Tag Archives: mozy security

Security Updates in the New Mozy App

Mozy Mobile App 1.4Mozy just keeps making it better and better to access and use your data from mobile devices. This week we launch version 1.4 of Mozy’s app for both Android and iOS devices (iPhone, iPad and iPod touch).

Each time we update the Mozy app, I update the Mozy blog to tell you what’s new. The list is too long for a single post, so today we’re going to look at how we have further tightened security in the Mozy app.

The convenience of having all your Mozy-protected files at your fingertips is enormous. But mobile devices frequently get misplaced, lost or stolen. Mozy app v1.4 introduces the following new security measures to ensure your privacy in such situations:

  • Token-based Authorization - The Mozy app has switched to using an access token instead of your password. Although previous versions always used strong encryption to store the password, this new token-based system keeps the Mozy app from storing your password at all. That sets the stage for the next (and frequently requested) security feature…
  • Remote De-authorization - If your mobile device goes missing, gets stolen, or you’re just not sure where you put it, you can just go to your account page and select expire mobile access. When you do, it stops all access from the mobile app until you log in again, but your computers running Mozy online backup or Stash continue to work without disruption. (In other words, it expires just the app’s current token–it doesn’t change your password.)
  • Automatic De-authorization - As in previous versions of the app, if you choose to protect the app with a passcode (PIN), the app will automatically log out after 5 incorrect PIN attempts. The difference now is that instead of forgetting your password, the app now forgets its access token. (This also happens if you choose to log out manually from the app.)
  • Automatic Data Wipe - When you remotely de-authorize the app from your account, the app now removes any locally-stored data when launched. This includes: files you have marked as favorite on iOS, files downloaded to SD storage on Android, and even any usernames that the login screen had previously remembered.
  • Local File Encryption - If you use a personal key to encrypt your Mozy data, the Mozy app will now keep any downloaded files encrypted on local storage. It decrypts them when you share by email or send a file to another app.

In my next post, we’ll look at features that make the Mozy app even better for accessing and using your data while on the go.

If you have questions or comments about the items described above, please post a reply.

Until next time, be safe,

–Ted

Ted Haeger
Mozy Product Management

The Mozy Cloud Security Team

Learn more about our Cloud Security Team here at Mozy, a major part of our efforts to keep your data safe and secure.

Q: Can you tell me about the Mozy Cloud Security team?

A: The Cloud Security team at Mozy consists of 5 members with a combined 75 years of information security experience. We have a lot of fun at Mozy, but when it comes to securing our customers’ data, we’re dead serious. We hold ourselves to the highest standards in providing the safest, most reliable online backup service on the planet. The team is comprised of security experts from a variety of information security backgrounds with the common goal of keeping our customer data secure. This goal has been a driving force behind building Mozy’s Cloud Security program to where it is today.

Q: What is the role of the Cloud Security team at Mozy? 

A: It’s our job to ensure security of our customers’ data. As technology and threat vectors continue to change and evolve, so must the team. The Mozy Security team provides training, thought leadership and consulting to the rest of the organization. We’re constantly making incremental changes to improve the security footprint.

Q:  What audits, certifications, or other security measures has Mozy achieved?

A: Mozy applies a risk-based methodology to its Security program. A SOC 1 SSAE 16 Type II audit (formerly called a SAS 70 Type II audit) is performed on an annual basis as well as surveillance audits between ISO 27001 certifications. We’re proud of the fact that Mozy is the first online backup vendor to achieve ISO 27001 certification.

Q: Can we expect future blog posts from the Mozy Cloud Security team?

A: Definitely!

For more information about Mozy’s security, click here.