5 Security Lessons for Small Security Teams for the Post COVID19 Era

A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about.

Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working from home.

Like in an eerie doomsday movie, servers were left on in the office, but nobody was sitting in the chairs.

While everyone hopes that the world returns to its previous state, it’s evident that work dynamics have changed forever. From now on, we can assume a hybrid work environment.

Even companies that will require their employees to arrive daily at their offices recognize that they have undergone a digital transformation, and work from home habits will remain.

The eBook “5 Security Lessons for Small Security Teams for a Post-COVID19 Era” (download here) helps companies prepare for these new work dynamics. The practical insights and provided recommendations make this a very helpful guide for small security teams that feel the brunt of security on a daily basis and now need to add one more item to their security strategy planning and execution.

This eBook details the following five security lessons derived from current business, IT, and threat landscape trends:

  1. You can’t do it all. In particular, they suggest asking your security vendor for their customer success and offered services. Some vendors provide a range of free offerings, but many customers don’t realize this and forego the opportunity to extend their security team virtually.
  2. Response speed is the name of the game. Everyone will tell you that automation is key. The guide takes it a step further and also suggests how to remove overheads from security stacks as well as how to reduce analyst work inefficiencies.
  3. More corporate devices to be issued to employees. This point provides best practices for securely procuring and managing all of those new devices, also when the security team works remotely.
  4. Supply chain attacks are on the rise. Your supplier’s security, unfortunately, becomes your security. The guide provides tips on how to receive more visibility into the threats that now reside in your environment, including how to address this challenge in a budget-constrained way.
  5. Economies have changed. When ransomware is growing to insurmountable amounts, what are the ways – from training to technologies – to best protect your business.

At the end of the day, small security teams deal with many challenges. As all security teams go, they have the burden of tedious tasks and operational demands while needing to keep the business going.

But on top of that, they have a stricter budget and human resource limitations. In each practical step, this guide takes these constraints into consideration.

Source :
https://thehackernews.com/2021/02/5-security-lessons-for-small-security.html

Google Pixel 4a is the first device to go through ioXt at launch

Trust is very important when it comes to the relationship between a user and their smartphone. While phone functionality and design can enhance the user experience, security is fundamental and foundational to our relationship with our phones.There are multiple ways to build trust around the security capabilities that a device provides and we continue to invest in verifiable ways to do just that.

Pixel 4a ioXt certification

Today we are happy to announce that the Pixel 4/4 XL and the newly launched Pixel 4a are the first Android smartphones to go through ioXt certification against the Android Profile.

The Internet of Secure Things Alliance (ioXt) manages a security compliance assessment program for connected devices. ioXt has over 200 members across various industries, including Google, Amazon, Facebook, T-Mobile, Comcast, Zigbee Alliance, Z-Wave Alliance, Legrand, Resideo, Schneider Electric, and many others. With so many companies involved, ioXt covers a wide range of device types, including smart lighting, smart speakers, webcams, and Android smartphones.

The core focus of ioXt is “to set security standards that bring security, upgradability and transparency to the market and directly into the hands of consumers.” This is accomplished by assessing devices against a baseline set of requirements and relying on publicly available evidence. The goal of ioXt’s approach is to enable users, enterprises, regulators, and other stakeholders to understand the security in connected products to drive better awareness towards how these products are protecting the security and privacy of users.

ioXt’s baseline security requirements are tailored for product classes, and the ioXt Android Profile enables smartphone manufacturers to differentiate security capabilities, including biometric authentication strength, security update frequency, length of security support lifetime commitment, vulnerability disclosure program quality, and preloaded app risk minimization.

We believe that using a widely known industry consortium standard for Pixel certification provides increased trust in the security claims we make to our users. NCC Group has published an audit report that can be downloaded here. The report documents the evaluation of Pixel 4/4 XL and Pixel 4a against the ioXt Android Profile.

Security by Default is one of the most important criteria used in the ioXt Android profile. Security by Default rates devices by cumulatively scoring the risk for all preloads on a particular device. For this particular measurement, we worked with a team of university experts from the University of Cambridge, University of Strathclyde, and Johannes Kepler University in Linz to create a formula that considers the risk of platform signed apps, pregranted permissions on preloaded apps, and apps communicating using cleartext traffic.

Screenshot of the presentation of the Android Device Security Database at the Android Security Symposium 2020

In partnership with those teams, Google created Uraniborg, an open source tool that collects necessary attributes from the device and runs it through this formula to come up with a raw score. NCC Group leveraged Uraniborg to conduct the assessment for the ioXt Security by Default category.

As part of our ongoing certification efforts, we look forward to submitting future Pixel smartphones through the ioXt standard, and we encourage the Android device ecosystem to participate in similar transparency efforts for their devices.

Acknowledgements: This post leveraged contributions from Sudhi Herle, Billy Lau and Sam Schumacher

Source :
https://security.googleblog.com/2020/08/pixel-4a-is-first-device-to-go-through.html

10 things to know about Android 10

Android 10 is here! With this release, we focused on making your everyday life easier with features powered by on-device machine learning, as well as supporting new technologies like Foldables and 5G. At the same time, with almost 50 changes related to privacy and security, Android 10 gives you greater protection, transparency, and control over your data. This builds on top of our ongoing commitment to provide industry-leading security and privacy protections on Android. We also built new tools that empower people of all abilities, and help you find the right balance with technology.

Here are the 10 things you should know, centered on innovation, security and privacy and digital wellbeing:

Simpler, smarter, and more helpful

1. Smart Reply now suggests actions. So when someone sends you a message with an address or a YouTube video, you can open and navigate in Google Maps or open up the video in YouTube—no copying and pasting required. And Smart Reply now works across all your favorite messaging apps.

2. Come to the dark side… with Dark Theme. You can enable Dark Theme for your entire phone or for specific apps like Photos and Calendar. It’s easier on your eyes, and your phone battery too.

3. Take advantage of larger, edge-to-edge screens with the new gesture navigation. With simple swipes, you can go backwards, pull up the homescreen, and fluidly move between tasks. After switching, you won’t want to go back to visible buttons.

4. With a single tap, Live Caption will automatically caption videos, podcasts and audio messages across any app—even stuff you record yourself. Live Caption will become available this fall, starting with Pixel.

New privacy and security features put you in control

5. You can choose to only share location data with apps while you’re using them. You’ll also receive reminders when an app that you are not actively using is accessing your location, so you can decide whether or not to continue sharing.

6. In a new Privacy section under Settings, you’ll find important controls like Web & App Activity and Ad Settings in one place.

7. With Google Play system updates, important security and privacy fixes can now be sent to your phone from Google Play, in the same way your apps update. So you get these fixes as soon as they’re available, without having to wait for a full OS update.

Find the right balance with technology for you and your family

8. You have greater control over where and when notifications will alert you. Mark notifications as “Silent” and they won’t make noise or appear on your lockscreen, so you're only alerted by notifications when you want to be.

9. Now Family Link is part of every device running Android 10, right in settings under Digital Wellbeing. Parents can use these tools to set digital ground rules like daily screen time limits, device bedtime, time limits on specific apps, and more. They can also review the apps children install on their devices, as well as their usage.

10. Want to be in the zone but not off the grid? Digital Wellbeing now brings you Focus mode. Select the apps you find distracting—such as email or the news—and silence them until you come out of Focus mode. Sign up for the Beta to try it.

There’s lots more in Android 10, including a new enterprise feature that lets you use different keyboards for your personal and work profiles, app timers for specific websites so you can balance your time on the web, new gender-inclusive emoji, and support for direct audio streaming to hearing aid devices.

Android 10 begins rolling out to Pixel phones today, and we’re working with our partners to launch and upgrade devices to Android 10 this year. Learn more at android.com/10.

 

Source :
https://www.blog.google/products/android/android-10/