AirWatch, which helps companies manage employee’s mobile devices, raised another $25 million in a follow-on to its first round of funding today because the $200 million it received in February just wasn’t quite enough.

Today’s funding was led by Accel Parterns. The $200 million round it got three months ago was led by Insight Venture Partners.

AirWatch makes a suite of mobile security products used by customers such as Delta, Lowe’s, and the U.S. Army Corps of Engineers. It covers a range of different IT needs such as managing not only the phones themselves, but the apps, emails, and other content on those phones. It covers Android, iOS, BlackBerry, Symbian, Windows Phone, and other devices and can be tailored by industry.

The company’s goals with this addition are the same as those it had when it took on the original amount: expand globally, and beef up its sales team. It also looks like AirWatch wants to branch out with new research and development. This funding gives it the resources to do so.

What likely happened is Accel Partners wanted in on this company and offered up some extra cash. Accel is a very well-known venture firm that has invested in such companies as Facebook, Spotify, Rovio, and mobile security company Lookout Mobile.

AirWatch was founded in 2003 and is headquartered in Atlanta.

Man catching money image via Shutterstock

Actually, it’s not that difficult, according to mobile security company Fixmo’s CEO, Rick Segal.

“Despite the Bush years of let’s go play in another war, there’s a very tight, close alliance between Canada and the USA,” Segal says.

He can get away with saying that sort of thing more than most Canadians, because the CEO of this Toronto-based startup is a ex-patriate American who has spent the last 15 years in Canada. He’s building his business in Ontario because, he says, of the tax credits for high-tech companies, the influx of talent from the most-populous Canadian province’s 50+ universities, and the ability of Canadian governmental agencies to give him personalized attention in his efforts to break into new markets.

Such as sponsoring him to attend expensive international conferences like the one where he met “some NSA folks.”

Fixmo makes mobile security products that allow organizations to safely offer BYOD (bring your own device) policies that don’t imperil sensitive data and networks. The company, which had just three employees just a few years ago, offers an encrypted sandbox, digital fingerprint technology that can detect tampering to your mobile operating system, and compliance breaches like the installing of unauthorized apps on both iOS and Android. Built with 256-bit encryption, two-factor authentication, and remote wipe capability, Fixmo’s products are sold largely to governments.

And, interestingly, they’re built on software originally developed by the NSA.

“The US government and security agencies tend to view Canada as one of its own,” Segal says. “Eyebrows don’t get raised when a Canadian company does business with NSA … there’s no ‘it’s a foreign country’ kind of thing going on.”

It started — as so many things do — in Vegas.

While attending the wireless industry trade show CTIA in March 2011, Segal met the men in black who represent the NSA’s Technical Transfer Program, which is in place to commercialize technologies and products developed inside the agency. Interested in Fixmo’s existing security products, the NSA decided the company was a good bet to do business with.

After developing a relationship that resulted in a technology transfer in which Fixmo licensed agency-developed security code, Segal started building shippable products based on the NSA technology. Fixmo’s products, the company’s sales literature highlights prominently, “have been developed as part of a cooperative research and development agreement with the U.S. National Security Agency.”

That commercialization has culminated in the sale of those products back to the three-letter agencies.

“Seventy percent of our customers are government agencies like the NSA, FBI, and Homeland Security,” Segal says, noting a contract with the US air force that completed last week. “One of our clients has 700,000 seats.”

The company’s other clients include businesses in the financial services and healthcare industries, both sectors in which privacy, security, and compliance with corporate policies are paramount.

photo credit: DonkeyHotey via photopin cc

Disclosure: I’ve been invited by the government of Ontario to explore the startup ecosystem in Toronto, Waterloo, and elsewhere, and this post is part of that series, and Ontario has paid for this trip. My reporting, however, is my own.

Good Technology has secured $50 million in new equity funding, according to an SEC filing.

Good Technology works with IT departments to manage and protect sensitive data within a large enterprise or government agency. The company has raised over $120 million in funding, and competes with Citrix-owned Zenprise.

This may be the final funding round as it gears up for a public offering. Good last month reportedly hired four investment banks to explore the potential of going public in 2013. The company also poached experienced execs from Motorola, HP and Cisco, a sign of an impending IPO.

Good has not responded to a request for comment. We will update as we learn more.

Image via Good Technology // Facebook 

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Last week I bought 13 laptops from WalMart.com. All were pretty cheap, between $500 and $700, but 13 of them added up to a rather hefty $8,000 bill on my MasterCard.

There were only two problems: I didn’t buy them, and they weren’t being shipped to my house.

I’d been hacked. Somehow, somebody in Sacramento, Calif., was going to get 13 Dell Inspirons at my expense. Lucky them … and unlucky me.

But not only unlucky me — a staggering one in four Americans report being a victim of identity fraud, according to a new study by Jumio, a leading credit card validation service for web and app-based commerce. And 83 percent of us worry about identify theft.

Source: John Koetsier

Fraudulent WalMart.com orders charged to my account

That’s a problem, because commerce is increasingly going mobile. Two-thirds of us own a smartphone and/or a tablet, and most of us plan to use them to buy things in the near future. A full 48 percent of us use our mobile devices to check something as sensitive as our bank balances. But as we do, we’re opening ourselves up to even more avenues of fraud and scamming.

“Users may be willing to accept risk now in favor of convenience, but this tolerance will weaken as fraud continues to grow,” Daniel Mattes, founder and CEO of Jumio, said in a statement. “The industry needs to get on board to protect our customers as much as the customers themselves need to take greater precautions.”

Investigators in my case suspected a phishing attack, in which you get an email purportedly from an online store that leads you to a fake but real-seeming site that then takes your credentials, but I had not clicked on any real or fake WalMart emails.

And so the only greater precautions that would have been useful would have been perhaps using unique passwords for each e-commerce site I use.

The problem of online and mobile security is a growing one. According to VISA, mobile commerce fraud was $2.7 billion in 2010, $3.4 billion in 2011, and $3.5 billion in 2012. And Cybersource says almost a third of all retailers experienced mobile fraud in 2012.

So what’s the solution?

Perhaps biometrics. Apple is said to be building a fingerprint sensor into the next iPhone model, the iPhone 5S. And Jumio’s survey says that 74 percent of us don’t feel that simple username/password security is sufficient. It certainly didn’t protect me — I was only fortunate enough to notice 13 thank-you-for-your-order emails from Walmart.com.

But biometrics won’t be available on every device, and won’t be an industry-standard smartphone feature for some time to come, if ever.

Meanwhile, according to Jumio, 69 percent of us would feel more comfortable sharing our personal information online, and buying via mobile, if there were more secure ways of storing that data online.

Source: Jumio

Mobile purchasing and banking activity

“For mobile to reach its full potential, the industry needs to adopt more consistent and accurate ways to identify and authenticate consumers,” Mattes said. “Only then will we be able to truly combat fraud.”

The question remains: How exactly that should be done?

The mechanisms for catching fraud after the fact, and protecting consumers from the consequences, are mostly in place. MasterCard canceled my credit card, WalMart canceled the transactions, and no harm was done. And big data solutions that the big credit card issuers including VISA and American Express employ to track consumers’ spending habits and suspend cards if odd or suspicious spending patterns start to emerge limit losses when the fraud proceeds successfully.

But that’s not the case every time: web and mobile security has a last-mile problem that isn’t going away any time soon.

photo credit: ToastyKen via photopin cc

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

This is a guest post by Andrew Toy, the CEO of Enterproid.

I recently had dinner with four IT security experts from a Fortune 100 conglomerate to discuss BYOD, and I anticipated spending the night talking about security holes and the deep intricacies of securing complex systems. But the conversation took a completely different direction than what I expected.

As we dined, their security architect harped on the importance of user experience. After being burnt by vendors that delivered a stodgy user experience and enduring the consequential employee backlash, those around the table expressed the need for a hybrid IT approach that would delight employees and help drive mobile technology throughout their company. Security remains a staple for these modern IT security directors, but the steady flow of employees’ new technologies has changed their outlook.

Before the mega trend of IT consumerization, consumers were only exposed to the latest and greatest technology at work. There was a level of sophistication that limited the technology conversation to the CTO and IT security director.

Today, consumers have the newest technologies in their back pockets, and the competition for their buying power is propelling technology innovation at a rate that has never before been seen. With innovation happening too fast for businesses to keep up, enterprise IT has reached the tipping point — they must now include employees in their technology discussions and decisions.

With a litany of personal experiences using technology in everyday life, the modern tech-savvy employee already has an idea of how he or she should be able to conduct business at work. People want to use the tools that offer them the best user experience, and they won’t settle for mediocre solutions when they know better technology is available. Executives have begun to see a push back in mobile; employees veto the idea that their entire work device should be managed by the enterprise, and they reject that they must use a device chosen by management with a subpar experience.

Consumers are not the only ones challenging the traditional approach to enterprise IT. Next-generation IT experts have grown up with technology and they see prescriptive IT as being ill-fitted for today’s modern enterprise. The status quo is crumbling under growing pressure from employees, and observant executives are keenly aware.

But the consumerization of IT and this shift in enterprise IT hasn’t made the CTO position obsolete; the trend has just reinvented it. There are still great stakes in keeping the enterprise and its data secure. Today’s CTO must keep those timeless priorities in mind when selecting technology with high-quality user experiences. Since the quality of UX correlates with a workforce’s productivity, a CTO’s ability to select technology with excellent UX has become a performance indicator; if a CTO chooses a technology that isn’t positively accepted by employees, it is considered a failure.

A successful balance is one that includes input from the workforce but keeps leadership intact; the CTO shouldn’t make decisions in a vacuum, and the employee shouldn’t take over decision-making.

With technology’s exponential rate of development, there will always be new platforms and devices emerging. A successful strategy keeps enterprise IT leaders in touch with the technologies used by their employees and encourages employees to point leadership to vendors that develop agile and secure solutions with great user experiences. Enterprises who succeed in this evolution will see big productivity gains and will be rewarded with a competitive advantage over their peers.

Andrew Toy is the CEO of Enterproid. Before Enterproid, Andrew was VP of Mobile and Syndication Technology at MTV Networks. Prior to joining MTV Networks, Andrew headed mobile application development for Morgan Stanley, specializing in mobile-video delivery as well as fixed-mobile convergent telephony.

Businessman using touch interface via everything possible/Shutterstock

Symantec may be in the process of laying off up to 1,000 people after announcing yesterday that it plans to restructure the company’s focus and increase revenue, according to Bloomberg – though chief executive Steve Bennett says that’s just “speculation.”

The company made famous by its antivirus products has more recently seemed like a sitting duck. Startups are popping up around it, creating impressive products to meet today’s security needs in cloud and mobile security. Symantec, of course, has its own cloud and mobile products, but with companies like Lookout Mobile entering the scene, Norton isn’t the first name you think of when protecting your devices anymore.

Because of this, Symantec introduced the new structure yesterday, saying it needed to become more innovative and increase revenue.

“In order to make the company more flexible and able to adapt quicker to the needs of customers … there will be fewer executives and middle management positions, resulting in a reduction of the workforce,” Symantec said in a statement yesterday. “This process is expected to be completed by the end of June 2013.”

That reduction may be up to 1,000 people, making room for the investments in research and development as well as sales that Symantec says it will depend on.

Bennett told Bloomberg that Symantec is “an organization that has too many layers.” But while he says that the 1,000 number is speculative, it will be a “material reduction.”

The company promises it is focusing on “10 key areas” that will involve taking existing products and building on top of them to make them fit today’s security problems. These products include Symantec’s Norton Protection, Norton Cloud, Data Center Security, and Mobile Workforce Productivity.

Executives also announced that the company is aiming to increase revenue by five percent and “non-GAAP” measurements up 30 percent in the next two to three years.

Layoff image via Shutterstock

Kindle Fire tablets can get viruses, too. That’s why the team at Lookout Mobile just launched its first app for the Amazon-made tablet today.

Lookout has existed since its beginning as an Android application, the same operating system the Kindle Fire runs on, but Amazon’s tablet does not support Google Play. The app is the same as the standard Android version, tweaked to fit the Kindle Fire and Kindle Fire HD screens.

Lookout was founded in 2007 and competes with big-name security companies such as McAfee and Symantec’s Norton to protect mobile devices from malware, malicious links, and other threats. Once you install the app, it will alert you to hidden viruses, track the location of your phone, and let you remotely turn on a “scream ringtone” if it’s lost. It also acts as a backup measure, saving your contacts to your Lookout account accessible online.

Recently, the company has been expanding its reach to new devices and through new partnerships. T-Mobile will be pre-loading Lookout onto a number of its Android phones prior to distribution, as will French telecommunications provider Orange.

The company is based in San Francisco and has thus far raised $76.5 million from investors including Andreessen-Horowitz, Khosla Ventures, Trilogy Equity Partners, Accel Partners, Index Ventures, Chris Sacca, and others. Lookout also has a version of its app for iOS devices.

Kindle Fire image via Amazon, Lookout Mobile image via Lookout

Enterprise storage and security business Imation has agreed to buy smaller storage provider Nexsan for $120 million in cash and stock, it announced today.

Imation has struggled over the past six years to dominate in the enterprise storage market and has had five years in a row of net losses. (We expect 2012 will also be another year of losses.) Its acquisition of Nexsan could help reinvigorate the company, with new storage and security products targeting medium and small businesses.

“Imation’s acquisition of Nexsan is an exciting next step in our strategic transformation, which includes investing in growth platforms in data storage and security solutions, where we are targeting markets with strong growth rates,” Imation CEO Mark Lucas said in a statement. “Our strategy includes focusing on the underserved SMB market with purpose-built storage systems and appliances. This is a market that Nexsan knows well. Nexsan’s management team has grown this business from startup to more than $80 million, with strong gross margins.”

The deal is worth $105 million in cash and 3,319,324 common shares worth about $15 million. Nexsan has 200 employees and generated about $82 million in revenue in 2011, with gross margins around 40 percent.

Thousand Oaks, Calif.-based Nexsan will continue to operate under the same management, with Nexsan CEO Philip Black becoming an Imation employee.

Storage concept image via Kletr/Shutterstock

Tyfone provides secure mobile financial transactions and identity solutions. Its products include a mobile banking platform, a mobile wallet, identity management, contactless near-field communication (NFC), applications to bolster marketing campaigns, as well as complementary hardware products. Tyfone has over 50 issued and pending patents. By striking a partnership with the Portland-based company, the U.S. government can leverage the technology to serve national security.

In a statement, Technology VP at In-Q-Tel Jay Emmanuel said “We believe that Tyfone’s technology has the potential to address a wide range of complex government and commercial secure identity challenges.” Read the press release.

Disclosure: VentureBeat is hosting its holiday party with Orange.

Lookout Mobile received an investment from European-centric Iris Capital and announced today that it will now come preloaded on Android phones sold by French telecommunications carrier Orange.

The amount Iris Capital invested in Lookout was not released, but the venture firm is known to only give our a maximum of $15 million or less in a funding round. This comes out of its larger $300 million fund, which has largely been invested in only European companies except for a recent investment in MoPub, which helps developers make money on Android.

“By partnering with and investing in Lookout, we are ensuring that we will continue to help keep our customers safe in the future and that the Orange & Publicis fund managed by Iris Capital is supporting a company that is positioned to become a global leader in the digital economy,” said Orange Technocentre executive vice president Paul-François Fournier in a statement.

Lookout, of course, is excited about the new partnership with Orange, which will start preloading the security company’s software onto its Android phones starting in 2013. Orange, which is based in France, has a mobile customer base of 169 million people. Lookout’s software will be served to those customers living in France, Slovakia, and Spain.

T-Mobile struck a similar deal with Lookout in October to preload the software onto a number of its Android phones by 2013 as well. T-Mobile calls the program “Automatic App Security,” and it will come preloaded onto the LG Optimus L9 and the Samsung Galaxy Tab 10.1 before rolling out to the majority of T-Mobile’s Android phones.

Many of the security threats that Lookout identifies are found in European countries. The company already has subscribers in 170 different countries, and 30 million users overall, but these types of partnerships help make Lookout a household name. This is similar to how Norton became known as the “antivirus stuff that comes with my computer.”

Lookout has thus far taken on $76.5 million in funding, with its last round for $40 million coming from Andreessen-Horowitz. Other investors include Khosla Ventures, Trilogy Equity Partners, Accel Partners, Index Ventures, Chris Sacca, and more. The company is headquartered in San Francisco, Calif.

Oranges image via Shutterstock

Symantec is catching up to competitors today. The company has released the latest version of its flagship mobile offering, Norton Mobile Security. The new version lets you backup your contacts and puts a strong focus on a web dashboard where you can manage your devices.

The upgrade makes Norton’s offering very similar to those of competitors Lookout Mobile and McAfee. All three offer apps that check your phone for malware and dangerous apps; apps that might not be explicitly dangerous but are suspicious. And all three can locate your phone, if lost, using a GPS system accessible from your account login. Lookout and Symantec also both have a “scream” function for lost phones that, when activated, squeals.

But the real thrust of the upgrade is that the company is “changing the proposition” of security from a standalone app into a service, said Norton senior director of mobile product management Con Mallon in an interview with VentureBeat. “This is just a first step for us,” he said.

As part of that move, the company is revamping its web presence so that users can control all of their devices from one place. For the new Norton, downloading the app isn’t just a one-and-done download. It’s like purchasing a license for all of your household’s devices. The web dashboard lets you look at and control all of your devices — kind of like a family IT manager.

“What we are seeing going forward is that the modern day consumer will have a collection of devices and, yes, a preponderance of that will be mobile — smartphones and tablets. Windows is going away. Mac is becoming very popular,” said Mallon. “We’re offering the ability to say, ‘Hey, we’ve got your back, whether you’re on Windows, Mac, mobile (be it Android or iOS) … and get protection across all of those platforms.”

Both McAfee and Lookout Mobile already let you backup data such as call logs, text messages, media, contacts, and more. With today’s announcement, Symantec is joining the group, though you’ll only be able to backup and store contacts for the time being. Likely the company will expand into other data points on your phone in the future, though when asked, Mallon said he was unsure what the next step would be.

Currently, Norton Mobile Security is available for Android, iPhone, and iPad. (Lookout Mobile is available for both Android and iOS, and McAfee is available for only Android, Symbian, and Blackberry.)

New on the web portal is the ability to “initiate the scream command” and remotely wipe the phone in case it’s stolen or lost.

It’s a bit of a catch-up game for the traditionally anti-virus focused company. Critics wonder if the big security companies like Symantec and McAfee are capable of entering so many different areas of the security market and turning out well-rounded products. But, Mallon makes the good point that if you’re big, you’ve got the resources.

“At the end of the day, power and leverage gives you great capacity to do new things and more things as well,” said Mallon. “This is our business, this is what we get out of bed to do.”

The app will run you $30 for the premium features, but you can download a free version that gives you a taste of the service.

Corrected 6pm Pacific: Norton Mobile Security is in fact available for iOS as of today.

Call it consumerization or call it BYOD, but whether we like it or not, employee-owned devices have made their way into the workplace.

In fact, Gartner predicts that 90 percent of companies will support corporate apps on personal mobile devices by 2014.

But with this new technology wave comes a string of questions up for debate: Who’s responsible for security? Who really owns the data on the devices? And as mobile device management (MDM) becomes commonplace in the enterprise, should IT be allowed to remotely wipe data if an employee’s phone is lost or stolen?

Perhaps the real question should be, why wouldn’t we want the data wiped?

Today’s mobile devices are extremely personal and intimate, knowing us better than we know ourselves. Each device holds the keys to our most important personal information. They have our exact location at any given moment, our private contacts, personal and work addresses, schedules, financial information, personal/private photos, family information, all stored on these easy-to-lose devices.

Yet a disconnect remains: When we lose our wallets or purses, we immediately cancel our credit cards and change our locks at home. Why would we treat a lost device — with so many private details and insights into our lives — any differently?

Some argue that holding out hope for the phone to be returned makes a full wipe of the device seem too harsh and too permanent of an action.

Of course, the burden is on the consumer for regular backup, particularly when most personal devices contain as much critical data as computers. Regardless, research by Symantec (PDF) shows that there is, at best, a 50 percent chance of recovering a lost device (and likely drops closer to zero percent for a stolen device).

Furthermore, there’s an 80 percent chance that an attempt will be made to breach corporate data and/or networks regardless of whether or not whoever found the device intends to return it.

But even if users and IT agree that remote wiping is the safest action to take in this case, do organizations even have the right to remotely wipe data on employee-owned devices?

The short answer is that it depends. From a legal standpoint, it is usually determined by where the organization and employees are located. In Germany, for example, it is illegal for companies to wipe personal data from an employee-owned device. These companies only have the limited right to delete enterprise data from personal owned devices, so many opt for mobile management solutions that allow them to do that.

In the U.S., laws on this are more lax (or even non-existent). Most U.S.-based companies have employees sign Employee Agreements or Acceptable Use Policies over what IT can or cannot do with their computing devices. In most cases, we’ve already given IT permission to do pretty much anything with our devices if we — even minimally — use them for work.

The truth is, there is a lot of shared risk between employees and employers, so arguing over who should delete the lost device’s data is the wrong argument. With most security matters, a pre-emptive approach is best. In this case, close collaboration and understanding of what actions to take in the worst-case scenario.

Here are some suggestions:

Open the lines of communication: Employees need to know the risks they face on a personal level, as well as the risks the organization faces.

Create a plan: Don’t wait until a device is lost or stolen before figuring out the right course of action.

Have the right tools and technologies in place. There is a plethora of both personal and commercial options for automatic backup, remote wipe, security, and management of devices. With the amount of sensitive data we carry on our devices every day, there really is no excuse to be caught off guard.

Speaking of tools and technologies, it’s an exciting time to be in the mobile workplace. Employees’ and IT departments’ tech savoir faire is evolving at an unprecedented rate as groundbreaking technologies, devices, and apps make their way into the workplace.

Whether it is traditional MDM, Mobile App Management (MAM), Mobile Risk Management (MRM), virtualization, containerization, app wrapping, consumer or enterprise solutions, or a combination of these, there are a lot of innovative solutions out there. Now is the right time to figure out the best approach for your company’s mobile management and security strategy.

In the new enterprise mobile world, who owns security, data, and the responsibility of keeping our privacy, security, and sensitive information safe? In this case, I’d argue we are all on the same team.

Just as the new mobile world is about connectivity and hyper productivity, it is also a world of partnerships and trust. After all, when you use your device for personal and work purposes, it’s not your data or my data. It’s our data that is at risk.

Domingo Guerra is the president and co-founder of Appthority, a company focused on mobile security in the enterprise.

Top image courtesy of Viorel Sima, Shutterstock

If you have Lookout Mobile on your iPhone or iPad — a security app that, among other things, helps you locate your device when it’s lost — you can now find your phone even if the battery’s dead through a feature called Signal Flare. Lookout released Signal Flare to its Android users earlier this month and added the feature to its iOS app today.

Signal Flare takes advantage of a special signal the phone gives off just before it dies. The signal is kind of like a last ditch S.O.S. the phone sends out to the tower saying, “This is my last signal, peace out.”

The app then sends an email to the device owner with the location of the phone when it died. Signal Flare, of course, can’t account for phones in motion, but it at least provides two definitive pieces of information: it died, and it died here.

Lookout originally rolled out Signal Flare with its new Android application. The Android revamp let Lookout take advantage of new design elements in Jelly Bean and Ice Cream Sandwich but also included new features such as protection against the “click to call” attack.

When I spoke with the company at that time, senior product manager Abheek Gupta told me that the missing device locator is Lookout’s most popular feature in the app. But the company’s research showed that 30 percent of people who lose their phones wind up not being able to find them because the battery died. Signal Flare is Lookout’s answer to that.

iPad signal image via Shutterstock

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

SAN DIEGO, Calif. — Fear and loathing in the workplace. It’s the gigantic problem brought on by the bring-your-own-device (BYOD) movement as management pushes to lock down company data and workers clamor for personal freedom.

Unfortunately, the answer is by no means a simple solution, Symantec CTO Stephen Trilling said onstage today at the MobileCON conference.

Symantec, a 30-year-old anti-virus and security company, is playing to the fears of enterprises everywhere and using the conference to peddle a new arsenal of enterprise-friendly security products, including management and security tools to help app-makers make their applications more secure.

I do feel like Trilling from @symantec is playing the FUD factor here at #mobilecon cc/@swarnapodila—
Brian Katz (@bmkatz) October 09, 2012

But the company’s take on BYOD safety is admittedly incomplete, as the perfect system that will meet user and employer needs is one that calls on all mobile players to take part, from handset vendors to the carriers, according to the vision Trilling outlined.

“Users and corporations have different needs,” Trilling said.

Workers, he said, want the freedom to download apps, visit websites, use public WiFi, and access personal and work information wherever they are. Corporations, meanwhile, want to encrypt data so that it can’t be transmitted, and they need to know when devices are compromised. “Companies, ultimately and understandably, want to control access to all sensitive data,” he said.

Trilling concludes that a single solution must be flexible, impermeable, granular, manageable, resilient, and seamless.

In Trilling’s visionary BYOD world, the model system consists of four parts: industry standards, platform, containerization, and management.

More specifically, a single set of industry security standards serves as the base of the system. The platform tier assures, at the hardware level, that data is siloed, encrypted, and protected. Here corporation applications and associated data are isolated, protected from all the other applications on the device, he said.

Containerization, or the process of putting a secure bubble around an otherwise insecure app, gives enterprises the ability to control and contain application data. A worker, for instance, can only copy information between containerized applications owned by the same company and would only need to use passwords to access company services. With containerization, enterprises can look through enterprise data without scanning an employee’s personal data, and they can selectively wipe enterprise applications.

In the management tier, Trilling envisions a way for companies to manage these containers and set different authentication requirements for each application.

“No one company can do it,” he said of the Symantec vision.

Great point from Steve Trilling from @symantec: "70% support industry/government collaboration" #mobileCON http://t.co/92DicSMx—
Scott Griffith (@SWGriffith) October 09, 2012

The vision, dreamy though it may be, is integral to Symantec’s bottom line. The company made a majority of its fiscal year 2012 revenue, or $4.63 billion, from enterprise services.

The mobile security industry is becoming as big as the desktop one that preceded it. Verizon knows it, which is why the company is introducing a trio of McAfee-based security plans for its smartphone customers.

The most basic of these (dubbed, aptly, “Verizon Mobile Security Basic”) offers free antivirus software and protection against suspicious websites, while the more advanced plan adds exciting stuff  like remote locking, wiping, and locating. This puts Verizon very much within the market of apps like Prey and Lookout.

None of that comes for free, of course. The premium plan runs for $1.99 a month per line and requires a data plan. (Verizon also offers another premium plan that adds extended warranty support.)

While current Verizon smartphone owners can download the apps from Google Play, Verizon plans to preload the apps on its phones down the line.

For Verizon, the security plans mark an entry into a potentially lucrative field for mobile carriers. For Google, the news isn’t as good and is further proof that the default Android security settings aren’t up to snuff.

Photo: Flickr/Eric Hauser

Your company’s IT department has the power to wipe personal data from your smartphone  – a responsibility it doesn’t want, and certainly never asked for.

Today, a San Francisco-based startup, MobileSpaces, has pulled in $3 million in first-round funding from Accel Partners to scale its technology that can keep employee’s personal data off-limits.

David Goldschlag, founder and CEO of MobileSpaces

“If you ever leave the enterprise, they reserve the right to your data,” said David Goldschlag (pictured, left), the company’s founder and chief executive, and the former vice president of mobile at McAfee. To prevent data disasters, it has developed a mobile workspace, which segments professional apps from personal ones.

This project has been brewing for several years. During his time at McAfee, the Internet security and virus protection provider, Goldschlag noticed that corporate IT teams were often given “too much visibility into their employees personal data.” There is a growing trend that has contributed to this problem: bring your own device (“BYOD”).

When we use devices like tablets and smartphones interchangeably in our professional and personal lives, it’s a huge headache for IT. They are under pressure to maintain centralized control over corporate data, including mobile apps and email, and to manage network security.

MobileSpace’s solution is simple. Using a UI marker (the tiny blue icon in the screenshot, left), employees can demarcate any of the applications used for work (company email, Salesforce, Yammer, and so on), thus enabling IT to safely gain access to that data.

“We are enabling the enterprise to comfortably let its apps run and coexist with personal apps,”  Goldschlag explained in an interview with VentureBeat.

To succeed, the company will need to overcome some stiff competition. Tech giant, VMware, has its own mobile virtualization offering, and there are a number of mobile device management (MDM) companies that are major players in the space. Goldschlag also counts Good Technology, a mobile security provider, as a key competitor.

As part of the financing, Richard Wong, an Accel partner, will join the company’s board.

Mobile security image via Shutterstock

Mocana wants to be a huge public security company one day. It thinks of itself as the new kid, beating out old guys who have trouble moving away from the PC. Looks like it’s the new, rich kid on the block too, as the company announced $25 million in its fourth round of funding today.

“It’s rare that team, tech, and brand align like they do inside of Mocana right now against a market that’s confused and so large — all of this with the backdrop of the incumbents tripping up,” said chief executive Adrian Turner in an interview with VentureBeat. “When we look forward, we think it’s actually of the scale to go and build the next Symantec or the next Citrix.”

Mocana’s investors in this round include Symantec and Intel, which owns McAfee, two huge security companies that you could certainly consider as Mocana’s competition. Trident Capital led the round.

The company has two lines of products: one protects mobile applications, the other is an “OEM” line that protects all kinds of connected devices. This includes televisions, smart meters, cars — all the way up to the SCADA industrial systems that the computer worm Stuxnet compromised in 2010.

The OEM product is all software, installed on the premises. It has 22 different modules that protect smart devices in different way. For example, one module monitors the interface technicians use to service smart devices remotely. Another encrypts data moving between devices. Customers can mix and match modules based on product needs.

The newer mobile apps protector is very similar, as it uses a lot of the OEM line’s intellectual property.

When thinking of how Mocana protects apps, Turner says we should imagine an embassy. The embassy is in a dangerous country, surrounded by enemies. But those inside are safe because of the embassy walls. The mobile apps sit in a kind of embassy, where enterprises can plug in various protections without affecting the rest of the phone, which is often a personal phone. For example, an employee may not protect his phone with a pin, but a developer can use Mocana to make sure he has to enter a pin to access the company’s app.

Currently, Mocana only services apps that are created in-house at an enterprise, not external ones such as Dropbox.

The company has a 12-month product roadmap, and Turner is confident that the decisions made in the last 12 months “have actually predetermined who’s coming out on top here.”

Mocana previously received $22 million in total funding from Intel Capital, Shasta, Southern Cross, and Symantec.

Security guard image via Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Enterprise cloud storage startup Box has added a slew of updates to its main product, including universal administrator search, more mobile security features for iOS and Android, and multiple e-mail domain support, the company announced Thursday morning.

Box now has more than 11 million users across 120,000 businesses, with penetration in 82 percent of the Fortune 500. Its most recent customer wins include Netflix, Allergan, Avaya, Lennar, MGM Resorts, Stanford University, and Webcor Builders. The latest round of product updates will help the company further separate itself from more consumer-focused cloud storage options like Dropbox, SugarSync, and Google Drive. Box CEO Aaron Levie once even drew me a diagram to show how the company sections itself off versus competitors.

“We want users to be delighted at the same time we want IT to be happy and feel safe,” Box enterprise general manager Whitney Tidmarsh-Bouck told VentureBeat. “That experience is rare.”

The first major update is a new administrator console that offers enterprise-wide search. If you ever need to search across an entire organization for a specific file or folder, you can now do so. There’s also more granular permissions settings you can set as an admin that help set how files are shared inside and outside the company. “When your organization has multiple thousands of users, this is needed,” Tidmarsh-Bouck said.

Second, Box has added more granular mobile security features for Android, with an iOS update “coming soon.” Not only can IT admins add passcode locks for mobile users, but they can also turn offline access permission on and off.

Third, the company now has support for multiple e-mail domains. If you are a large company that owns many small companies, for example, you can now share and collaborate with Box even if your colleague uses a different domain. The company gave me the diagram below to help illustrate a business with multiple domains, saying that now team members who have “@pg.com” and “@crest.com” address can now more seamlessly collaborate.

Finally, Box has pushed out activity notification archiving that will specially target regulated industries like health care and finance. Box administrators can now log things like Box comments and tasks with already established monitoring systems.

Tidmarsh-Bouck said that the company has also modified its enterprise licensing agreement (ELA) to make it more flexible. There’s now pricing options that cover a multi-year contract, which can save an organization money and simplify the process of adding new accounts. If your organization wants to slowly roll out accounts, the new ELA agreement can cover a cheaper overall price per each new account.

Administrator search photo: Box

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Carrier IQ, a company once vilified for its handling of user data, has just announced its latest hire for the key position of chief privacy officer. New employee Magnolia Mansourkia Mobley comes to Carrier IQ from Verizon, where she served as the carrier’s chief privacy counsel.

Carrier IQ came onto our radar late last year when a hacker alleged the company was logging the keystrokes and locations of more than 100 million mobile-phone users.

Carrier IQ, which monitors mobile data and sends reports related to app performance, signal strength, and battery life back to carriers and manufacturers, insisted it wasn’t involved in any wrongdoing. The company went so far as to voluntarily request meetings with feds to clear its name, and a couple of the major carriers on Carrier IQ’s client list also came forward to vouch for the company.

Still, the fiasco ended with a huge black eye for Carrier IQ and a couple lingering legal questions from consumers and foreign governments.

Today’s announcement is far enough after the original scandal that we don’t think it’s a pure PR move.

“Carrier IQ is taking a proactive approach to privacy, and we wanted to bring someone on board that had deep knowledge and expertise in the privacy and security sector within the telecommunications field,” a Carrier IQ rep told VentureBeat today. “Maggie was the perfect blend of all three, with an extensive 12-year career in telecom and privacy.”

Here’s a little about Mobley’s background: She graduated from California Western School of Law in 1998. Just two years after her graduation, she got a job at MCI Inc., a telecom that later became a Verizon subsidiary through a series of mergers and acquisitions. She moved up the ranks at Verizon, becoming assistant general counsel in 2006 and chief privacy counsel a few years later.

Mobley (pictured left) is certified by the International Association of Privacy Professionals and has been recognized throughout her career as an expert in information privacy and a frequent speaker at industry events. Carrier IQ also said Mobley was “instrumental” in Verizon’s securing a spot on the top-20 most trusted companies list compiled by TRUSTe and the Ponemon Institute.

At the troubled mobile data company, Mobley will be “externally working with customers and regulators on best practices, enabling transparency, and building privacy into innovation; working within CIQ to build a culture of privacy where each employee understands and integrates the foundations of privacy into their daily duties; and managing the day-to-day legal matters of a growing startup,” the Carrier IQ rep continued.

Top image courtesy of tankist276, Shutterstock

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

As consumers venture out of walled-garden app stores, mobile malware is bound to pop up, and as it does, consumers (and businesses) frequently begin to ask how they should be protecting themselves and their devices. Is a mobile antivirus the solution? Never buying off-market apps?

zImperium, a startup founded by a cadre of security professionals, researchers on both the offense and defense sides of security with a background in mobile. This startup is today launching something new for mobile security. Called zDefender, this product can detect malicious attacks and take proactive measures to reduce threats via automatic preventive traffic filters and a remote management console.

“Currently, the antiviruses available to us are simply not doing the trick,” said zImperium chief executive and co-founder Zuk Avraham, onstage at DEMO Spring 2012 in Santa Clara, Calif., where he was unveiling his company’s new product. “Once a malware has infected your phone, any existing solution will not help, and it’s simply game over.”

zDefender isn’t just for paranoid consumers, either. In the world of BYOD (bring your own device) workplaces, smartphone security has become a huge topic of concern to tech-focused executives and managers. Higher-ups are concerned that employees are compromising company security and are taking extensive and aggressive measures to stay on top of employee-owned mobile device security. So zImperium is right on trend with this new product, and it’s poised to rake in the cheddar from a segment of the industry that loves to pay.

“Mobile phones are replacing the traditional home and business computers. Mobile security is therefore a growing concern, and most people don’t realize how vulnerable they really are,” Avraham said in a recent conversation with VentureBeat. “Today, mobile devices carry all of your personal data and information, and I don’t know of anyone who would want a persistant trojan on his system. We prevent that and help create a safer way to communicate and conduct business.”

The problem with currently available mobile anti-virus systems, says Avraham, is that they operate on the same permissions level as do the security threats themselves. As a result, by the time the anti-virus software is aware of the threat, it’s already too late, particularly for malware that has already managed to elevate its own privileges.

zDefender, on the other hand, will operate at the firmware level to make sure the device is protected from malicious software before the device is actually attacked.

The company demonstrated the weakness of many phones by redirecting HTTP traffic from some DEMO attendees’ phones to a harmless demonstration site, using the same techniques that more malicious phone hackers could use. According to Avraham’s demo, 16 attendees’ phones had been caught by the demonstration trap as of 11:30am on the conference’s first day. With zDefender installed, the same attack did not work.

“As you carry around devices that have sensitive information, you’re going to have this vulnerability that needs to be addressed,” said David Gutelius, chief social scientist at Jive, who was part of an investor panel after the company’s presentation.

To get more copies of zDefender on more devices, the company is trying to partner with mobile manufacturers and carriers around the globe — again, focusing less on the one-at-a-time consumer level and aiming for the big adoption numbers and big paychecks of huge organizations with millions of individual end users.

zImperium began its work in April 2011 in Tel Aviv. To date, the company has taken $250,000 from a sole angel investor.

zImperium is one of 80 companies chosen by VentureBeat to launch at the DEMO Spring 2012 event taking place this week in Silicon Valley. After we make our selections, the chosen companies pay a fee to present. Our coverage of them remains objective.

Image courtesy of David Hammonds, Shutterstock

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Lookout Mobile Security and T-Mobile are teaming up today to bring you a unique security feature in mobile phones: custom Scream tones.

With the new Scream tones you can try to pinpoint a missing smartphone on a map and then activate a loud noise such as a siren, train whistle, a Star Trek zooming sound, a wolf howl, or a T-Mobile jingle. Once activated, the device will scream at you until you find it.

“Smartphones and tablets are our most personal devices, and as consumers store more information on them, there’s an elevated interest to protect them,” said Torrie Dorrell, vice president of application, content and games, T-Mobile USA. “Lookout is a great fit for T-Mobile because the app is powerful yet easy to use, and it gives our customers protection across a range of mobile security threats.”

Lookout’s app is available in the Google Play store. San Francisco-based Lookout is a mobile security firm that provides antivirus and security features for T-Mobile’s Android customers. The Lookout app protects against malware, spyware, data loss, and device loss. Lookout is available as a preload on most of T-Mobile’s Android smartphones and tablets.

“T-Mobile is a leader in mobile communications, and we’re thrilled to work together on enhancing mobile security,” said Lookout CEO and co-founder John Hering. “Having the Lookout app preloaded on T-Mobile devices means customers can quickly and easily access content that helps them feel safe and confident to do more with their phones.”

Lookout has more than 15 million users in 170 countries across 400 mobile networks. The company is adding a million users a month.

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Mobile in enterprise is transforming how we interact with information, connect with our office networks, and organize our working lives.

We have become so reliant on mobile devices to drive our entertainment, social, and knowledge networks that they naturally begin to intertwine with our work lives, but at what cost?

What are the challenges?

In a recent survey from Symantec, 72 percent of firms believe that employees’ behaviour on social networking sites could endanger their business’s security. And 91 percent of respondents to a survey said their company allows employees to use their work-related smartphones for personal use as well.

While this demonstrates the utility, practicality, and flexibility of using mobile devices to conduct business (often on demand and on the move), it is also an indication of both the immediate and impending challenges for organizations to ensure they have an adequate infrastructure in place to deal effectively with new security threats as they occur across several platforms.

Indeed, few organizations have a mobile security agenda in place, and many organizations are still unaware of the security threat posed by unrestricted smartphones. Only 51% of employees said their employer has communicated policies and/or best practices to them regarding the security of their smartphones.

The key concern of any organization is ensuring that sensitive information is subject to robust on-device security and encryption. In an era of multi-platform usage in enterprise, the issue of general information security becomes central to an organization’s ability to remain secure while maintaining healthy levels of productivity by avoiding excessive network downtime.

Around 73 percent of employees said they use their work-related smartphones to access information that could be considered sensitive or confidential.

What does this mean for organizations?

Half of all organizations are not prepared for the influx of personal mobile devices leading to serious headaches for IT departments struggling to devise an appropriate security policy.

• Organizations are unable to monitor or control employees’ work-related activities on their smartphone, increasing the risk of sensitive company data being compromised.
• Many organizations do not have user authentication policies on their employees’ mobile devices allowing unauthorized access to potentially sensitive company data.
• Organizations are unable to react to a security compromise or suspicious user behaviour by locking down a mobile device and wiping the contents if required.
• Employees are taking their smartphones overseas with them and potentially incurring huge roaming charges as organizations are unable to restrict access through roaming controls.

What is the solution?

Your organization needs to be sure that sensitive data is both secure and protected from unauthorized access. Your organization also need to be sure that your data are safe on servers, safe in transit and safe on your employees’ mobile devices. Here is what we advise in order to effectively ring-fence your data.

Currently, more than half (52 percent) of all employers have no app management system in place to manage apps on their employees’ smartphone.

• Security policy: Devise a clear and comprehensive mobile security policy. In an era where more and more employees are bringing their own smartphone to work, it is crucial that you have a clear policy in place to effectively deal with a multitude of devices with different approaches to security.
• Closed-loop system: Help your mobile enterprise flourish and keep your sensitive data secure by enforcing a closed loop system. What does this mean? It means requiring user authentication in order to access enterprise data on a mobile device. It means allowing users access only to the information they should have access to and preventing unauthorized sharing of that information.
• Track access: Be in control of data security by being able to track access with information due dates and expiration dates.
• Remote lock: Respond instantly to security risks by remotely locking access to data on specific employee devices or removing access entirely if an employee goes rogue or if the mobile device is lost or stolen.
• Roaming controls: Install roaming controls on employee smartphones in order to avoid the crippling cost of escalating mobile data charges incurred when overseas.

Are you a smartphone user?

So how do you combat these growing threats to your private data stored on your smartphone? Well, for starters, you had better make sure that you are staying one step ahead of the game by pre-empting security threats. Here are five things you can do right now to instantly boost security on your smartphone:

• Update: Always ensure your mobile firmware is up-to-date. This means regularly checking for updates to ensure that you have the latest security features to avoid exposing your device to security flaws that hackers are just waiting to exploit.
• Use an antivirus program: If your smartphone runs Android, Google’s open source mobile operating system, ensure that you have an antivirus app such as AVG installed to guard against potential malware lurking behind seemingly harmless apps.
• Use a PIN lock: Ensure your Smartphone has a PIN lock to access the phone and another PIN to access the home screen after your phone has been lying idle for a couple of minutes.
• Stay vigilant: Avoid clicking links in an anonymous text message or from an unreliable source within your mobile browser. Such attacks from seemingly harmless sources are on the rise as hackers target smartphones containing valuable personal and financial data.
• Be wary of apps: Only install apps from reputable sources. This is especially applicable to users of rooted phones or Android devices where apps may be installed from any source. Make sure that you only download apps from an approved marketplace and only after reviewing user comments and ratings for the app.

Kris Swanson is the chief commercial officer for Intuition Technology. Intuition Technology enables organizations to rapidly create, securely deliver, and seamlessly track courses, surveys, assessments, and other content across most mobile devices and tablets. Intuition Technology has successfully delivered over 150 mobile learning solutions since 2006.

Image courtesy of David Hammonds, Shutterstock

Three security startups caught our eye at the RSA Conference here in San Francisco today. Impermium, Pindrop Security, and MokaFive all showed off their technology as part of the conference’s Innovation Sandbox competition for startups.

10 startups got the chance to strut their wares on stage, solving all sorts of issues from the bring-your-own-device (BYOD) trend to telecommunications. Enterprise application security company Appthority won the competition – the company determines whether an application is safe by teaming up with enterprise Mobility Management and Mobile Device Management solutions such as BoxTone to review and rate each application that enters a company’s app store — but we wanted to shine the spotlight on our three favorites.

Impermium

As Internet users become more and more discerning of which online offers are legit and which are phishing scams, cyber criminals are in need of new avenues to dupe their victims. Focusing on securing social media, Impermium promises to weed out social spam before it affects your business. Impermium’s “Zaru” engine analyzes what’s happening on a business’s website. Social spam can exist in a company’s blog posts, comments, account sign-ups and more. Based on regular user activity, Impermium can detect whether an action is spam-y or legitimate. This can turn up false positives, however, and annoy customers who are actually trying to engage with your company. Impermium says its engine is getting smarter due to its growing “Threat Network,” which provides insight from all different websites on how humans interact on the Internet.

Impermium was founded in 2010 and has received funding from Greylock Partners, Accel Partners, Highland Capital Partners, and The Social+Capital Partnership.

Pindrop Security

Pindrop Security almost seems old school. The company is solving the lesser-known problem of caller-ID spoofing. That is, rigging your caller information to give another’s identity. Caller-ID spoofing is dangerous because sensitive information is often communicated over the phone. For instance, if your bank calls you and a criminal spoofs the call, he or she can then use your information to access accounts or open credit cards. Pindrop protects customers from caller-ID spoofing by reading the call’s audio-fingerprint, or a set of tones that define a caller’s location, phone type, and identity. The company provides a SaaS model as well as an on-premise model that acts on the receiving end of the call and does not tamper with telecommunications infrastructure.

Pindrop is headquartered in Atlanta, Georgia and has received funding from Andreessen-Horowitz and Sigma Partners.

MokaFive

MokaFive wants to help bring Apple to the enterprise. It has created software that lets your company’s IT distribute and control virtual desktops to any employee’s device. MokaFive does this by installing a hypervisor, or a layer of software that allows any computer to run any operating system, onto an employee’s computer. That hypervisor once had to live on the server-side, costing a lot of money implement and maintain. MokaFive attempts to eliminate time and financial cost by keeping the virtual desktops as “golden image” files on MokaFive’s servers. There, MokaFive piles on security features that allow IT to wipe a computer if it is stolen, update desktops, and more. The software takes up five gigabytes on the person’s computer and is otherwise fairly quiet.

MokaFive was founded in 2006 and has received funding from Fuller, Vinod Khosla, Highland Capital, Khosla Ventures, and NGEN.

Image via RSA Conference

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Whether accurate or exaggerated, claims of rampant malware apps have haunted the Android Market. Now, Google’s Android team is announcing Bouncer, a new security mechanism that should prevent bad apps from ever making it into the Market.

It’s a programmatic solution that’s allegedly good for both the goose (or users, in this case) and the gander (honest mobile developers who don’t want to wait through a lengthy application process à la the Apple App Store’s).

Bouncer, wrote Android engineering VP Hiroshi Lockheimer on the company blog, “provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process.”

Lockheimer revealed that Bouncer has already been in use for a while and has led to a 40 percent drop in the number of malware downloads from the Market.

This kind of security, if it works and works well, could potentially have very positive effects for the Android Market itself and for the Android operating system’s PR issues — and yes, a lot of the FUD around Android malware is PR, not facts, generated by mobile anti-virus companies and the Apple camp.

Here’s how Bouncer works: The program analyzes new apps submitted to the Android Market as well as apps already in the Market. It also screens developer accounts. Bouncer recognizes malware, trojans, spyware, and a range of other red-flag-type behaviors.

“We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior,” Lockheimer said.

And since Bouncer crawls developer accounts as well as individual applications, it can identify repeat offenders and prevent them from introducing more bad apps into the Market.

“No security approach is foolproof, and added scrutiny can often lead to important improvements,” Lockheimer concluded.

“Our systems are getting better at detecting and eliminating malware every day, and we continue to invite the community to work with us to keep Android safe.”

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Mobile security company Lookout Mobile released a new app today to show just how many mobile threats exist.

The app, called Mobile Threat Tracker, opens up to a view of the earth, shadowed like nighttime. A glow across the globe suggests Lookout Mobile users. It shows attacks in real time as Lookout Mobile’s security application detects and deflects them. This is then translated into what seems like a shooting star. You can travel around the globe by swiping your finger side to side to see attacks in progress. You can also look at analysis for the week on the top three threats and see what kind of threats those were. For instance, this week mobile users saw 60 percent more malware attacks than spyware attacks, including the attacks RuPaidMarket, Legacy, and DepositMobi.

Lookout Mobile creates antivirus software for both iPhones and Android smartphones, the latter of which bear the brunt of mobile malware attacks. Recently, the company created its Lookout Labs division to create more mobile products, separate from its antivirus arm. These mobile products serve the company by showing just how prevalent threats are. Its Carrier IQ app, for example, helps people detect whether spying software is on their phones.

One of the developers in the division, who just goes by Yuri, came up with the idea for Mobile Threat Tracker as a way to answer questions Lookout frequently hears from users like, “Are there really mobile threats?” or “What are the most common mobile threats?”

“I thought it would be interesting to build an application showing the many threats that Lookout detects across the world, telling the story of these individual users at a macro level,” he said.

Lookout recently reveled its top mobile threat predictions for 2012. Smartphone users should be looking out for more SMS fraud, which comes through an infected application and charges you money based on sent text messages. Also in the mix are malicious advertising links in applications and mobile botnets. Indeed, Lookout predicts that a smartphone user has a 30 percent chance of clicking a malicious link over a year.

Currently, Mobile Threat Tracker is only available on Android. You can download the free app here.

When technology evolves, so do cyber criminals’ tactics for compromising new software, hardware, online accounts and more. Whole conferences, such as the Black Hat and Defcon conferences in Las Vegas, focus on how people are able to gain access to our machines without permission. But 2011 was filled with the beginnings of a new breed of vigilante hacker, as well as the new world of mobile devices to breach.

McAfee predicts 2012 will boast Internet warfare, governmental displays of cyber strength, and breaches from hacktivists, but not from the same faces we’ve seen in 2011. Or, perhaps we should say, the same Guy Fawkes face. Anonymous, along with Lulzsec, spurred the hacktivist movement this year with high profile attacks on companies such as Sony, a number of law enforcement agencies, and government websites such as Syria’s Defense Ministry. Most recently the group attacked think tank Stratfor, obtaining and publishing thousands of credit cards.

But Anonymous is a new type of cyber criminal “group,” one that may be hard to define. Really, Anonymous is just a collection of individuals who all use the same Anonymous title. Individuals decide on an attack they’d like to execute, and become their own leaders and organizers for the group that decides to help. There is no overarching leader, no head honcho. Indeed, one Anonymous member told VentureBeat that the group’s “leaders” are really just bullhorns.

What projects are truly considered of “Anonymous” is even debated within the community, such as the declaration to take down Facebook on November 5th, which was never realized.

Perhaps because of its lacking internal structure, McAfee believes that the community with either reorganize itself or disband completely, similar to Lulzsec. Soon after the Spring attacks on the Sony Playstation Network, this hacker collective bowed out of the game, some members probably joining the Anonymous ranks.

McAfee believes we will see more Anonymous members come out of the digital shadows and join protests against politicians, law enforcement and other agencies. This was seen in August when the collective drew members of the Bay Area communities to protest the Bay Area Rapid Transit train system over BART police shootings earlier in the year.

It’s probably more likely that the group will reorganize or see sects branch out, than die off all together in 2012. Anonymous isn’t made up of individuals who all want to “dox,” or reveal personally identifiable information on the Internet. Instead, many of these people prefer disrupting a website’s service or systems to prove a point. These may be the people who branch off, leaving those who wish to publish personal information to fly the Anonymous flag.

Another issue in 2011 was the onslaught of mobile malware. You read everywhere about smartphones and how they are becoming essential to our every day lives. But with the proliferation of these devices comes illegal, lucrative opportunities. This year, Lookout Mobile predicted that mobile malware will become a profitable business in 2012, and will be focused on Android devices. According to the mobile security company, mobile criminals took $1 million from Android consumers this year.

This was achieved through schemes such as RuFraud, which charges people for premium text messages using a bogus application posing as a real one for bait. Malicious advertisements may also play a roll in mobile scamming, as browsing and buying becomes more popular on the go.

“Malvertisements” will be found outside of the browser as well. Some applications may sport the bad links right within its user interface. Lookout says applications most likely to be affected by this kind of scam are utility apps such as flashlights, gaming apps and porn apps. So, if you decide mobile is how you’d like to get your jollies in 2012, don’t be seduced by the advertisements.

Anonymous photo/Meghan Kelly, Android image via Shutterstock

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

With organizations from the Fortune 100 and U.S. government struggling to take control of smartphone security, we need to break the mental ties we have comparing it to a PC and remember the evolutionary path it took.

A PC did not give birth to a smartphone; the cellular phone of the 1980s did.

Here’s why this understanding is important to truly comprehending mobile security, especially when it comes to corporate IT and smartphones that do double duty for work and play.

Back in the early 1980s, I used my first personal computer, the Apple II.

The public school I attended purchased one for each classroom. I remember playing a few educational games and even attempting a bit of programming. Later that same year, my parents won a computer in a raffle and gave it to me. It was a Timex Sinclair 1000.

History has already written which of those two computers won, but they both had something very important in common: BASIC Programming. Both of these devices could be easily programed using a simple programming language. Simple enough that a technology-intrigued 6-year-old living in the suburbs of Chicago could learn to write programs to draw graphics and create simple video games.

The personal computer (PC) inspired its users, from age 6 to 96, to write their own software. I remember sitting in front of those computers for hours writing a few lines of code and then typing “RUN” to see what I had created. Even though most users do not write their own code, they still use PCs in a very similar way, sitting at the keyboard in one location.

Around the same time, I used my first cellular phone.

My neighbor, Jerry, was employed by Illinois Bell and was working on a project with Motorola to test cellular phones in cars. The entire trunk of his company-issued car was filled with circuit boards and blinking lights making up the cell phone components you hold in your hand today. Located between the front seats was a handset.

Jerry used to take me and his kids to get ice cream, letting us call our moms from the road. From the very start, cellular phones were meant to be mobile devices.

Both PCs and mobile phones evolved over the next 20 years without much convergence. Along the way, they became less expensive and easier to use, attracting more and more non-technical users. Today we still call the personal computer a PC (or a Mac), but the mobile phone gave birth to an array of sub-categories, with the most popular today known as a smartphone.

Often a smartphone is called a PC in your pocket. I even made that statement during a 2011 DEF CON presentation on smartphone security. The more I think about that statement, though, the more I start to believe that the root of our problems around mobile security is an extension of that incorrect comparison.

What we’re dealing with today is the rapid addition of features and a user adoption rate that accelerated faster than anyone anticipated, including organizations’ IT security departments.

While these departments were busy upgrading firewalls, installing IDS systems and anti-spam gateways, their users were waiting in lines around the block to spend hundreds of dollars of their own hard-earned cash to get the next generation of smartphone. Within minutes of their purchase, they connected to their corporate email accounts, installed games and other apps, and use the built-in VPN client to access intranet sites — all of this without oversight or control from their IT security department.

Now this same user group makes security mistakes every single day. They read both personal and business email on the same device and open attachments. They click on links they see on Facebook and Twitter. They allow their friends and children to play games on their device without oversight. They navigate to Websites via QR codes they see on the subway.

In order to understand how an organization would let this happen, we need to start at the top.

There likely isn’t a single CEO in the world that does not own a smartphone or tablet. When the CEO of the company wants a smartphone for business purposes, they get one, and so do all the CEO’s direct reports, and their direct reports, and so on. Pretty soon the entire company has a smartphone connected to the corporate network to access email, calendar, contacts and other information.

This is the moment when the IT security administrator stops reviewing firewall logs and realizes there is a problem, but then immediately thinks a solution already exists. All of these smartphones are really just itty, bitty PCs, right?

The IT security admin has a policy for connecting PCs to the corporate network and it goes something like this:

• Rule 1: The device must be owned and issued by the company.
• Rule 2: It must be connected to the corporate domain.
• Rule 3: It must be running anti-virus software.
• Rule 4: The user must not have local administrative access.

The IT security admin runs through each rule, quickly realizing none of the rules apply to smartphones, starting with the very first rule. Everyone from the CEO down to the mailroom staff bought their own device. The admin is certainly not in the position to tell his boss and his boss’s boss that the company needs to disconnect all smartphones from their network and purchase company-issued devices for all of their employees.

With that, the IT security admin goes back to reviewing firewall logs.

That’s the state most organizations are in today. Smartphones have to be categorized as their own class of device and secured via a completely different methodology, using some techniques probably yet to be invented.

There are, however, ways to help mitigate security risks in the interim. Properly defining the organizations support of smartphones, its users and the data they are required to access is fundamental until the devices themselves offer solutions natively or via 3rd party add-ons.

When these devices are treated as their own asset type, and only then, will IT security departments be able to secure the smartphones connected to their environment.

Nicholas J. Percoco is senior vice president and head of Trustwave SpiderLabs.

With more than 14 years of information security experience, Percoco heads Trustwave SpiderLabs, the advanced security and research team at Trustwave, which assists clients when making strategic decisions around security and compliance regimes. Trustwave SpiderLabs has performed more than 1300 computer incident response and forensic investigations globally, run thousands of penetration and application security tests for clients, and conducted security research to improve Trustwave’s products.

Image courtesy of reallyboring.

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

After two years of development, Lookout Mobile Security is launching a security app to protect iPhones. The app doesn’t protect against malware, since Apple has handled that task pretty well. But it does protect users from other bad things that can happen to their iPhones.

For instance, the app warns users when they are using unprotected WiFi wireless networks and instructs them not to send their usernames and passwords over the network while they’re on it.

“We’re providing security protection so that you know your data is safe,” said Kevin Mahaffey, chief technology officer at Lookout Mobile Security in Mountain View, Calif. “We took a while to make this, but we wanted to make sure we provided a worthwhile product. Historically, malware has not been a problem on the iPhone. But we found some areas where consumers need protection.”

The app also provides backup for the user’s contact list. It doesn’t yet provide protection for photos or videos, but that might come in future versions. The app also protects users against lost phones by helping them locate their phone if it is lost or stolen. Lookout also tells you if there are updates to be downloaded; often, such updates improve the device’s security.

Lookout noted that about 52 percent of iPhone users say they conduct mobile banking on their iPhones. About 93 percent of iPhone users said they are concerned about the security of the data stored on their iPhones. And about four of 10 iPhone users say they are unsure about the security of public WiFi networks. Lastly, more than a third of users don’t update their devices.

Mahaffey said that Apple has had much better security on its iPhones because it curates the App Store, making sure that any apps with malware don’t make it through testing. Google, by contrast, allows anyone to upload apps to the Android Market. Users are informed if the apps are using parts of the phones that have sensitive data, such as contacts. That’s why Lookout Mobile Security created its first smartphone app to protect Android phones from malware.

The reality is that there are still ways for iPhones to be compromised. That’s not good because smartphones are becoming security risks and are as important as some users’ personal computers when it comes to holding personal information.

When you look for a missing device with the Lookout app, it can locate it on a Google map or sound an alarm, even if the device is in silent or vibrate mode. (It can’t sound an alarm if the device is turned off).

The system advisor on the app tells you if your settings could put your privacy at risk or if your software is out of date. It also lets you know if your iPhone has been “Jailbroken,” or had Apple’s security circumvented. The service also tells you if your apps are using any location services that give away your location.

“People have heard a lot of stories about jailbroken phones and they need to be reassured about that,” Mahaffey said.

The backup and restore function will let you back your data up over the air. It will also restore your data to the same iPhone, a different iPhone, or an iPad.

Lookout already protects more than 12 million users with its Android app. Those users are on 400 networks in 170 countries. The app is available on Verizon, Sprint and T-Mobile phones. Right now, the app is free. It’s possible the company may issue an app with premium features in the future.

That’s a nice vote of confidence for San Francisco-based Lookout, which makes security software for smartphones such as Android mobile devices. Now that mobile phones are becoming a dominant computing platform, protecting them from threats is becoming a lot more important.

Lookout protects more than 12 million smartphone and tablet users from malware, spyware and identity theft attempts. It also backs up personal data and can quickly locate a lost or stolen phone. The Lookout app is powered by Lookout’s cloud-based Mobile Threat Network, which analyzes global threats and quickly blocks them with over-the-air updates to smartphones. That means Lookout can detect and deal with threats within minutes.

Current investors Khosla Ventures, Accel Partners, and Index Ventures also participated in the round. The company said the funding will create new products, expand worldwide, and hire more people, said John Hering, chief executive and co-founder. Jeff Jordan from Andreessen Horowitz will join the company’s board.

Gartner expects mobile phone shipments to hit a billion in 2015, far outpacing PC shipments. But the incidence of malware is increasing rapidly on phones. Lookout’s users are on 400 mobile networks in 170 countries. Lookout has raised $76.5 million to date.

Here’s an interview we did with Kevin Mahaffey, chief technology officer of Lookout, at the Black Hat security conference in Las Vegas in August.

The problem is that many users believe smartphones are relatively immune from malware, because they’re on closed mobile phone networks. But now that smartphones can access email and the web, they’re prone to attackers who target the known vulnerabilities of data communications.

“There is a huge increase in malware relative to last year on mobile phones,” said Kevin Mahaffey, chief technology officer at San Francisco-based Lookout, which protects mobile phones against malware. “The likelihood of encountering malware keeps going up.”

In January, there were hundreds of malware detections a day. Today, there are thousands. The company is revealing the data at the Black Hat security conference in Las Vegas this week.

Mahaffey said in an interview that Lookout has encountered 89 variants of just one piece of malware, DroidDream, because virus writers keep changing it and republishing different versions of it on different Android stores. Another piece of malware, GGtracker, would spread by advertising links in popular games. You would see an add for a battery saver app. If you clicked on it, the ad would load malware into your phone. The malware would then start sending you premium text messages, resulting in a huge monthly bill for the user.

“It seemed like a trusted download,” Mahaffey said.

Many pieces of malware are hidden in repackaged apps. These are legitimate apps that are pirated and then packaged with malware and then are re-uploaded to app stores. Games, utilities and porn apps are the mostly likely targets for repackaging, Mahaffey said.

Also, the malware writers are getting more clever. Now they are publishing clean apps that actually do something useful and are therefore likely to spread wide. Once they are widely distributed, the malware creators upload an update with malware into the app, which compromises the user’s phone.

“I hate to call it innovation, but we expect to see more clever ways about how to trick users into dowloading apps and how to make money from those users via malware,” Mahaffey said.

Most of the malware is on Android phones, but malware has spread through many mobile sites. Jailbroken phones are particular targeted because such apps exploit weaknesses in browsers to overcome a phone’s security. Malware can also attack the kernel layer of a jailbroken phone, much like what happens on the PC. Lookout has more than 10 million users across the globe, and its Mobile Threat Network scans more than 500 million apps a day.

Malware apps are now digging into personal wallets and personal information stored on phones. The malware can take control of a phone, steal personal data, or steal money. Lookout is funded by Accel Partners, Index Ventures, Khosla Ventures and Trilogy Equity Partners. Its app is available on 400 mobile networks in 170 countries. The company has been analyzing just about every known app through its App Genome Project, which has collected more than 700,000 mobile apps and is adding more than 1,000 aps daily. Lookout has around 60 employees.

Lookout’s app is available for free; a premium version has features such as more backup options and the ability to wipe your records from a stolen phone remotely. The premium version costs $2.99 a month.