Month: November 2018

Bitglass has released its 2018 BYOD Security Report. The analysis is based on a survey of nearly 400 enterprise IT experts who revealed the state of BYOD and mobile device security in their organizations.

According to the study, 85 percent of organizations are embracing BYOD. Interestingly, many organizations are even allowing contractors, partners, customers, and suppliers to access corporate data on their personal devices.

Amidst this BYOD frenzy, over half of the survey’s respondents believe that the volume of threats to mobile devices has increased over the past twelve months.

Key findings

• Organizations are embracing BYOD, making it available to employees (76 percent), contractors (27 percent), partners (25 percent), customers (22 percent), and suppliers (19 percent).
• 51 percent of respondents believe the number of threats targeting mobile devices has increased in the past year. Unfortunately, only 30 percent of firms are confident that they are properly defending against malware on personal and mobile devices.
• 30 percent of enterprises cite company security concerns as the leading inhibitor to BYOD adoption; specifically, they are worried about data leakage (61 percent), unauthorized data access (53 percent), and the inability to control uploads and downloads (53 percent).
• One in five organizations lacks visibility into basic, native mobile apps (like email) on personal devices.
• Only 56 percent of companies can employ key functionality like remote wipe for removing sensitive data from endpoints.

“While most companies believe mobile devices are being targeted more than ever, our findings indicate that many still lack the basic tools needed to secure data in BYOD environments,” said Rich Campagna, CMO of Bitglass. “Enterprises should feel empowered to take advantage of BYOD’s myriad benefits, but must employ comprehensive, real-time security if they want to do so safely and successfully.”

Hardly a week goes by that we don’t hear about an organization leaving sensitive data exposed on the Internet because they failed to properly configure their Amazon S3 buckets.

Amazon Web Services, to their credit, are trying to prevent this from happening.

For one, all newly created S3 buckets and objects (files and directories in the bucket) are by default private, i.e. not publicly accesible by random people via the Internet. Secondly, changes implemented earlier this year made it possible for customers to easily identify S3 buckets that are publicly accessible due to Access Control Lists (ACLs) or policies that allow read/write access for any user:

But even that’s not enough, so the company is rolling out a new security feature: Amazon S3 Block Public Access.

About Amazon S3 Block Public Access

This new feature allows account owners/administrators to centrally block existing public access (whether made possible via an ACL or a policy) and to make sure that newly created items aren’t inadvertently granted public access.

The feature allows four new options:

They allow account users to protect against future attempts to use ACLs to make buckets or objects public, to override current or future public access settings for current and future objects in the bucket, to disallow the use of new public bucket policies, and to limit access to publicly accessible buckets to the bucket owner and to AWS services.

The options can be configured to affect the entire account or selected buckets. Options set at the bucket level cannot override account-level settings.

“If an AWS account is used to host a data lake or another business application, blocking public access will serve as an account-level guard against accidental public exposure,” AWS Chief Evangelist Jeff Barr explained.

The feature can be accessed from the S3 Console, the command-line interface, the S3 APIs, and from within CloudFormation templates.