Mobile payment apps can be a convenient way to send and receive money using your smartphone or smartwatch. Paying for items this way has never been easier, thanks to the availability of numerous mobile payment apps, better payment terminal infrastructure, and wider support for Bluetooth/near-field communication (NFC) contactless credit cards by American issuers. The coronavirus pandemic has also helped to make contactless “everything” more compelling. I tested out five different mobile payment apps: Apple Pay, Google Pay, Samsung Pay, Venmo (by PayPal) and Cash App (by Block, formerly Square) recently, and wrote my review for CNN/Underscored here.
It used to be that 1 TB of storage was a lot, but now this amount of storage is quite common to find on even the least expensive laptops. Over the years, a number of cloud-based storage vendors have begun to support the TB era and now many of them offer monthly storage plans for a reasonable price. We tested five different cloud-based storage apps—Apple iCloud+, Box, Dropbox, Google One, and Microsoft OneDrive—to see which one is the best cloud-based storage app for you. OneDrive comes out on top and it was easier to install on Macs than on some of our Windows PCs that had additional browser-based security that blocked the desktop client downloads.
Enterprise choices for virtual private networks (VPNs) used to be so simple. You had to choose between two protocols and a small number of suppliers. Those days are gone. Thanks to the pandemic, we have more remote workers than ever, and they need more sophisticated protection. And as the war in Ukraine continues, more people are turning to VPNs to get around blocks imposed by Russia and other authoritarian governments,
A VPN is still useful and perhaps essential to a modern mostly remote workplace. In this post for CSO, I describe these scenarios, what security researchers have found about how VPNs leak data or have other privacy issues, and what you should look for if you intend to deploy them across your enterprise.
CNN had me review a bunch of VPN services for their Underscored site. I looked at 11 different products. I don’t have to tell you why you should use a VPN. But no product can 100% handle the trade-off among three parameters: anonymity, or the ability to move online without anyone knowing who you are; privacy, or the ability to keep your own data to yourself; and security, or to prevent your computers and phones and other gear from being compromised by a criminal. You can’t do all three completely well unless you go back to pen and paper and the Pony Express. Using a VPN will help with all three aspects, and some are better than others at balancing all three.
My two favorites were Mullvad.net and IVPN.net. Both use a novel idea to ensure that they don’t know anything about you — when you download their software, you are assigned a random string of characters that you use to identify yourself. No email necessary. If you don’t want to use your credit card, you can pay via alt-coins too. Consider this a “single-factor” authentication. That means no password is required once you have entered your code, it is unlikely that anyone can guess this code or find it on the dark web (unless you reuse it, which you shouldn’t), and there is little chance anyone could connect it back to you even if they did manage to get a hold of the code in a breach.
Both vendors don’t have the largest server networks (that title is shared by Hotspot Shield, Private Internet Access, ExpressVPN and CyberGhost). But each of these are owned by corporate entities that play fast and loose with your private data (Aura and Kape Technologies). If you want to spend more time understanding the privacy issues, check out Yael Grauer’s excellent analysis for Consumer Reports Digital Lab here.
Not on my recommended list is the VPN that I have been using for the past several years — ProtonVPN (shown above). I am of two minds here. On the plus side, I have a fond spot in my nerd heart for Proton, the Swiss company that was an early proponent of encrypted email. But the VPN product is slower, more expensive, harder to use and more of an “OG” VPN that requires emails and credit cards to subscribe. Yael’s report also mentions some privacy difficulties with the service, as well as those well-advertised services mentioned above that have leaked data or aren’t as transparent as they claim to be.
If you leave home, you need to run some kind of VPN. Period.
With USB-C finally more-or-less standard across phones, tablets and laptops, and fewer and fewer manufacturers including chargers in the box with their products, a myriad of charging blocks have become available that promise to get your batteries topped up as quickly as possible.
To find the best USB-C charger for your devices, we tested 15 devices from respected manufacturers to find the best for your needs, whether you need to charge a phone, a laptop, or a bagful of accessories. My top pick was the PowerPort Atom III Slim — it has a single USB-C port, and is rated at 45W (there are older versions still on the market that are rated at 30W, so make sure you are getting the higher capacity unit). We liked the smaller footprint slim design, which combines a slimer unit (5/8” thick) with a folding power prong. These make fitting it behind furniture (or carrying in your travel bag) easier.
You can read my review of these chargers here for CNN’s Underscored site.
Email remains the soft underbelly of enterprise security because it is the most tempting target for hackers. They just need one victim to succumb to a phishing lure to enter your network. Phishing (in all its forms) is just one of many attacks that can leverage a poorly protected email infrastructure. Account takeovers (due to reused passwords), business email compromises, payment fraud, specialized mobile malware, and spam messages that contain hidden malware or poisoned web links. That places a heavy burden on any email security solution.
I have been testing and writing about these products for decades and in this roundup I touch on some of the latest integrations and innovations with nine security suites:
- Abnormal Security’s Integrated Cloud Email Security
- Area 1’s Horizon
- Barracuda Email Protection
- Cisco Secure Email
- FireEye Email Security
- Voltage SecureMail
- Mimecast Email Security
- Zix Secure Cloud Email Security Suite
As what seems like the usual operating procedure, figuring out the pricing for the numerous configurations can be vexing, with one vendor (FireEye) not providing pricing, and several other vendors who declined to participate entirely.
Organizations are starting to take an interest in homomorphic encryption, which allows computation to be performed directly on encrypted data without requiring access to a secret key. While the technology isn’t new (it has been around for more than a decade), many of its implementations are, and most of the vendors are either startups or have only had products sold within the past few years. While it’s difficult to obtain precise pricing, most of these tools aren’t going to be cheap: Expect to spend at least six figures and sign multi-year contracts to get started.
I review the early products in this market for CSOonline, describe some of the typical use cases, and provide some suggestions on how to evaluate them for enterprise uses.
Thales SafeNetTrusted Access (STA) offers a compelling blend of security solutions that bridge the MFA, SSO and access management worlds in a single, well-integrated package. STA does this by offering policy-based access controls and SSO with very strong authentication features. These policies are flexible and powerful enough that you can address a broad range of access scenarios.
Because STA covers multiple security workflows, there are several places that it can fit into your overall data protection needs. Part of your own motivation for using this product will depend on the particular direction that you are coming from. What you need STA to do will depend on what you have already purchased and where your existing security tools are weakest.
If you presently use another SSO tool, or if you aren’t happy with your existing identity management product, you might examine whether they can support or integrate with STA and use it as your principal identity provider. This will give you greater automation scope and move towards better MFA coverage for your consolidated logins.
If delivering MFA is your primary focus for purchasing a new identity product, STA should be on your short list of vendors. If you are rolling out MFA protection as part of a larger effort to secure your users and logins, then things get more interesting and the case for using STA becomes more compelling. For example, it can handle a variety of application authentication situations and be granular enough to deploy these methods for particular user collections and circumstances. Many older IAM products bolted-on their MFA methods with cumbersome or quirky integration methods or required you to purchase separate add-on products for these features. STA has had this flexibility built-in from the get-go and has a well-integrated MFA set of solutions.
If you presently use another vendor’s authentication app or have a collection of hardware tokens that you are trying to migration away from, you might want to examine whether STA’s MobilePass+ offers improvements to the user workflows that could increase MFA coverage across your application portfolio.
Thales SafeNetTrusted Access is available at this link. Pricing starts at $3.50 /user/month, which includes access management, SSO, authentication tokens and services support. A premium subscription which adds PKI MFA support is also available.
You can read my full report here. And here is my screencast video that points out the major product features:
I have updated my review of top email encryption tools for CSOonline/Network World this week. Most of the vendors have broadened the scope of their products to include anti-phishing, anti-spam and DLP. I last looked at these tools a few years ago, and have seen them evolve:
- HPE/Voltage SecureMail is now part of Micro Focus, part of an acquisition of other HPE software products
- Virtru Pro has extended its product with new features and integrations
- Inky no longer focuses on an endpoint encryption client and has instead moved into anti-phishing
- Zix Gateway rebranded and widened its offerings
- Symantec Email Security.cloud has added integrations
In my post today, I talk about recent trends in encryption and more details about each of these five products.
I have been reviewing single sign-on (SSO) tools for nearly seven years, and in my latest review for CSOonline, I identify some key trends and take a look at the progress of products from Cisco/Duo, Idaptive, ManageEngine, MicroFocus/NetIQ, Okta, OneLogin, PerfectCloud, Ping Identity and RSA. You can see the product summary chart here.
If you have yet to implement any SSO or identity management tool, or are looking to upgrade, this roundup of SSO tools will serve as a primer on where you want to take things. Given today’s threat landscape, you need to up your password game by trying to rid your users of the nasty habit of reusing their old standby passwords.
I also look at five different IT strategies to improve your password and login security, the role of smartphone authentication apps, and what is happening with FIDO.