By Michael Pratt, SpydrSafe’s CEO
May 23, 2013

Too many years ago now, I had the most unusual professor teaching my freshman marketing course.

He was unusual, not simply because students could pose a silly question to him at the start of the class and he would talk about it for the duration of the class, thus avoiding any possibility that he would actually lecture on the course topic or spring a pop quiz. He also had a very unusual way of solving problems.

One Friday about midway through the school term, he spoke to the class about a problem with which he was ‘struggling’. He told us that he owned a large farm in eastern North Carolina, and on this farm he had a pond (e, i, e, i, o) teeming with large-mouth bass. Notwithstanding the fact that he didn’t fish, nor did he have any family members who fished, nor friends who fished, he erected a fence to prevent people from fishing and posted “NO FISHING” signs in prominent view all around the pond perimeter.

Despite his best efforts, however, each time he went to the farm and visited the pond, the “NO FISHING” signs were gone and there were people happily pulling large-mouth bass out of his pond. He would shoo them away, of course, (the people, not the fish) and put up new “NO FISHING” signs. This went on for months, and the silly question “Have you solved the problem of people fishing in your pond” became one of the most popular ones used each Friday to divert his attention from teaching the class  or giving pop tests. Until one Friday, when he announced “Class, I have solved the problem of people fishing in my pond . . . I poisoned the fish”.

An effective approach? Most definitely! Draconian? Uh, yeah. Optimal and forward-thinking? Hardly.

At this point, you might be thinking, why are you recounting this true (hand-over-my-heart), yet discomforting, story?

Simple, really . . because as the CEO of a company that operates in the security industry – more specifically, mobile security for the enterprise – when I see what competitors are doing to address the issues of enterprise mobile security, I can only think “They’re poisoning the fish”. They are taking the “traditional”, draconian approach to mobile security – lock up, lock down, tightly wrap, brick the phone, deny access, bury it in a sandbox, put stuff in a container and don’t let it out! What I call the “I poisoned the fish” approach.

So, rather than ask me “why are you telling me this”, you should be asking “why is this the case”.

It’s because the “fish poisoners” (who will remain nameless but their initials are MDM), are selling legacy solutions, originally built to configure, manage and support devices and were never intended to provide control over the mobile apps or data on those devices. Information Week said it best in their October 2012 article 40 BYOD vendors, One Confusing Market - ”Vendors hate being told that (their) marquee product is not a great match for customer needs. But that’s the reality today in the growing mobile device management market, as IT teams try to use software meant for managing mobile devices to secure the data on those systems”.  The article went so far as to accuse MDM vendors of “slapping new names on existing products, without adding a whit of new functionality as they scramble for advantage in the market”. I see evidence of this regularly as I chat with customer prospects about what we do versus MDM vendors – a state of confusion that the MDM players happily promote in their marketing collateral.  Dumb ole fish poisoners!

But, enough about them. SpydrSafe has created a unique approach to the problem of protecting sensitive enterprise data on smart phones and tablets  - an approach architected using a clean sheet of paper (actually a white board), one we thought very long and very hard about before we wrote a single line of code, and one that was “purpose-built“ for mobile security. We manage how mobile apps access, use and share data on Android and iOS smartphones and tablets. We are the only company in the market that can manage any app, but use a finely-crafted, granular approach to security that addresses ONLY those apps that are important (as defined by the enterprise security manager) – the ones that enterprise IT care about, the ones that obtain access to their sensitive data.

Thinking back on the time I spent in marketing class with my most unusual professor, I can’t help but believe he would be proud to know that not only did I learn a bit about marketing, despite my and his best efforts to the contrary, but I was also able to make a present  day connection of his “I poisoned the fish” problem-solving methods to the goings on in my market. Hmmm . . . I wonder if there’s a way for me to do the same with his often told anecdotes about his “two-ton limousine” – but, that’s another story completely.

Take a look at what we’re doing at SpydrSafe . . . we’re Mobile Security for the Enterprise . . . I promise we won’t poison the fish.

To check out other blogs by our CEO, visit Adultsupervisionguy

Kevin Sapp, SpydrSafe’s CTO, will be a speaker at the Cybersecurity Innovation Forum on April 18th.

Cybersecurity Innovation Forum
Thursday, April 18th, 2013 7:00 p.m. – 9:00 p.m.
Research Hall, Room 163
George Mason University

7:00  p.m.  Welcome
J.P. Auffret, Ph.D., Director, M.S. in Management of Secure Information Systems Program

George Mason University
7:10 – 7: 30 p.m.
Chet Hosmer, Chief Scientist and Senior Vice President, WetStone Technologies

7:35 – 7:55 p.m.
Angelos Stavrou, PhD, Associate Professor in the Computer Science Department and Associate Director of the Center for Secure Information Systems, George Mason University

8:00 – 8:20 p.m.
Kevin Sapp, CTO, SpydrSafe Mobile Security, Inc. 

8:25 – 8:45 p.m.
Kevin Yin, CEO, SitScape

8:45 – 9:00 p.m.
Discussion and Closing

Launched in 1997, MindShare handpicks 50 to 60 CEOs every year from the area’s hottest emerging growth companies to come together in a private, intimate setting. Its mission is to help CEOs build long-term, sustainable companies by creating opportunities for growth, building a sense of community, and fostering teamwork in a collegial environment.

The class will hear from notable speakers, enjoy old-fashioned networking, and discuss critical topics for building a business at the CEO level. More than 660 CEOs have graduated from MindShare, creating a deep and valuable alumni network.

Over the past 16 years, some of the region’s most successful CEOs have become a part the ever-growing MindShare Alumni Network , including Joe Payne of Eloqua (2012 IPO and acquired by Oracle for $871M); Tim O’Shaughnessy of LivingSocial (raised over $180M in 2010); Reggie Aggarwal of Cvent (raised $136M in one of the largest Series A rounds on record in 2011); Rick Rudman of Vocus (2005 IPO); Hemant Kanakia of Torrent Networking Technologies (acquired by Ericsson for $450M); and Phillip Merrick of webMethods (the most successful first day software IPO ever).

MindShare is run by co-chairs Harry Glazer, Founder and CEO of the World Series of Start-Ups: the creator, director and co-producer of Sprockit; April Young of Hercules Technology Growth Capital, Inc. (NYSE: HTGC); and Gene Riechers of EverFi. The executive committee includes Steve Balistreri of Deloitte & Touche, LLP, and Michael Lincoln of Cooley, LLP. MindShare is also supported by a board of industry veterans who are committed to building a strong ecosystem for success.

About SpydrSafe

SpydrSafe Mobile Security has designed the first-of-its-kind Mobile App Control and Security platform that controls how mobile apps access, use and share corporate data on smartphones and tablets. It is the only solution that provides enterprise IT uniform and fine-grained policy control over any mobile app, whether pre-loaded, downloaded from commercial app stores, or developed in-house. SpydrSafe was founded in 2011 by two seasoned professionals with more than 13 years of combined experience in mobile security. The Company is headquartered in McLean, Virginia.

To learn more, visit www.spydrsafe.com and follow them on Twitter: @SpydrSafe.

 About MindShare

Founded in 1997, MindShare’s mission is to help CEOs from the most promising high tech emerging growth companies in the Greater Washington Metropolitan region build long-term, sustainable companies by providing mentorship, creating business opportunities and a sense of community, and fostering teamwork in a collegial environment.  Year after year, the CEOs who graduate from MindShare reaffirm its enduring value through continued business opportunities and lasting friendships.

What’s in this version:
- No longer register as a device administrator during installation
- Several minor UI improvements

Description:
SpydrSafe Mobile DLP™ protects apps and data on your Android smartphone or tablet.

BASIC FEATURES:
• Secure any app – pre-loaded, downloaded from commercial app stores, or developed in-house by your IT department
• Passcode protection for individual apps
• Ad free – clean, simple interface with no annoying ads
• Secure Storage – encrypt sensitive files and store them securely on your SD card.
• Automatically protects device settings to prevent unauthorized users from bypassing security controls.
• Light-weight, low resource utilization—won’t drain your battery
• Compatible with Android 2.2 through 4.x

ADVANCED ENTERPRISE FEATURES*:
(*requires enterprise enrollment)

• SaaS Security Management – Policies, Reporting, Analytics
• App blacklisting: block access to unauthorized apps
• App whitelisting: allow only protected apps to run
• Restrict sharing of data from a protected app, or…
• Require passcode authorization to share data from a protected app
• Restrict cut, copy, and paste of sensitive enterprise data to a non-protected app
• Factory reset after a specified number of failed passcode attempts
• Over-the-air factory reset

If you are an enterprise IT professional looking for a way to secure smartphones and tablets in your organization, you need SpydrSafe Mobile DLP™. SpydrSafe Mobile DLP™ prevents the loss of enterprise data due to the intentional or inadvertent misuse of mobile apps deployed on smartphones and tablets. The solution addresses the issues created by BYOD (bring your own device to work) by providing enterprise IT departments with the tools necessary to safeguard sensitive enterprise data accessed and used by mobile apps. SpydrSafe Mobile DLP™ incorporates device side app security, cloud-based policy and user management, and comprehensive reporting and analytics.

Samsung Electronics has approved SpydrSafe Mobile Security, Inc. as a Silver partner in the Samsung Enterprise Alliance Program. SpydrSafe is pleased to have this opportunity to work with Samsung to develop and market B2B solutions/services on Samsung mobile devices.

What’s in this version:
- Simplified navigation scheme
- Better separation between personal and enterprise settings
- Display whitelist option in enterprise policy summary
- Improved data sharing control to allow sharing from protected app to protected app (if data sharing is restricted)
- Fixed bug related to push notifications
- Fixed bug related to tablet enrollment

Description:
SpydrSafe Mobile DLP™ protects apps and data on your Android smartphone or tablet.

BASIC FEATURES:
• Secure any app – pre-loaded, downloaded from commercial app stores, or developed in-house by your IT department
• Passcode protection for individual apps
• Ad free – clean, simple interface with no annoying ads
• Secure Storage – encrypt sensitive files and store them securely on your SD card.
• Automatically protects device settings to prevent unauthorized users from bypassing security controls.
• Light-weight, low resource utilization—won’t drain your battery
• Compatible with Android 2.2 through 4.x

ADVANCED ENTERPRISE FEATURES*:
(*requires enterprise enrollment)

• SaaS Security Management – Policies, Reporting, Analytics
• App blacklisting: block access to unauthorized apps
• App whitelisting: allow only protected apps to run
• Restrict sharing of data from a protected app, or…
• Require passcode authorization to share data from a protected app
• Restrict cut, copy, and paste of sensitive enterprise data to a non-protected app
• Factory reset after a specified number of failed passcode attempts
• Over-the-air factory reset

If you are an enterprise IT professional looking for a way to secure smartphones and tablets in your organization, you need SpydrSafe Mobile DLP™. SpydrSafe Mobile DLP™ prevents the loss of enterprise data due to the intentional or inadvertent misuse of mobile apps deployed on smartphones and tablets. The solution addresses the issues created by BYOD (bring your own device to work) by providing enterprise IT departments with the tools necessary to safeguard sensitive enterprise data accessed and used by mobile apps. SpydrSafe Mobile DLP™ incorporates device side app security, cloud-based policy and user management, and comprehensive reporting and analytics.

“As more and more enterprises allow smartphones and tablets to access sensitive corporate data, enterprise IT departments may now confidently add iPhone™ or iPad™ to their list of approved devices with SpydrSafe Mobile DLP for iOS™,” said Kevin Sapp, SpydrSafe CTO. “Moreover, our unique app whitelisting or app blacklisting features provide IT administrators with a high degree of data security flexibility depending on specific use cases not possible with competing solutions”, said Sapp.

“Supporting iOS smartphones and tablets marks a major milestone in the progress of SpydrSafe,” said Michael Pratt, SpydrSafe’s CEO. “We now support both the Android and iOS operating systems, the two dominant OS’s in use in the enterprise. As other OS’s gain market acceptance and share, we intend to fully support them as well” Pratt said.

For more information on Mobile DLP™ for iOS, contact sales@SpydrSafe.com.

For media inquiries, please contact Ayse Anil at info@SpydrSafe.com

About SpydrSafe

SpydrSafe Mobile Security has designed the first-of-its-kind Mobile App Control and Security platform that controls how mobile apps access, use and share corporate data on smartphones and tablets. It is the only solution that provides enterprise IT uniform and fine-grained policy control over any mobile app, whether pre-loaded, downloaded from commercial app stores, or developed in-house. SpydrSafe was founded in 2011 by two seasoned professionals with more than 13 years of combined experience in mobile security. The Company is headquartered in McLean, Virginia.

To learn more, visit www.spydrsafe.com and follow them on Twitter: @SpydrSafe.

Reston, VA
March 13, 2013

Leading Mobile Application Management (MAM) solution provider App47 has teamed with mobile security experts SpydrSafe Mobile Security, Inc. to add secure control to data exchange between enterprise mobile apps – a critical component of the MAM lifecycle. With security becoming paramount as organizations embrace mobility and contend with the realities of Bring Your Own Device (BYOD) and Corporate Owned Personally Enabled (COPE), the partnership is giving App47’s already sought-after MAM solution a level of security capabilities that far surpass existing Enterprise Mobility Management (EMM) solutions in the market today.

To read more, visit PRWEB.

By Michael Pratt, SpydrSafe’s CEO
March 12, 2013

Take My Wife . . . Please! Okay, so it’s an old joke. And, I’d venture that many of you reading this may not understand my reference to Henny Youngman, dubbed “the king of the one-liner” by Walter Winchell. In fact, my own CTO admitted that he had to google the phrase to understand it. But, I digress.

So, why did I pull this out of the “old joke archive” to introduce a blog about the legal aspects of BYOD? It simple, really. It’s because in the world of BYOD, there is a lot of FUD being spread around about what enterprise IT can or will do with your personal data, all in the interest, of course, of selling you software that protects you from this problem . . . oh, wait, um protecting your privacy and making sure you don’t lose that photo of Sally’s last lacrosse goal or that video of Johnny’s recent piano recital. So, I’ve stepped back up on my soapbox to say, “stop with the FUD about how your personal data is going to be “owned” by your employer and let’s talk about an aspect of BYOD that doesn’t get enough attention – legal liability.

Before I go any further, my legal advisor (aka, me) requires that I provide the following disclaimer “I am not a lawyer and my comments are NOT intended to give legal advice or to replace the advice of your legal counsel”. That said, here are some thoughts on the legal aspects of BYOD.

To begin, BYOD is here already and it’s here to stay – whether you want to admit it or not. So, if you’re a corporate IT/security professional and you’re not proactively dealing with employee-owned devices as part of your day-to-day responsibilities, you’re needlessly exposing your company to increased risks with legal ramifications.

Don’t believe me?

Following is a partial list of Federal laws and regulations which directly impact BYOD – The Health Information Portability & Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), Graham-Leach-Bilely Act (GLBA), North American Electric Reliability Corporation and the Federal Energy Regulation Commission. A number of state enacted laws and regulations have similar requirements.

So, what’s a corporate IT security professional to do? Well, there are a number of things:

1. Set policies and standards around what comprise acceptable devices, networks and service plans, how to configure and enroll acceptable devices, and the support parameters. This should happen BEFORE allowing BYOD to the extent possible (or, you may find yourself with the same problem IBM had a few months ago when, after they OK’d BYOD, subsequently discovered that 100,000 employees were using DropBox to store company data).
2. Define security standards such as the minimum security required to access corporate networks, authentication parameters, how to deal with (and report) lost passwords and lost devices and what to do when an employee leaves the company.
3. Define privacy standards. Specifically, make it clear that, by policy, corporate data (what’s important to corporate IT) is segregated from personal data.
4. Monitor compliance with established policies and standards.

BYOD does not have to expose the corporation to unacceptable risks if corporate IT/security administrators take straight-forward actions to minimize them. These actions include, among other things, an assessment of how BYOD users will use their devices and identifying the possible risks associated the individual use cases; implementing security policies, keeping them up-to-date, and making employees aware of such policies; using easy to comply with and easy to administer security technologies; and monitoring compliance with policies with appropriate remedial actions taken when non-compliance is discovered.

Oh, and just to re-emphasize my early premise. I don’t want to see the photos of your family vacation, videos of your kids doing the Harlem shake or, God forbid, “cute” pictures of your cat. Your enterprise IT security professional doesn’t want to either.

To check out other blogs by our CEO, visit Adultsupervisionguy