InformationWeek Stories by Ronald McCarty

InformationWeek Stories by Ronald McCartyhttp://www.informationweek.comInformationWeeken-usCopyright 2012, UBM LLC.2012-01-03T22:15:00ZShould Small Businesses Centrally Manage iOS Devices?It can seem expensive at first to put your devices under the control of a management system, but at some point it's necessary.http://www.informationweek.com/byte/news/232301223?cid=RSSfeed_IWK_Authors The way iOS devices are handled in the workplace is becoming an echo of the way PCs themselves are handled, as companies determine how, when, and how much management of iOS devices they should attempt. Apple makes its Mobile Device Management (MDM) interface available to vendors to support iOS management. The challenge for small businesses is determining if the management is necessary, and whether it should be managed centrally through policy and practices or through automated methods based upon MDM. Here are five critical areas--security, compatibility, compliance, training, and operations--you should consider when deciding whether your small business will centrally manage iOS devices. 1) Security. If your small business requires storing quite a bit of information on iOS devices, or the devices store credentials to sensitive information, consider centralized management sooner rather than later. Besides storage and access of sensitive data, other security concerns include inappropriate use of the devices that might reflect poorly on the business, using unsecured and untrusted Wi-Fi networks, and other activities that might inadvertently bring risk to your small business. 2) Compatibility. For enterprises that have developed their own applications for deployment, compatibility with particular iOS versions will be key. For small businesses, this is not as great of a concern--at least, not yet. However, as the technology matures, small businesses will find themselves having chosen, integrated and "meshed" various vendors' products together. Future versions of these products might not be compatible with each other. Maintaining this compatibility will become a concern over time and is itself an argument for central management. 3) Compliance. Small businesses find themselves providing services to governments and regulated industries subject to compliance requirements and state and federal regulations concerning personal data requirements. Although much of the technology to address these concerns is provided by a strong security posture, compliance requires specific agreements by small business to practice particular activities. For example, technology consultants often find themselves required to use two-factor authentication with one-time passwords to access their customer networks. If there are many compliance practices required, the small business owner might have no other choice than to manage devices used to access their customers' networks and systems. 4) Training. With the large number of applications available to perform many tasks used by businesses of all sizes, the use of devices and applications can become quite complex. Employees' technology skills can vary drastically and might not even be critical for their general job requirements, but important for certain tasks. Small businesses often turn to training and education providers. Training and education in itself often will push for more standardization. For example, a real estate company might need to standardize on a camera application that supports a particular size of photo so that users shoot and upload pictures of the correct dimensions. 5) Operations. The daily operations of using devices can be a major undertaking for small businesses. As the number of devices increases, decentralized management becomes complex. Users often try to match each others' settings (often trying to keep up with their tech-savvy friend's latest recommendations), and can easily botch it in the process. Central management often makes sense for small businesses once the number of devices reaches into the dozens, especially when it's combined with security, compatibility, compliance, and training issues. In the end it's up to you, the small business owner. After reviewing the business requirements for security, compatibility, compliance, training, and operations, which makes more sense: Centrally managing iOS devices--or letting users decide? <img src="http://twimgs.com/informationweek/byte/howto/Jan-2012/iphoneipad.jpg"> 2011-12-12T18:30:00ZHow To Connect OS X Lion To Cisco VPNsEasily connect to corporate Cisco VPNs with this handy OS X Lion how-to.http://www.informationweek.com/byte/news/232300185?cid=RSSfeed_IWK_Authors Cisco recently announced it will discontinue its popular <a href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5699/ps2308/end_of_life_c51-680819.html" target="_blank">Cisco VPN client</a>.  Cisco is moving customers to its Cisco AnyConnect client or to native support as it helps other vendors integrate support directly into their products. With OS X Lion, you can connect to your corporate network without requiring any changes on the part of the corporate infrastructure. This means that existing automations and management will function correctly for IT staff and have the advantage of not requiring IT to roll out new software. To use this feature you will need to know your account information, your group password if one is used, and access to any one-time password generator tokens or software. To provision your Mac, go to System Preferences and select Network.  When the Network Settings dialog opens, click on the + sign in the lower left corner to create a new network service: <img src="http://twimgs.com/informationweek/byte/howto/MacCiscoVPN/ciscovpn1.png"> When creating the service, OS X will prompt you for the service type and name. It uses Wi-Fi as the default. <img src="http://twimgs.com/informationweek/byte/howto/MacCiscoVPN/ciscovpn2.png"> Choose VPN for Interface. Here, I have used Cisco IPSec as the VPN Type, and typed in CorporateVPN as the Service Name. <img src="http://twimgs.com/informationweek/byte/howto/MacCiscoVPN/ciscovpn3.png"> After you've created the service, its status is in a Not Configured state, and you must enter the credentials provided to you for your VPN. <img src="http://twimgs.com/informationweek/byte/howto/MacCiscoVPN/ciscovpn4.png"> You will need the VPN's host name (Server Address), your account name, and your password. <img src="http://twimgs.com/informationweek/byte/howto/MacCiscoVPN/ciscovpn5.png"> If your company uses a group password or certificate, click on Authentication Settings. Fill in the information as provided by your organization, and click OK: <img src="http://twimgs.com/informationweek/byte/howto/MacCiscoVPN/ciscovpn6.png"> You will then connect to your corporate network by pressing the Connect button. The most common issues when connecting via VPN are usernames and passwords. If you're not sure you're entering them correctly, you can copy the password from a document and then paste it into the field. To disconnect from the VPN, you can either go to System Preferences->Network->VPN Service->Disconnect, or use the menu in the upper right hand corner of the menu bar as shown below. <img src="http://twimgs.com/informationweek/byte/howto/MacCiscoVPN/ciscovpn7.png"> Using the built in IPSec configuration, OS X easily connects to Cisco Corporate VPNs using the above steps. 2011-12-05T17:40:00ZHow To Use The iOS Gmail ApplicationThe iOS Gmail app is a good alternative to Apple's own Mail app, as long as you're only dealing with Gmail.http://www.informationweek.com/byte/news/232200729?cid=RSSfeed_IWK_Authors When the iPhone was first launched, iPhone developers quickly learned Apple didn't hesitate to enforce its application standards on application store developers. Luckily, over time, Apple loosened up on some of the applications that competed more directly with them, including mail. You can now install Google’s Gmail application directly on the iPhone and other iOS devices. If you use Mail on your iOS device to mostly read and file email, versus responding and following up on email, the Gmail app has several advantages over the native Mail application. The screen offers instant filing of the message(s) from the inbox view; messages can be starred for follow up / sorting later; and if you use Google’s archive features, then those archived messages can be accessed with two simple clicks. It is also an easy way to share a device between two users and keep the each user's email separate. Gmail can be downloaded from the Apps store and at <a href="http://itunes.apple.com/us/app/gmail/id422689480?mt=8">this link</a>. After you install the application and start it, you will be prompted for your Gmail account username and password as shown here. <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-01.jpg"> To provision Gmail at this point, enter your Gmail username and password. The username will either be a user@gmail.com address, or if you use Google Apps it will be your username@yourdomain.com. The “Remember me” option can be selected to keep you from having to login to Gmail each time you start and stop the application or device. If you are going to be sharing the device, though, ensure the “Remember me” option is not selected. Enter your account information as marked here in the red boxes: <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-02.jpg"> Once you enter the information, Gmail will authenticate with Google’s servers and present you your inbox. <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-03.jpg">   <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-04.jpg"> The Gmail Mail view shows you what folder you are in (currently Inbox), how many messages are in the Inbox (3321), a button to access the menu, a search icon (magnifying glass), and a compose (pad with a pen) icon. The following annotated iPhone screen grab breaks down the complete mailbox view and what the various fields and options are. <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-05.jpg"> As shown in the following screen, the Menu button will take you to a selection showing you the general Inbox, an unread selection, and those that are marked important by the sender or by you with the star. <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-06.jpg"> When wishing to view individual messages, simply select the particular email, and you’ll be presented a full screen with the message. <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-07.jpg"> Searching for messages works similarly to Apple’s Mail and other applications with search features…simply type the search expression and Gmail will display Mail with the particular search phase: <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-08.jpg"> The true strength of the program is being able to select multiple messages for action on the mailbox screen. As the following screen shot shows, two messages are selected and can be acted on, including common features such as move and marking unread. It also supports the added feature of marking spam with the application. <img src="http://twimgs.com/informationweek/byte/howto/2011-Dec/gmail-09.jpg"> Gmail is a solid mail application for quickly reviewing and filing email. It does still have a couple of user interface issues, primarily not being able to forward an email without scrolling to the bottom of the message. However, for the majority of the time, Gmail will be faster than the native Mail application from Apple for the most common tasks for many users: sorting, deleting, and marking email for later action. If you’re a Gmail user, check out the application. 2011-11-16T16:26:00ZHow To Stay Secure In iCloudSetting up iCloud on your new or upgraded iOS device can be exciting, but you don't want to forget about security. http://www.informationweek.com/byte/news/231903072?cid=RSSfeed_IWK_Authors With Apple's release of iOS 5 and iCloud, there are now several ways to get data easily into and out of your iOS device. However, with the additional methods that make it easier for you to access your data when and where you need it, there also comes the danger of unauthorized access. This how-to helps you understand when, where, and how data is sent and stored with iOS and iCloud, and how the new features affect security. iCloud is partly Apple's rebranding of its poorly received MobileMe service and partly new features that take advantage of iTunes 10.5 and iOS5. At first blush, many iOS-using friends I spoke with were not overly impressed with the features.  Many commented, "I've been syncing for years with Google on my iPhone."  But even if you don't plan to use the core syncing services in iCloud, you should take a look at its new features, because there's something for everyone. Tasks such as Wi-Fi syncing and cloud backup, for instance, are not easily done with third-party utilities. You can use as as little or as much of iCloud as you want. You can turn it off altogether, or configure it to act only as an easy way to find your iPhone. Simply activate your iCloud account using your Apple ID. Go to Settings, iCloud, and turn off everything except "Find My iPhone". <img src="http://twimgs.com/informationweek/byte/howto/ios5-iCloud/find-my-iphone1.PNG"> Tap Settings-iCloud to get to the Find my iPhone option. <img src="http://twimgs.com/informationweek/byte/howto/ios5-iCloud/find-my-iphone2.PNG"> Turn on Find my iPhone and you'll be able to locate your iPhone, regardless of location, should you lose it. The only data that gets shared with Apple is your location. The GPS location, along with the Track my iPhone website, will help you locate your iPhone if you accidentally lose it. iCloud apps Apple's rebranding of MobileMe is most obvious in its Mail syncing--it is usable only with Apple's MobileMe addresses. Despite this weakness, the MobileMe mail service does keep your data secure both when sending and receiving email using the industry standard secure socket layer (SSL). Apple is also using authorization through your MobileMe account to send email, which will cut down on the amount of spam that is sent through Apple's mail servers.  (You can also point other mail applications to your @me address using the settings here: <a href="http://support.apple.com/kb/HT4864)">http://support.apple.com/kb/HT4864</a>). To activate iCloud email, you can either point your browser to <a href="http://www.iCloud.com">http://www.iCloud.com</a> or create an @me.com account through the IOS device by selecting Settings, iCloud, and then sliding the Mail button to On. <img src="http://twimgs.com/informationweek/byte/howto/ios5-iCloud/Create-Me.png"> You can create you iCloud Mail account right on your device with a @me.com mail address Once your account is created, data is stored on both your IOS device and on Apple's email servers. If you are also using iCloud (or manual configuration of Applications to access iCloud) on other computers and devices, then the data will be stored on these additional computers and devices as well.  Generally speaking, most business users will not be interested in the @me email accounts, as businesses prefer to use their own domain names for marketing and identification. However, separate accounts can be set up under email, and the iOS device will not sync any of the other accounts with iCloud. If by chance you are using the @me accounts for business, then check with your company policy as to whether you are allowed to sync the email back down to other computers you own or control. Contacts, Calendar, Reminders, Bookmarks, and Notes are treated much the same way, keeping the iOS device in sync with the iCloud and any configured computers. However, the major difference with these apps is that you can sync them offline through iTunes. If your corporate policy prohibits or discourages using third parties to store or sync your calendar and contacts, no problem! Syncing them through iTunes means the information never leaves your computer or phone. These apps also have the advantage of not needing an @me email address from Apple. Apple also allows Wi-Fi syncing with iTunes, which is a nice feature for you if your company does not want you syncing across the Internet or using third-party syncing apps. You are tied to your local area network's Wi-Fi for Wi-Fi sync, but the speeds are more than adequate for keeping your contacts and email up to date. There is not a whole lot known currently about how secure the Wi-Fi sync is, but regardless of its own security, third-party, untrusted open Wi-Fi should be avoided for general computing purposes unless the traffic can be protected in virtual private networks. Time will tell if VPN support will include the Wi-Fi sync. If you're using your own computers and trusted (secured and encrypted) Wi-Fi then the data will only be transmitted securely and stored on your computers and iOS device. Wi-Fi sync also supports backing up your device via Wi-Fi. The target can either be your computer or Apple's iCloud. The advantage iCloud has for the backup is that you don't need a computer and the backup is off site in case a disaster ruins both your phone and the computer; however, a disadvantage is that the backup is not encrypted whenever it is stored on Apple's servers. There is currently an option to encrypt the backup when you store it on your computer, so hopefully Apple will add this feature in the future. Photo Stream and Documents and Data work with iCloud in yet another way. They don't require or use syncing; Photo Stream takes all of your pictures and places them in your iCloud. Unfortunately, there currently is no easy way to manage pictures from the phone. This means that unlike contacts, deletions on the phone do not translate to removed pictures on the stream. The Documents and Data setting allows individual applications to place data in the cloud. This will in theory allow third party applications to share data through the iCloud. This could provide additional backups of your data, or it could also be used for services to identify where you were on a particular document or task. Basic iOS 5 security iOS 5 provides basic security functions to protect both your private and company data in the case of loss or theft. As with any good security plan, safety starts with the physical control of the device. iOS provides "screen saver" functionality in its Auto-Lock feature under Settings, General and is configurable in one- to five-minute increments. This setting defines the number of inactive minutes the device will wait before locking the device. <img src="http://twimgs.com/informationweek/byte/howto/ios5-iCloud/Auto-Lock.png"> You can configure your iPhone to auto lock after a set period of inactivity. But the Auto-Lock setting alone is not enough to keep your iOS device secure. You should combine Auto-Lock with Passcode Lock, also under Settings, General. <img src="http://twimgs.com/informationweek/byte/howto/ios5-iCloud/Passcode-Lock.png"> You can further secure your device with a passcode. Select Settings, General, Passcode Lock. You will be prompted to enter a four-digit passcode. <img src="http://twimgs.com/informationweek/byte/howto/ios5-iCloud/Passcode-Screen.png"> Configuring your four-digit passcode is easy. Because even a four-digit passcode is relatively insecure if someone is allowed to guess indefinitely, you should also enable the "Erase Data" option on the same screen. You will be prompted with a warning that the iPhone will be erased after 10 wrong guesses. <img src="http://twimgs.com/informationweek/byte/howto/ios5-iCloud/Erase-Data.png"> Your phone can be set to wipe data if too many attempts to access it are made. An even more secure method than the four-digit passcode option is using a combination of letters and numbers, which can be activated using the "Simple Passcodes" option. Longer passwords are cumbersome on phones, however, so I prefer the shorter numbers and setting the phone to erase data. When your phone is locked with a passcode, by default it still allows access to Siri. This can be convenient if you'd like to ask Siri for a bit of info without bothering to type in the password, but it also presents a security gap. Anyone else can also ask Siri questions that return data in the form of contacts and other information that you might not want to share. <img src="http://twimgs.com/informationweek/byte/howto/ios5-iCloud/Siri.png"> Even when your device is locked, Siri accepts questions--which could lead to a security breach if your phone is ever stolen. Staying secure The iPhone 4S and iOS 5 come with a raft of great features you should try. But don't forget that vendors rarely spell out the security problems new features might pose. It's usually up to you to make sure your data is protected. By understanding and carefully selecting the options available on your iOS device, you can ensure only the data you intended is shared.2011-08-05T02:34:00ZHow To Archive, Encrypt Files in OS X Here’s how to keep nosy net sniffers out of sensitive docs.http://www.informationweek.com/byte/news/231000426?cid=RSSfeed_IWK_Authors If you're sending sensitive docs to a colleague on the other coast, you don't want mail admins viewing them or nosy network gurus sniffing traffic. A product called BetterZip, available for Mac OS X Snow Leopard, is a solution I often turn to. If you're an OS X Lion user, this feature comes built in. BetterZip lets you make an archive of one or more documents and then protect the archive with encryption. You can then safely transmit the docs over the Internet via email. These documents can also be shared with Windows users who use WinZip. (That's because BetterZip uses AES-256 in a format compatible with WinZip.) Go to the macitbetter website and download <a href="http://macitbetter.com/" target="_blank">BetterZip</a> to a convenient location on your hard drive. <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/1.png"> Once the download is complete, select the BetterZip icon and move it into your Applications folder. <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/2.png"> Now head to your applications folder and start BetterZip. <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/3.png"> After you tell BetterZip you would like to use the free 30 day trial, it will present you with a default window for starting an archive. <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/5.png"> To create an archive, simply drag the files that you would like included into the window. Or click on the Add button if you prefer. Here I've added some company documents, which contain sensitive information that needs to be encrypted. Hit Save to create the archive. <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/7.png"> After clicking Save, the program will prompt you for the name of the archive. Here is also where you select the encryption method. There are three settings: Not Encrypted, Weak Encrypted, and Strong (AES-256) WinZip Compatible. Select Strong AES-256, which is the highest level of encryption offered. <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/8.png"> Enter in a strong password twice to protect the archive. You'll need to provide the recipient with the password. (You obviously don't want the password in the email message.) This is the password the recipient will need to open the archive. Now just email the archive as you would any other attachment. Keep in mind that many corporate email servers limit attachments to 10MB. If you need to mail a larger archived file, you might need to split it up using a service like Dropbox. If your recipient is a Mac OS X Lion user, he or she can open the archive with their copy of BetterZip. <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/10.png"> If the recipient is on a Windows machine, he or she can use WinZip or 7zip to extract the files in the archive. <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/11.png"> <img src="http://twimgs.com/infoweek/byte/howto/macitbetter_mccarty/12.png"> That's all there is to keeping your docs and emails safe and sound on Mac OS X. If you're running OS X Lion, check out its <a href="http://www.informationweek.com/byte/howto/personal-tech/desktop-os/231001030">built in encryption feature</a>. Based in Rowlett, TX, Ronald McCarty is a senior contributor at <a href="http://www.byte.com" target="_blank">BYTE</a> Follow him @ronmccarty or email him at Ron.McCarty@BYTE.com.