company assuming when using mobile systems to relay proprietary information?
We are seeing NEW HIPAA laws calling for secure communications for patients being remotely monitored, and to say that a Doctor giving a patients information over an un-secured cell phone is not being compliant with Patient Privacy of information laws surprises most Medical Centers and they7 now realize the damage they may be doing with carless actions with cell phones.
We are discussing client privacy rights with a couple of DC law firms that now realize how easy it could be to scan a cellular conversation.
Q: What can a company do to ensure they do not mistakenly forfeit their right to confidentiality when using wireless communications?
Every person, Company, Organization or Agency must realize and accept responsibility that unless they take positive actions to secure their business communications of cellular and radio, that they may lose their most prized positions, clients, trade secrets, and methods of operation that made them the success that they are today.
Q: SMB's, education, local government, and smaller organizations have a tough time keeping pace with technology upgrades and are falling further behind in regards to security efforts, how do SecurDigital©'s services impact ever tightening IT budgets?
The switch from hardware security to software is a very green and cost saving event. We stop manufacturing metals and plastics and the implementation of more and more hardware to create interoperability.
In a National Guard Demonstration in Melbourne, FL at the Conference for the Global Center for Preparedness in 2008, we saw five trucks loaded with hardware used to create open communications with a central command center, but to have the ability to cross talk directly.
Our Government has been using a hardware device to secure the Blackberry communications for years and the cost of that hardware is $3,350.00 retail, while the cost of using SecurVoice© with that huge number of users will be only about $0.99. Per month and in time we see the pricing dropping to $0.49 per month when the carriers put on millions of users.
Q: Consumers face many of the same security issues as enterprise, is the SecurVoice© software available for noncommercial users?
SecurVoice© is available to sets of two users for only $19.95 per month and will be downloaded directly from our web site by December. Bruce Magown of InterWeave has constructed a back office for SecurDigital that will accept payment, issue a license, and then download the soft ware directly to a laptop or phone, any type of phone instrument. We can audit and manage more than 250,000 licenses per day.
Q: Anything else you would like to add.
SecurDigital© is the product need for another solution of keeping people safe and secure during an event that could harm many people, either from man or Mother Nature. I have committed myself towards making a difference in life threatening emergencies to the human race.
I spent the morning of 9/11 watching a large screen TV with two friends that had been through the war in Vietnam. The correlation is the same for us now. Soldiers no longer wear uniforms; your next-door neighbor could be the one sending a Van loaded with explosives into the heart of New York City.
In my time of being self-educated in systems and methods of security, I found that you could never really be secure until you give up some privacy, which is the trade off. You make that decision.
Thank you for your consideration and well composed and thoughtfully contemplated questions, Anthony!
Conclusion
The Infosec Island community is extremely grateful at this opportunity to glean some of Steven's expertise and vast experience, and we appreciate his time and efforts!
Saturday, June 26, 2010
Police Warn of Smartphone Scanner Apps
During a city-wide sweep for gang members and drug dealers last week, the Oakland (Calif.) Police Department confiscated several cellular phones loaded with an application that could stream the department’s police radio system. The software app is one of several available for iPhones and other smartphones that stream public safety radio audio obtained from scanner radios via the Internet. OPD has not said if the apps were actually running on the smartphones, or if any suspects were able to avoid arrest from hearing police radio broadcasts. However, in a bulletin notice to officers, the department warned officers that criminals are able to monitor the city’s 800 MHz trunked radio system from smartphones, and to use caution when transmitting confidential information.
Article posted at Dispatch Magazine On-Line - http://www.911dispatch.com
Link to full story: http://www.911dispatch.com/2010/06/police-warn-of-smartphone-scanner-apps/
Article posted at Dispatch Magazine On-Line - http://www.911dispatch.com
Link to full story: http://www.911dispatch.com/2010/06/police-warn-of-smartphone-scanner-apps/
Thursday, April 15, 2010
Smartphones won't take off as true enterprise devices (beyond e-mail) until companies start investing in security.
I thought this article very relevant. If your mobile device is secure - enterprises won't be adopting.
Practical Analysis: Why There's No Enterprise 'App For That'
Smartphones won't take off as true enterprise devices (beyond e-mail) until companies start investing in security.
By Art Wittmann
InformationWeek
April 12, 2010 12:00 PM (From the April 12, 2010 issue)
A lot happens in two years, particularly in the world of smartphones and mobile applications, or at least it seems that way with all the noise about upgraded networks and fancier handsets. When we did our first survey on mobile device management two years ago, the iPhone 3G was barely out and the BlackBerry Curve was all the rage. Enterprise deployment of smartphones was in full swing: 56% of survey respondents had supplied smartphones to up to 25% of their employees, 27% had given them to 26% to 50% of employees, 11% had them out to 51% to 75%, and 6% had equipped every employee with smartphones. The vast majority of those devices were BlackBerrys, and they were used mainly for e-mail and calendar management.
Now two years later (full report to come later this summer), with widely available 3G networks, you'd think that the devices would be more widely used and that the applications would be richer and more varied. You'd be dead wrong. Within the accuracy of our survey, which is within five percentage points, the extent of deployment and the applications in use on smartphones are practically identical to what they were in 2008. E-mail is still the main use by a large margin, and whereas just 30% used a smartphone for job-specific applications in 2008, 31% now report such use. The fraction of employees with smartphones remains the same; they still use mostly BlackBerrys.
More Insights
Whitepapers
* Automating Virtualization Management: Critical Management Practices for Next Generation Data Center
* Beyond Reporting Delivering Insights with Next-Generation Analytics
Webcasts
* Wireless Security – What Hackers Know That You Don’t
* Real-Time Goes Prime Time: Seize the Moment with Event Processing
Reports
* Google Rethinks The Operating System
* How To Manage Risk In Tough Times
Videos
Bay Area Internet Solutions Raja Hammound, Group Product Manager at Adobe, at Enterprise 2.0 2009 giving a demo of Adobe LiveCycle ES2 Al Williams gives you a demor of One-Der: The One Instruction CPU
Raja Hammound, Group Product Manager at Adobe, at Enterprise 2.0 2009 giving a demo of Adobe LiveCycle ES2
It could be that there's limited call for job-specific applications, and that over the past two years those applications have grown from rudimentary designs to more robust enterprise tools. But it seems highly unlikely that everyone who wanted to start down the mobile app path had done so before 2008.
So why do we see such stagnation? Device management is still a work in progress by any measure, even though it's clear that you see the need for it. Whereas in 2008, 52% of you said security was the reason to deploy mobile device management, that's now up to 73%, with the next highest response coming in at 10%. And therein lies the problem.
While the vast majority of you say that unmanaged devices are a security risk, 61% of those not implementing device management identify staffing resources as an issue, up from 46% in 2008; and 32% of you now see mobile device management as too expensive, up from 26%. Simply put, for many organizations IT budgets have been too tight over the past two years to allow them to tackle mobile device security, and until those issues are addressed, few shops are likely to step step up their development or deployment of job-specific applications beyond e-mail and the basic productivity tools that come with the BlackBerry.
This is just one of many examples that have played out in our research recently. It's becoming clearer and clearer that through the depths of this recession, the lack of staff and money to do security right has (correctly) led many organizations to shelve projects that would otherwise be highly beneficial to the business. As the economy improves, however, those same organizations must understand that if the lack of security could stop key business initiatives, then its presence should now be seen just as much as an enabling technology. The days when the value of security was viewed as too difficult to quantify should be behind us.
Art Wittmann is director of InformationWeek Analytics, a portfolio of decision-support tools and analyst reports.
Practical Analysis: Why There's No Enterprise 'App For That'
Smartphones won't take off as true enterprise devices (beyond e-mail) until companies start investing in security.
By Art Wittmann
InformationWeek
April 12, 2010 12:00 PM (From the April 12, 2010 issue)
A lot happens in two years, particularly in the world of smartphones and mobile applications, or at least it seems that way with all the noise about upgraded networks and fancier handsets. When we did our first survey on mobile device management two years ago, the iPhone 3G was barely out and the BlackBerry Curve was all the rage. Enterprise deployment of smartphones was in full swing: 56% of survey respondents had supplied smartphones to up to 25% of their employees, 27% had given them to 26% to 50% of employees, 11% had them out to 51% to 75%, and 6% had equipped every employee with smartphones. The vast majority of those devices were BlackBerrys, and they were used mainly for e-mail and calendar management.
Now two years later (full report to come later this summer), with widely available 3G networks, you'd think that the devices would be more widely used and that the applications would be richer and more varied. You'd be dead wrong. Within the accuracy of our survey, which is within five percentage points, the extent of deployment and the applications in use on smartphones are practically identical to what they were in 2008. E-mail is still the main use by a large margin, and whereas just 30% used a smartphone for job-specific applications in 2008, 31% now report such use. The fraction of employees with smartphones remains the same; they still use mostly BlackBerrys.
More Insights
Whitepapers
* Automating Virtualization Management: Critical Management Practices for Next Generation Data Center
* Beyond Reporting Delivering Insights with Next-Generation Analytics
Webcasts
* Wireless Security – What Hackers Know That You Don’t
* Real-Time Goes Prime Time: Seize the Moment with Event Processing
Reports
* Google Rethinks The Operating System
* How To Manage Risk In Tough Times
Videos
Bay Area Internet Solutions Raja Hammound, Group Product Manager at Adobe, at Enterprise 2.0 2009 giving a demo of Adobe LiveCycle ES2 Al Williams gives you a demor of One-Der: The One Instruction CPU
Raja Hammound, Group Product Manager at Adobe, at Enterprise 2.0 2009 giving a demo of Adobe LiveCycle ES2
It could be that there's limited call for job-specific applications, and that over the past two years those applications have grown from rudimentary designs to more robust enterprise tools. But it seems highly unlikely that everyone who wanted to start down the mobile app path had done so before 2008.
So why do we see such stagnation? Device management is still a work in progress by any measure, even though it's clear that you see the need for it. Whereas in 2008, 52% of you said security was the reason to deploy mobile device management, that's now up to 73%, with the next highest response coming in at 10%. And therein lies the problem.
While the vast majority of you say that unmanaged devices are a security risk, 61% of those not implementing device management identify staffing resources as an issue, up from 46% in 2008; and 32% of you now see mobile device management as too expensive, up from 26%. Simply put, for many organizations IT budgets have been too tight over the past two years to allow them to tackle mobile device security, and until those issues are addressed, few shops are likely to step step up their development or deployment of job-specific applications beyond e-mail and the basic productivity tools that come with the BlackBerry.
This is just one of many examples that have played out in our research recently. It's becoming clearer and clearer that through the depths of this recession, the lack of staff and money to do security right has (correctly) led many organizations to shelve projects that would otherwise be highly beneficial to the business. As the economy improves, however, those same organizations must understand that if the lack of security could stop key business initiatives, then its presence should now be seen just as much as an enabling technology. The days when the value of security was viewed as too difficult to quantify should be behind us.
Art Wittmann is director of InformationWeek Analytics, a portfolio of decision-support tools and analyst reports.
Subscribe to:
Posts (Atom)