In 1992, the author of several mind-bending sci-fi novels, Neal Stephenson, gave this concept a name: Metaverse. Companies like Valve, Oculus, and now Facebook (rebranded as Meta) have chased this dream with mixed success, and in the latter’s case, some controversy.

One of the limiting factors of virtual reality’s (VR) success has been its technological maturity; however, with recent development of 5G and the metaverse, VR seems to be following a similar path as the iPhone.

While it wasn’t the first of its kind, Apple’s flagship smartphone offered an attractive and overall useful package to consumers, making it a success, especially in its second generation with the support of the 3G cellular network. The drive toward mobile data usage and the technologies deployed by major U.S. telecommunications companies pushed smartphones into ubiquity.

Similarly, recent telecommunications technologies seem to be pushing virtual reality into rising popularity. With 5G hitting the airwaves, brand new bandwidth is opening up, leaving the telecommunications industry wondering what the next app that will take advantage of this new capacity is. Their answer is the metaverse.

Also read: What is the Metaverse and How Do Enterprises Stand to Benefit?

Virtually Everything

Verizon foresees a future where virtual reality and augmented reality (AR) are as commonplace as smartphones are now, enabled by a massive increase in data transfers from a nationwide 5G network.

As they describe it, metaverse will transcend beyond gaming and open up new possibilities, such as allowing shoe shoppers to use AR to try on a pair of virtual sneakers or cosmetics before buying the real thing.

The trick is, they don’t just want to deliver the experience; they want to sell the experience, too. As such, Verizon is putting real money behind this, launching metaverse experiences such as a fully virtualized Super Bowl.

And they aren’t alone. China Mobile kicked off its Mobile Cloud VR last year, which is a virtual socialization and shopping app supported by 5G. In addition, SK Telecom recently launched its own metaverse platform.

These companies saw the profits Apple and Google swept by leveraging 3G and 4G advancements, and they seek to get ahead of everyone else by planting their flags in the VR/AR space with their own apps.

How to Experience the Metaverse

High-quality virtual reality and augmented reality experiences can be had right now, but they come with significant limitations. An Oculus Quest 2 is a powerful device that costs less than what people pay for cell phones every year, but all that hardware is packed into an awkward, weighty package that can cause discomfort during prolonged play sessions.

The ill-fated Google Glass promised to bring maps, your calendar, the weather, and a host of other augmented reality services right before your eyes wherever you go. Despite an interesting premise, the product never found its footing, though Google hasn’t given up on it yet.

The right formfactor to experience a metaverse has yet to emerge, it seems.

Also read: The Metaverse: Catching the Next Internet-Like Wave

What’s the Real Vision Here?

Nevertheless, 5G providers like SK Telecom remain optimistic. The company’s vice president Cho Ik-hwan has even commented that the metaverse will become their core business platform as they develop first-party applications meant to occupy what they see as a wide-open space.

“We want to create a new kind of economic system,” said Ik-hwan. “A very giant, very virtual economic system.”

It’s unclear how SK Telecom will achieve that goal. At present, the company and others like it are investing in the development of VR/AR smartphone apps, but a cell phone with a 6-inch display screen doesn’t seem like an attractive formfactor to experience a transcendent metaverse adventure.

Further, the concept of a metaverse is still vague and formative, and even a $10 billion investment from Facebook has yet to give it focus or profit.

Similarly, Verizon’s approach seems unfocused, even self-contradictory. The company promises their metaverse experience will be without limits in a sentence immediately following a statement that you will “be required to abide by rules and regulations just like you would in the real world.”

That type of thinking exposes the real challenge telecommunications faces on this frontier. In this endeavor, they are stepping well outside their existing business models of steadily building infrastructure and entering into a field that demands artistic creativity and dynamism.

That field is more compatible with the “move fast and break things” mentality of Silicon Valley, and even Facebook is fighting an uphill battle.

Read next: Emerging Technologies are Exciting Digital Transformation Push

The post Is 5G Enough to Boost the Metaverse? appeared first on IT Business Edge.

(Image source: Polaris Market Research)

Another recent study by Economist Impact and NTT that surveyed 216 C-Suite level executives found that half of the companies surveyed plan to deploy a private 5G network within the next six months to two years.

(Image source: Economist Impact 2021)

But why are the driving factors and conditions? How will companies go about building these networks? What is needed? What are the benefits and potential roadblocks?

What is Private 5G?

Private cellular networks have been around for a long time, but they are usually only used by large organizations like the military or enterprises with critical infrastructure. These private networks are designed to be isolated from the public network and offer a higher level of security and control.

Telecom operators are rolling out Public 5G for users worldwide. In contrast, Private 5G is a specialized network that businesses use to take advantage of its low latency, high availability, complete control, and enhanced personalization to promote Industry 4.0 adoption more quickly.

Private 5G Market Growth Drivers

The arrival of the Covid-19 epidemic and its subsequent recurrence in the form of second-wave and third-wave across parts of the globe compelled firms to embrace private 5G adoption because of the network’s inherent advantages. Private 5G enables low latency, high bandwidth, improved video quality, and remote sensing for virtually all verticals, effectively utilized in remote working.

As a result, businesses use private 5G to fulfill the criteria established by the post-pandemic new normal scenario, which sped up the global adoption of private 5G.

Organizations with critical communications and industrial IoT (Internet of Things) needs—such as national security organizations, the military, utilities, oil and gas businesses, mining associations, train and port operators, manufacturers, and industrial behemoths—are investing heavily in private LTE networks.

Industry 4.0 has given rise to a new generation of industrial robots that are smarter, more adaptable, and increasingly automated. Various primary industrial operations such as Siemens AG, ABB Ltd., and Mercedes-Benz AG have made significant use of sensor-based technology and industrial robotics to improve operational efficiency and productivity. The private 5G network is essential for delivering seamless and secure Internet access to Industrial IoT (IIoT) devices.

Also read: 5G and AI: Ushering in New Tech Innovation

Benefits of Private 5G

Private cellular networks offer many advantages over public networks, the most important being security, control, and customization.

• Security: A private network is designed to be isolated from the public network, which offers a higher level of security. This is because a private network can be designed with security features that are not possible on a public network. For example, a private network can be designed so that only authorized devices can connect to it.
• Control: Another advantage of a private cellular network is that it offers complete control to the network owner. The network owner can decide who can access the network and what type of traffic is allowed on the network.
• Personalization and customization: A private cellular network also offers enhanced personalization and customization options. For example, the network owner can choose to allow only certain types of devices to connect to the network or create a custom profile for each user.
• High speeds, ultra-low latency, and application support: Private cellular networks offer high speeds (1-20 Gbit/s) and low latency (1 ms), essential for applications requiring real-time data. In addition, private 5G networks can be designed to support specific applications. For example, a private network can be designed to support video conferencing or VoIP calls.
• Increased number of devices: Private 5G networks can support a high number of devices on the network. For example, due to the enhanced bandwidth, spotty Wi-Fi service in a crowded office will become a thing of the past.

Potential Roadblocks of Private 5G

The cost associated with building and maintaining a private cellular network is one of the main roadblocks companies face. To build a private 5G network, businesses must buy spectrum from the government, mobile network operators, or third-party spectrum vendors. In addition, they must obtain 5G equipment such as base stations and mini-towers from network infrastructure vendors. They also require edge devices such as routers, smartphones, embedded modules, routers, and gateways.

In addition, building out a private 5G infrastructure comes with some technical challenges. Businesses need to have expertise in-house to design and manage the network. One of the main barriers is integrating 5G with legacy systems and networks.

Another potential roadblock is that businesses may not be able to get access to the same spectrum as they would on a public network.

Proprietary technologies and the lack of standards can also be a challenge for businesses when setting up a private network. This is because there is no one-size-fits-all solution for setting up a private network. Instead, each company will need to tailor its solution based on its specific needs. 

However, even with these challenges, a private 5G network is the best option for businesses that need high security, ultra-low latency, control, customization, and need to support numerous devices.

Getting Started with Private 5G

Getting started with a private cellular network requires careful planning and execution. Organizations need to carefully assess their requirements and objectives before embarking on this journey. They also need to partner with experienced vendors who can help them navigate these challenges successfully.

Due to the challenges of rolling out and managing private 5G networks, many organizations prefer to use a managed services provider. A managed services provider (MSP) can help businesses with end-to-end planning, design, deployment, and private network management.

Companies like Cisco and Ericsson are blazing the trail in this regard. In addition, such managed private 5G services take the complexity out of building and managing a private network. This is good news for businesses that want to reap the benefits of private cellular networks without investing in the necessary resources and expertise.

Read next: Best Enterprise 5G Network Providers 2022

The post Building a Private 5G Network for Your Business  appeared first on IT Business Edge.

5G is the fifth generation mobile network that is the new global wireless standard after 1G, 2G, 3G, and 4G networks. The 5G network is designed to connect everyone and everything, including devices, objects, and machines.

5G wireless technology is meant to deliver a uniform user experience to a larger user base, increased availability, tremendous network capacity, enhanced reliability, ultra-low latency, and higher multi-Gbps (gigabits per second) peak data speeds.

Why is the 5G Network Important?

5G wireless technology will offer unprecedented connection speed as well as numerous features that were not available in previous generations of wireless technology.

5G uses edge, cloud, and software-defined technology to broaden the wireless spectrum and increase bandwidth, which ensures you can connect more devices to a network simultaneously. Owing to its ultra-low latency, 5G technology continues to grow in popularity for both general and enterprise use.

The use cases of 5G technology cover a wide range, from live streaming to smart cities, smart factories, autonomous vehicles, and drones. Since 5G network access is not widespread at the moment, many enterprises are resorting to private 5G networks and benefiting from greater security and less latency compared to public 5G networks.

Also read: 5G Cybersecurity Risks and How to Address Them

Top 5G Network Providers

Ericsson Private 5G

Ericsson Private 5G fosters innovation possibilities and real-time, data-driven enterprise automation. The 5G business internet network provides several features, including high network security, automation of operations, remote control of any process, real-time control of every business process, a flexible design, and high-performance demand handling.

Key Differentiators

• Ericsson Private 5G is a next-generation private network built to modernize and digitalize business process operations and infrastructures.
• The private network is designed to support a wide array of deployment needs, requirements, and sizes. 
• Ericsson Private 5G is a scalable and future-proofed private network that is easy to install and comes with pre-integrated components.
• The end-to-end security of the private network ensures the privacy of data.
• The 5G network provides secure and robust communication with consistent latency.
• Ericsson Private 5G can manage the high-performance requirements of modern smart facilities powered by the Internet of Things (IoT) technology. 
• By employing Ericsson Private 5G, enterprises can unlock use cases and applications such as augmented reality (AR), edge computing, automation, and advanced manufacturing.

Pricing: Reach out to the Ericsson sales team for pricing details. 

AirScale Cloud RAN

AirScale Cloud RAN by Nokia enriches the potential of existing enterprise cloud infrastructure with 5G wireless connectivity in real time. The characteristics of the 5G provider include openness, flexibility, and agility.

Key Differentiators

• AirScale Cloud RAN helps enterprises commence their digital transformation with 5G wireless connectivity.
• With radio access network (RAN) virtualization, you can use shared edge infrastructure for edge cloud deployments.
• This architectural evolution to RANs introduces 5G radio capacity for a variety of innovative services and technologies that enable the establishment of new revenue and business models.
• AirScale Cloud RAN enables close collaboration with public cloud providers like Amazon Web Services (AWS) and Google Cloud.
• Shared cloud infrastructure enables the efficient and cost-effective usage of network resources.
• The 5G network provider enables the co-hosting of enterprise applications in the on-premises cloud at the edge of the network.
• AirScale Cloud RAN enables the automation and simplification of network operations.

Pricing: Contact the Nokia sales team for pricing information.

AT&T Business Mobility

AT&T Business Mobility provides secure, reliable, and quick 5G network coverage. With services built for productivity and flexibility, AT&T Business Mobility helps improve the efficiency of your employees and how they communicate with customers.

Key Differentiators

• You can obtain tailor-made solutions depending on your 5G business necessities.
• Select the right 5G wireless connectivity plan for each employee depending on the services they need.
• With the help of a broad portfolio of wearables, tablets, and smartphones, you can mobilize your business and help your employees collaborate and work efficiently.
• Business tools such as email marketing, online fax, web solutions, and data backup enhance the performance of your mobile workforce.
• AT&T ActiveArmor provides 24/7 proactive wireless network security.
• You can benefit from high-definition (HD) and 4K ultra high-definition (UHD) video streaming.
• AT&T Business Fast Track benefits you in times of congestion, as it assigns a higher priority to eligible business data.

Pricing: AT&T offers three 5G wireless plans: AT&T Business Unlimited Elite, AT&T Business Unlimited Performance, and AT&T Business Unlimited Starter. AT&T Business Unlimited Elite is ideal for enterprise use and costs $40 per month per line when you purchase six lines.

Samsung’s CBRS Solutions

Samsung’s Citizens Broadband Radio Service (CBRS) solutions provide ideal installation options to empower enterprises with a simpler introduction of private 5G networks and facilitate quick network deployment.

Key Differentiators

• Samsung is equipped with CBRS equipment that can encompass both indoor and outdoor environments, which enables enterprises to select the optimal solution for an environment and services that need a private 5G network.
• Samsung’s complete CBRS portfolio can facilitate a quick and seamless 5G deployment.
• The 5G provider offers concurrent support of Long-Term Evolution (LTE) and 5G.
• For enterprises that want to operate an LTE network, Samsung offers an easy software upgrade path for a smooth transition to 5G New Radio (NR).
• The CBRS Massive MIMO Radio is a vital solution that supports large data capacity, wide bandwidth, and high speed.
• Other solutions include the CBRS Radio and the CBRS Outdoor Small Cell.
• Samsung’s CBRS solutions make possible several use cases in the hospitality, residential, logistics, and utility sectors.

Pricing: To learn more, please reach out to Samsung’s sales team.

Also read: Best Managed Security Service Providers (MSSPs) 2022

AWS Private 5G

AWS Private 5G is a 5G cellular provider that allows you to simply scale, manage, and deploy a private cellular network, with all the required software and hardware provided by AWS.

Key Differentiators

• AWS Private 5G enables you to build a private cellular network to take advantage of the benefits of 5G technology while maintaining the device controls, granular application, and security of a private network.
• Get your 5G network up and running in days with automated setup and no complex integrations or long planning cycles.
• You can connect to thousands of machines and devices with high bandwidth and low latency.
• Safeguard your private 5G network with granular access controls for each connected device, integrated with existing IT policies.
• Pay only for the throughput and capacity you use, add devices with a few clicks, and scale the capacity of your network on demand.
• The use cases of AWS Private 5G include delivering reliable enterprise connectivity, enabling business-critical applications, and running a smart manufacturing facility.

Pricing: Contact the Amazon sales team for further information.  

Choosing a 5G Network Provider

5G technology is the new global standard of mobile networks and is expected to enhance the way people work and live. It is set to offer a much quicker connection speed than previous mobile networks.

That said, we advise you to visit the website of each 5G provider and review features, compare pricing plans, scrutinize peer-to-peer reviews, and purchase a 5G internet provider accordingly.

Read next: Top Infrastructure Monitoring Tools 2022

The post Best Enterprise 5G Network Providers 2022 appeared first on IT Business Edge.

The following covers cybersecurity risks in detail and explains how IT professionals can mitigate them when deploying 5G networks in an enterprise environment.

5G Cybersecurity Threats

There are four main risks that enterprises face while transitioning to 5G.

Exposing IoT devices to threat actors

The exponential development of IoT systems has been fueled by consumer electronics, business, network appliances, and industrial IoT (IIoT) devices. 5G technology will enhance certain IoT functions, leading to the proliferation of IoT devices and a security problem that individuals and organizations are unprepared to defend.

Because the design prioritizes simplicity of usage and connectivity, IoT devices are notoriously vulnerable. Every week, new flaws are being found in IoT systems, whether it’s a misconfiguration, lack of security, or delayed patching. According to one study by Forescout Research, there were 33 IoT vulnerabilities in 2020 impacting four open-source TCP/IP stacks (FNET, uIP, Nut/Net, and PicoTCP). Forescount noted that these stacks are the foundational connectivity components of millions of devices globally.

Attackers can leverage 5G’s increased connectivity to launch network assaults faster than ever before. For example, hackers can take advantage of vulnerabilities and quickly spread malware through IoT networks, disrupt supply chains, or use a swarm of routers as an IoT botnet to launch a distributed denial of service (DDoS) attack.

Also read: The Impact of 5G on Cloud Computing

A limited pool of security experts

Security experts are not keeping pace with the expansion of new technology, including cloud, AI, and IoT. According to the 2021 (ISC)² Cybersecurity Workforce Study, there is a cybersecurity workforce gap of 2.72 million cybersecurity professionals. And while many organizations are turning to security automation and machine learning solutions to help fill that gap, they won’t cover all areas of risk.

This lack of human resources has already caused problems for businesses trying to adopt or expand their use of fifth-generation networks. In addition, as companies rush to deploy these new technologies—often without proper planning or expertise—they’re exposing themselves to vulnerabilities that threat actors can exploit.

Vulnerabilities in private wireless networks

The ability to create private wireless networks via “network slicing” is one of 5G’s advantages that businesses are certain to exploit. By combining virtualized and independent logical network segments on a physical network, organizations may isolate client verticals’ network segments.

The problem is that network slicing adds complexity to the overall network, leading to poor implementation. For example, in networks where administrators operate several slices, including dedicated and shared functions, there could be a mapping deficiency between the application and transport layers. Once an attacker gains access to the 5G Service-Based Architecture, they can easily access data and launch DDoS attacks on other slices.

In addition, when numerous nodes are placed in unsecured network edge locations, CUPS (Control/User Plane Separation) may be vulnerable to data session interception. DDoS attacks using poorly secured IoT devices may overwhelm network resources through massive machine type communication systems.

Edge attacks

A mobile computing environment means greater exposure for enterprises and organizations if weak points are not addressed. For example, many data breaches are likely to occur at the network edge where employees access cloud applications because of inadequate security controls around remote devices and wireless networks.

The increasing use of bring your own device (BYOD) policies also places more risk on enterprise infrastructure. Personal phones create new entry points for hackers looking to steal sensitive information via malware apps installed by business partners or other third-party apps.

IT professionals can mitigate many of these vulnerabilities by taking a proactive approach to cybersecurity and creating secure end-to-end networks that protect data from the edge to the cloud. This security strategy will reduce risk, making it harder for hackers to get through enterprise defenses undetected and reduce costs associated with potential fines and lost business due to cyberattacks.

Also read: Detecting Vulnerabilities in Cloud-Native Architectures

5G Cybersecurity Threat Mitigation

5G was designed with enhanced security features such as:

• It protects base station spoofing and international mobile subscriber identity (IMSI) catchers, which eavesdrop on communications and track users’ movements
• Identity and access management that is more complex
• TLS protection for the mobile core as well as the new service-based architecture, which conceals the mobile core topology
• Extensible Authentication Protocol (EAP) support allows several authentication methods, including certificates and public-key encryption
• Mandatory user plane integrity protection
• Better security for roaming home network authentication control

However, with a lot at stake, IT professionals serious about 5G need to take the following actions to combat these threats.

A holistic approach to cybersecurity

Cybersecurity can no longer be simply another IT function. Enterprises must empower their chief information security officer to report directly to the CEO and Board. In addition, a holistic cybersecurity strategy must include people, processes, and technology.

Organizations need to have visibility into all devices on the network, including unmanaged or personal devices brought onto the network by employees. A vulnerability management program is critical for identifying and remediating known vulnerabilities promptly. Patch management programs are also essential for keeping systems up-to-date with the latest security patches.

To protect against unknown threats, organizations should deploy an intrusion detection and prevention system (IDS/IPS) at the edge of their networks. An IDS/IPS can detect malicious activity before reaching sensitive data centers or corporate networks.

Close the expertise gap

While many IT professionals understand the importance of cybersecurity, they may not have the expertise to deploy and manage the necessary 5G security controls. To combat the cybersecurity skills gap, organizations should consider retraining their current workforce and/or hiring new employees with the required skills.

End-to-end cybersecurity view

Too often, enterprises focus on securing specific systems or applications without having a holistic view of the entire network. Instead, a comprehensive cybersecurity strategy requires an end-to-end view of all devices and systems connected to the network. This includes understanding how these devices are interconnected and what data is accessed and processed by each device.

Supply chain risk management

Enterprises must also be aware of the potential risk from their hardware suppliers. As noted by Forescout Research, suppliers are the new attack surface for enterprise security teams.

Organizations should develop a strategy for assessing supplier risk and establish controls to mitigate those risks. This might include conducting due diligence on potential suppliers, including a review of their cybersecurity posture as well as implementing measures such as vulnerability scanning and penetration testing.

To take full advantage of the benefits of fifth-generation wireless technology while mitigating the associated cybersecurity risks, IT professionals need to be aware of the threats and take proactive steps to secure their networks.

Read next: 10 Ways Companies Screw Up Their Cyber Investigations

The post 5G Cybersecurity Risks and How to Address Them appeared first on IT Business Edge.

What is Wi-Fi 6e?

Wi-Fi 6e defines any wireless service that will be operating under the newly accessed 6GHz frequency spectrum. All Wi-Fi functions the same way: by waves. These waves are sent across a spectrum, a broad span of frequencies that range from MegaHertz to GigaHertz. The larger the spectrum, the more data can be transferred and the faster it will go. 6e is finally stepping into the as-of-yet untapped potential of the 6GHz frequency — the largest spectrum by far — which also means it will be the least congested and easiest to use.

How is it Different from Wi-Fi 6?

It’s faster, for one. It will enable large scale data transfers to occur much faster, enabling the transfer of whole Gigabits per second. Entire movies could be pre-streamed and loaded with no buffering within moments of being accessed. Increased speed also means lower latency; data will be accessed much faster than it used to be, allowing for more instantaneous transfers of files. Video calls will be smoother, with no lag or waiting to receive and respond to messages from across the world. The same can be said for game streaming — time between input to servers will be reduced to a point where nearly no latency will be felt. Considering how fast 5G networks and currently existing wireless performs now, it may even rival the speeds of direct Ethernet connection for devices.

Features of Wi-Fi 6e

Because of the wider channels there will be less congestion. Many people using one router or the same service will no longer have to worry about bottlenecking or throttling the network speed if they’re all using it at once. It can and will fit as much data as a single network can send, and then some. A higher frequency also means more potential outgoing connections, which means companies running servers to a large number of outside connections won’t need to worry about limiting data usage or how frequently they should be allowed to send files. No more “this data can’t be accessed” messages. Multiple users can download heavy data packs for essential work at the same time from the same source. Having multiple devices on one network will no longer be a hindrance, it will be the expected norm.

Also read: Data Management with AI: Making Big Data Manageable

Who Benefits From Wi-Fi 6e?

Everyone from corporations to everyday consumers will benefit from this new technology. It’s meant to service the widest possible reach of users because it is the widest band of frequency yet launched for wireless devices. It’s significantly faster and easier to stream from than the currently available picks, such as the 5G networks, which are still based on the old and congested 5GHz frequencies. 

Gaming is increasingly taking a larger portion of internet space, whether it’s people downloading games directly, streaming content to their devices, or sending information to servers in multiplayer games. The elimination of latency and lag between users will vastly improve interconnectivity across global regions, allowing for regional servers to seamlessly communicate in near real time.

What New Challenges Does Wi-Fi 6e Bring?

This is the biggest leap forward for wireless technology since 1989. The 6GHz spectrum more than quadruples the amount of usable airwaves that data can travel along. It’s easily considered to be the future of all internet and information centered technology. However, we’ve only just entered this new territory. The hardware still has to catch up, and old hardware won’t be capable of getting there. New devices, wireless routers, will need to be made that can catch these airwaves in order to make use of it. 

Data sharing centers and ISPs will obviously have the first claim of them, but this means a new generation of computer technology, smartphones, and other advanced devices will have to replace the ones that currently exist. A lot of upgrading will need to be done. In addition, 6GHz is a shorter wavelength; it’s four times bigger than the previous spectrum but it doesn’t cover the same distance. Data will be transferred instantly, but to reach a destination across the world it will have to transfer through multiple changing stations. The transfer to and from there will be nearly instant, but until the technology to handle it catches up with the resource, the speed might not be noticeable up front.

Is Wi-Fi 6e Worth it Now?

We will have to wait and see. As with all new technological innovations, the first steps are always the slowest and most awkward. Wi-Fi 6e capable routers have only just started to be produced. Early adopters will be taking them all up to test the capabilities of this new wavelength of data sharing. For now, it’s not commercially viable, but if you’ve ever lost time waiting for a big file to download to a wireless device, or lost money when a page had to buffer a little too long, Wi-Fi 6e is the forthcoming solution.

Read next: 5 Digital Transformation Hurdles and How to Get Over Them

The post What to Expect from Wi-Fi 6e appeared first on IT Business Edge.

Cybercriminals target new attack vectors when they see them as financially viable, especially without robust security measures. An attack surface is how unauthorized actors attempt to access mobile app backend features such as user profile information and data. A cybercriminal aims for automation by scanning all surfaces of a targeted application while collecting APIs keys or business logic to design a programmed attack.

Below are five mobile attack surfaces targeted by cybercriminals with tips on how app developers can improve cybersecurity.

Mobile App Integrity

Performance integrity is critical for mobile apps. When hackers attack a mobile app’s integrity, they are usually interested in three things:

1. Acquire identity keys: Cybercriminals try to acquire identity keys such as API keys, which they can use to reverse engineer the app.
2. Information extraction: Cybercriminals try to extract information from an app that could be used for hacking, such as access tokens or other information.
3. Transform the app into an attack tool: Cybercriminals transform the app into an attack tool by injecting malicious code. Once they do this, they can divert payments and revenue into their accounts.

To protect the integrity of their application, developers should determine if requests from various sources are valid.

Also read: Enterprise End-to-End Encryption is on the Rise

User Credentials

Attackers will often target user credentials, which are usually the highest level of security for apps. Additionally, cybercriminals will attempt to steal sensitive information by using social engineering. Cybercriminals will also try to exploit design and logic flaws in the app’s logic and security loopholes. 

Developers can take some steps to make their apps less susceptible to cyberattacks. One way is by adding a layer of authentication for users within the app, such as biometrics or two-factor authentication that has been available since Android Lollipop 5.0. 

Another way is by updating your app with credentials during the installation or upgrade process, which is more resistant to malware as it relies on an authorization token instead of static credentials like usernames and passwords. Cybercriminals often use malware to gain access to information stored within the app. 

API Channel Integrity

API channel integrity is one way to help ensure that API connections are safe. Unfortunately, the most common way to compromise channel integrity is through public Wi-Fi connections that expose the communication channel between the API and mobile app. While developers may implement TSL/SSL protocols to mitigate attacks, sophisticated attackers use man-in-the-middle (MITM) attack tools to set up dummy servers to steal information and read API queries/responses. 

MITM attacks can be achieved by targeting specific smartphone-oriented websites. In these cases, the primary goal of hackers is API server impersonation and tricking clients into believing they are in communication with each other. However, the reality is that the hacker intercepts communication at both ends and steals information. 

The channels venues that are of interest to attackers include:

• The API protocols in use. This allows the attacker to extract code and impersonate authentic traffic.
• Obtaining API keys by mounting an attack to insert scripts to convince the server that the communication comes from genuine client interaction.
• Extracting a user’s credentials and embedding them in scripts that the server will identify as coming from a trusted source.
• By tampering with the requested course of action, transactions made through API can be manipulated by cybercriminals to take a different turn than what was initially requested.
• Cybercriminals use a variety of strategies to break into an individual’s system. One example is exposing API vulnerabilities and accessing information that would not be accessible to the given person.

Consider the methods below to protect your channel’s integrity:

• Install a WEP security mechanism to protect your wireless connection from nearby unauthorized users.
• Change your router’s default password. Cybercriminals can be redirected if they have the login credentials for a Wi-Fi signal or VPN provider, so continually update your Wi-Fi passwords on routers and turn off remote access to the connection at home.
• Use VPNs to secure your traffic. When you are within a local area network, use virtual private networks to prevent attackers on the public internet from accessing your traffic.

Also read: APM Platforms are Driving Digital Business Transformation

Device Integrity

Device integrity is one of the most used mobile attack surfaces. Cybercriminals will often target sensitive information and data by using various vulnerabilities in applications or devices. Cybercriminals may try to bypass this security measure by tampering with the device or altering app data remotely. Cybercriminals may also install malicious applications on devices, often to exfiltrate sensitive information such as financial details or personal photos and videos.

One common technique used to bypass device security is rooting or jailbreaking. Another method is code tampering, where criminals use an instrumentation framework to insert malicious code into an app during runtime. Cybercriminals also use code tampering to hide malware within a legitimate app. To thwart hacking attempts on mobile apps, implement runtime self-defense code. This code monitors the app for rootkits and other intrusions.

Cybercriminals looking to plant malicious applications on a device often try brute-forcing an app’s code on cloud development platforms such as AWS. This process can be automated by a large number of bots, making it easier for the cybercriminal to exploit thousands of apps. You can use tools to monitor and detect suspicious behavior in your cloud environment, such as AWS GuardDuty.

API and Service Vulnerabilities

API and service vulnerabilities are vital as they could enable cybercriminals to exploit sensitive information in the app. Cybercriminals will also often target API vulnerabilities to achieve three common goals:

• Data theft: One target cybercriminals love to exploit is personal data, as it can be a valuable commodity for them. Along with physical theft of devices and users’ information through social engineering techniques, cybercriminals can access user accounts thanks to APIs that allow for the automation of many processes such as file syncing and credit card transactions. 
• Denial of Service (DOS): A denial of service attack targets the availability of the endpoints rendering them unusable for genuine requests. This is done by overloading the API endpoint with malicious API requests, causing a mobile app to go offline.
• Login system attacks: Attackers will relentlessly reuse passwords they have stolen by trial and error to access protected information. Working credentials are then used to access API information.

Cybercriminals are always looking for new ways to exploit mobile devices. Therefore, cybersecurity professionals should constantly look for and fix vulnerabilities that provide malicious actors access to their mobile apps.

Read next: Best Enterprise Mobility Management Solutions & Software 2021

The post 5 Mobile Attack Surfaces Targeted by Cybercriminals appeared first on IT Business Edge.

Employing an integration jointly developed by the two companies, IT teams that have adopted the ServiceNow IT service management (ITSM) platform will now be able to provide support to users of Windows 365 via the Microsoft Teams collaboration service.

Windows 365 employs application virtualization to create what Microsoft is positioning as a Cloud PC that makes it easier for end users to work from anywhere. Windows 365 is being offered alongside an existing Azure Virtual Desktop service that Microsoft already provides. Application virtualization of virtual desktops is not a new idea, but Microsoft is trying to shift consumption of as many applications as possible into the cloud.

Enabling End Users Through Microsoft Teams 

Microsoft Teams, meanwhile, is emerging as another channel through which IT teams can provide support for end users wherever they are, says Manish Srivastava, vice president of product management for ITSM at ServiceNow. Microsoft is betting that in time Microsoft Teams will emerge as the dominant collaboration platform for end users that are increasingly working from anywhere (WFA).

Prior to the pandemic the overall percentage of end users that worked outside of an office regularly was relatively small. As the pandemic continues to subside many employees are returning to offices. However, it will be a lot more common for many of them to also work outside the office more often. That shift is putting a strain on IT teams that are being asked to support end users. The best way to reduce that stress is to enable end users to self-service as much of their IT needs as possible, says Srivastava.

Also read: Microsoft Inspire Keynote Highlights Partners and Changes

Empowering IT Teams with Web, Mobile Interfaces

Most IT teams were more than able up to the challenge of enabling the bulk of their workforce to work from home in the early days of the pandemic. However, it’s clear the IT teams are now being asked to up their proverbial game yet again. “The bar is now higher than ever before,” says Srivastava.

The ServiceNow platform makes it simpler to deliver IT services via Web or mobile interfaces or on platforms such as Microsoft Teams that are becoming the way end users and IT teams communicate with one another within many organizations.

In the meantime, IT professionals should ask themselves if they are being given the tools they require to support WFA initiatives. If they are not, chances are good the job at hand is about to generate a high-level of stress. Many of them will be casting about to see what organizations are really investing in WFA versus simply paying it lip service. The organizations that do live up that commitment are naturally going to be where the best IT talent migrates to in the months ahead. 

Read next: Microsoft Embraces the Significance of Developers

The post ServiceNow Lends Support to Microsoft Cloud PC Initiative appeared first on IT Business Edge.

Unveiled during an online preview of the discussions Intel hopes to lead during the Mobile World Congress 2021 event next week, the Intel Network Platform is part of a larger effort to accelerate deployment of applications at the point where data is increasingly being created, consumed, and analyzed, said Dan Rodriguez, corporate vice president for the Network Platforms Group at Intel.

As part of that effort, Intel is making available Intel Smart Edge, a toolkit developers employ to manage access to edge computing services, in two flavors. One is an open source Intel Smart Edge Open toolkit formerly known as OpenNESS, while the other is a commercial instance of the toolkit supported by Intel.

Finally, Intel is also expanding the Intel Agilex field-programmable gate arrays (FPGAs) to include support for integrated cryptography to better support security in addition to making available an Ethernet adapter designed for space-constrained locations.

Also read: Edge Computing Set to Explode Alongside Rise of 5G

Building Integrated Infrastructures

Intel sees the rise of edge computing as an opportunity to convince organizations that rely on proprietary ASICs or rival communications platforms from Broadcom to standardize on a mix of processors and software from Intel — making it easier to converge compute, storage and networking. As organizations process and analyze data at the point where it is created and consumed, the need for more integration at the infrastructure level becomes more apparent, noted Rodriguez.

Intel is betting that, in a few years, large workload volumes will be processed outside of a traditional data center or cloud computing environment. 

“Analysts tell us 75% of workloads will be running outside of a data center,” said Rodriguez.

That doesn’t mean there will be fewer workloads running in the cloud or an on-premises data center. What it does mean is that the relationship between workloads spanning everything from the edge to the cloud and everything in between will become more nuanced. More challenging still, there’s no such thing as a single edge computing platform. Depending on the use case, an edge computing platform can be anything from a simple gateway to a complete hyperconverged infrastructure (HCI) platform. Each platform may be connected over a dedicated network connection or increasingly wireless 5G or even, one day, possibly a 6G connection.

Refining Data Management

In the meantime, IT teams may want to gear up for a new era of IT. Rather than data always being brought to compute in the cloud or a local data center, it’s clear computing is being brought to where data is being created and consumed. That shift will naturally have a major impact on how data is managed and secured as the amount of raw data moving across a wide area network (WAN) continues to decline. Of course, the amount of data being generated continues to grow unabated. The challenge now is figuring out where best to process that data based on latency requirements of any given application.       

Read next: Compare Top Cloud Computing Providers of 2021

The post Intel Makes Building 5G Platforms at the Edge Easier appeared first on IT Business Edge.

The COVID-19 pandemic has upended traditional work models. In the wake of the global shift to a work-from-anywhere model, the stakes for managing access to valuable enterprise data are even higher. As businesses seek to unlock new levels of productivity from a dispersed workforce already armed with a host of mobile devices,  enterprise mobility management (EMM) is playing a more significant role than ever  in protecting enterprises from potential security breaches.

Benefits of EMM

Historically, organizations faced a serious challenge: Mobile devices had exploded in sophistication and capabilities and people increasingly were using them in their work life. In some cases, the use was sanctioned. In other cases, it wasn’t. In the process, a lot of valuable data was suddenly outside of the corporate firewall.

These developments were catalysts for an explosion of creative approaches to managing mobile devices. Ways needed to be found to do a number of tricky things, such as securing data on devices without harming employee data or taking liberties with the owner’s personal information, wiping devices clean of sensitive data if they go missing, ensuring that apps being downloaded were safe, and empowering owners to download personal apps that weren’t secure without endangering corporate data.

A flurry of similar sounding but different techniques, such mobile device management (MDM) and mobile application management (MAM), emerged. Those earlier approaches have been subsumed into the next generation, enterprise mobility management (EMM), which consolidates those earlier technologies in a way that simplifies and enhances efficiency. It also marries that management to identity tools in order to track and assess employees and usage.

Enterprise mobility management allows for:

• Management of mobile and stationary devices. Organizations have a wide array of devices. Mobile devices are not always used on the road, while PCs and other large devices are not always only used in an office. The goal of EMM is to put as many of an organization’s devices under one umbrella as possible.
• Protection of corporate information. Whether an organization “officially” adopts BYOD or not, EMM uses MDM and other earlier classes of software management to protect corporate data. Indeed, doing this effectively meets the BYOD challenges that seemed overwhelming just a few years ago.
• Protection of employees’ information. Likewise, an employee will be resistant to using his or her device at work if there is a fear that private data will be compromised or disappear. EMM meets this challenge as well. 
• Collection of analytics on usage. EMM platforms are comprehensive. Great amounts of data are collected and this data can enable organizations to work smarter and less expensively.
• Control of data on lost/stolen devices. Mobile devices are often lost and stolen. EMM, calling on the MDM tools that generally are part of the package, can wipe valuable data off of the device. In most cases, wiping personal data is handled separately.
• Setting and control of corporate policies flexibly. EMM is a powerful platform for establishing and implementing corporate policies. These policies can be changed on the fly and be customized according to department, level of seniority, geographically, and many other ways.
• Control of corporate applications. EMM platforms usually involve app stores. The overriding idea is that apps can be deployed quickly and securely. This flexibility enables an organization to take advantage of sudden opportunities and in other ways efficiently react to fast-changing conditions.
• Keeping security software up to date. Security postures change quickly — and employees are not always able or willing to keep their security up to date. EMM functionality can lead to a much more timely distribution of patches and, ultimately, a safer workplace.
• Meeting compliance requirements. Policy enforcement is an important EMM benefit. Taking that a step further is the ability to help mobile devices meet compliance standards. A doctor taking home patient imaging on her tablet or a CEO with sensitive corporate financial data on his phone must have end-to-end infrastructure proven to be safe and secure. EMM can help.
• Simplification of management, security, and other functions. The mobile world in general and BYOD in particular grew in enterprise importance very quickly. The resulting security and management challenges were great and generated tremendous creativity in software. The current era is characterized to some extent in integrating those tools into broader platforms. EMM is a key step in this evolution.

Also read: How to Protect Endpoints While Your Employees Work Remotely

Key Features to Consider in EMM Software

Here are key features to consider when comparing and purchasing EMM software: 

• Quick and easy deployment. EMM is about automation. To be effective, it puts a premium on being quick and simple to deploy. The idea is to come as close as possible to “out-of-the-box” configuration.
• Serve multiple operating systems. In most cases, the EMM platforms work on all (or at least most) OSes. The idea, simply, is that most environments are mixed. Serving only a limited number of platforms will be a strike against the platform.
• On-premises and in the cloud. EMM generally can be located on-premises or in the cloud.
• Inclusive of MDM, MAM and other forms of software management. Increasingly, common software tools, such as MDM and MAM, are becoming part of broad EMM platforms. EMM platforms, in turn, are evolving to be unified endpoint management (UEM) suites that more fully incorporate non-mobile devices such as PCs and Macs.
• Confront the BYOD challenge. The explosion of management software aimed at mobile devices was the birth of BYOD. Suddenly, organizations didn’t know where their valuable data was. Consequently, MDM, MAM and other approaches were meant to meet the BYOD challenge. EMM is a recent iteration of that trend, with UEM not far behind.
• Produce analytics that can be useful in planning. EMM platforms generate data. This input is useful in creating policies that best serve the mobile workforce. The data can also lead to lower telecommunications costs and other advantages. 
• Help with compliance. Finance, healthcare, and other industries make exacting demands on how data is handled. These demands become even harder when the data is traveling to and from, and being stored in, a mobile device. EMM can help ensure that rules are being followed and data is not being compromised.
• Remote troubleshooting and configure devices. IT teams have the ability to assess and fix problems (including jailbroken and rooted devices), remotely wipe and revoke devices, and enforce security measures. 
• Teams up with identity software to create a more comprehensive view of employees. This is a vital step in managing complex networks. It also helps the organization create a more accurate profile of employees and, collectively, how the workforce uses their devices. There likely are surprises that lead to greater efficiencies, cost savings and new services and approaches.

Read next: Top Endpoint Security & Protection Software

Best Enterprise Mobility Management Solutions

VMware Workspace ONE

VMware has evolved its unified endpoint management technology, formerly known as Airwatch, into a digital workspace platform that combines Airwatch technology with the company’s VMWare Horizon platform for delivering and authenticating virtual desktops and apps across the hybrid cloud. Workspace ONE allows organizations to manage their cloud and mobile assets from one platform and offers single sign-on (SSO) access to cloud, mobile and web apps. The platform also allows IT admins to enforce conditional access and compliance policies, automates onboarding and laptop and mobile device configuration as well as delivers integrated insights.

IT teams can deploy VMware Workspace ONE on-premises, in the cloud, and hybrid with different components deployed on-premises and in the cloud. 

FEATURES: 

• Supports a vast array of devices, including mobile operating systems, wearables, 3D graphics workstations, and more
• Supports several device management approaches, including BYOD, choose-your-own, corporate owned, locked down, etc. 
• Intelligent Hub app provides simple, adaptive device management for end users logging in on a BYO devices 
• Offers several network access control provisions, including conditional access policies, advanced data leak protections, and detailed real-time visibility with application, device and console events and reports. 
• Automated app management to enable better security and compliance 
• Supports integration with Active Directory and with LDAP directories such as OpenLDAP
• Allows first time users to try the platform for free, but follows a three-tiered (Standard, Advanced, Enterprise) pricing model as well as offers perpetual licenses. 

PROS: 

• Ease of use.
• Clean user interface.
• Good customer support and service.

CONS:

• Grows expensive over time.
• Admin console can be confusing.
• Training on features of the platform is costly.

Citrix Endpoint Management

Formerly Xenmobile, Citrix Endpoint Management is part of the ecosystem of Citrix Workspace tools that unifies client management and enterprise mobility management.  A comprehensive solution, the platform offers users single-click access to all of their apps within Citrix Workspace, while allowing IT to easily configure, manage and secure an array of devices, including smartphones, tablets, laptops, IoT devices and more.  

The post Best Enterprise Mobility Management Solutions & Software 2022 appeared first on IT Business Edge.

However, E2EE has its detractors. Created  to ensure that messages stay private between correspondents, E2EE has been a thorny issue between law enforcement and intelligence agencies seeking to gain access to users’ encrypted messages and tech companies who want to keep their customers’ communications confidential. 

What is E2EE?

End-to-end encryption is an encryption technique that uses cryptographic keys to scramble messages between a sender and a recipient. A program on a sender’s device generates two keys — a public and a private one — that encrypts the message that is then used to decode it for the recipient. This process ensures that no one, including the communications provider, can read or access the message while it is in transit as it appears as unintelligible gibberish to prying eyes or malicious actors. 

As the pandemic continues to reshape workforce models and the push toward digital transformation accelerates, the benefits of enterprise E2EE are emerging. 

Also read: Best Identity Access Management Software 2021

Benefits of Enterprise E2EE

While E2EE has been around for years in consumer-grade devices, the leap to enterprise use is a recent development. As the COVID-19 pandemic took hold, forcing organizations large and small to accelerate digital transformation initiatives, E2EE became an attractive consideration for enterprises concerned about data security both in the cloud and on-premises network environments.

Enterprises who have their cloud computing environments in place, often rely on the security measures offered by their cloud providers. Though this security offers data encryption at rest, data becomes vulnerable if hackers access the providers servers where encryption keys are stored. Because E2EE stores encryption keys on user devices and not on servers, access to encrypted data  during such a breach would not be possible. 

“End-to-end encryption (E2EE) ensures that the data itself is protected, no matter where it is stored,” says Istan Lam, CEO of Tresorit, a Switzerland-based provider of E2EE solutions. “Besides providing the highest security level, E2EE is combining the convenience of cloud-based services with the data security and control of on-premises solutions for enterprises: it enables easy implementation, flexibility, accessibility, and scalability — together with the highest level of data security, integrity, and confidentiality. 

“End-to-end encryption ensures that control over encryption keys and the data itself remains in the hands of the owner, providing enterprises ultimate control over their data. No third party can access end-to-end encrypted data, not even the service providers themselves. Due to this, E2EE helps enterprises meet strict data protection compliance requirements and mitigate the risks of data breaches and leaks.”

As the diversification of the workforce continues, allowing remote workers access to files in the name of collaboration and efficiency has raised concerns about phishing scams and potential malware threats. These potential breaches also exist within organizations’ IT teams, where inexperience and the rush to build digitally driven processes can result in configuration issues that open up threat windows and surfaces. 

“Enterprise IT is often no longer a “known entity” where all parts are on managed and fully controlled infrastructure,” says Mathias Ortmann, CTO/CSA at New Zealand-based Mega Limited, an E2EE solutions provider. “Instead, there are mobile users, remote workers, and independent third parties who could potentially make enterprise networks porous. E2EE can add an important layer of protection in that scenario. E2EE also lets enterprises and other large organizations outsource storage and communication services without compromising on security or having to build costly, and probably inferior, systems from scratch.”

Also read: Email Security Tips to Prevent Phishing and Malware

Enterprise E2EE Use Challenges

When properly implemented, E2EE providers can not decrypt user data or communication that resides or moves through its infrastructure, notes Ortmann. However, if encryption credentials are lost so is access to your data. 

“Put simply, with proper E2EE, there is no password reset,” Ortmann explains. “Password loss is the biggest E2EE-related risk an organization faces. MEGA recognizes this and frequently reminds its users of the importance of safeguarding their recovery keys, which enable them to set a new password while retaining access to their data. Robust and secure key management is an essential component of enterprise-level E2EE usage.”

Lam also acknowledges that there are some feature set gaps offered by EE2E providers that cloud service providers offer such as file and content searches — a fault of EE2E technology itself.

“As end-to-end encryption ensures that the data never reaches the services’ servers in a readable format, processing user data for features such as searching in file contents presents complex problems for developers to solve,” notes Lam. “However, there is promising scientific research — for example, in the field of homomorphic encryption — that should help vendors overcome these technology challenges in the future.”

Enterprise E2EE Use Rises

As global companies like Zoom and Microsoft implement E2EE into their platforms and products, the robust security measure is on its way to becoming an industry standard. This growing recognition of the benefits of E2EE runs parallel to efforts by law enforcement agencies to have regulations in place to require E2EE providers to create ways, such as master keys, that allows them access to customer data — a direct violation of the created purpose of E2EE, which is to give users complete control of how their data is accessed and shared. . 

“MEGA sees E2EE becoming the norm for corporate audio and video calls and conferences,” Ortmann predicts. “E2EE will also help protect sectors that simply cannot afford to have their data exposed to anyone unauthorized, due to confidentiality and regulatory requirements, not to mention reputational risks. This could be law offices, health care providers, insurers, and financial sector enterprises.”

Lam, like Ortmann, Lam sees E2EE becoming an industry go-to security tool, with use cases emerging across consumer and enterprise data protection. 

“As the demand for data security grows with digital acceleration, I expect even more enterprise IT vendors will integrate end-to-end encryption in their products and adoption in the enterprise sector will ramp up.”

Read next: Best Practices for Application Security

The post Enterprise End-to-End Encryption is on the Rise appeared first on IT Business Edge.