Saturday, February 9, 2013

Bring Your Own Device/Disaster

Anyone following information security over the past 3 years has heard the nasty four letter acronym of BYOD or Bring Your Own Device. This phenomenon has taken shape as the consumerization of IT has made its way to the enterprise. With tablets and smartphones exploding in popularity over the past couple of years it’s no wonder that employees want to start using the hardware (and the apps that run on them).
Mobile devices

With a growing workforce of college grads that consider these devices an extension of their being, trying to take a smartphone from them would be like cutting off one of their hands. The two major concerns that security pro’s must deal with are:
  • What can we do to protect our data?
  • How do we protect our network against these personal devices?
The first question on “What can we do to protect our data?” is more complicated than one might think. There are many vendors offering MDM (Mobile Device Management) that really like to pull the wool over your eyes and a few that are downright awesome. There are many features within these systems that allow you to do some pretty fancy things, but from a security point of view I’m really worried about my data. For example, when you’re sent an e-mail and you open on your device (tablet/smartphone) where can you forward that data? If someone has files on their smartphone with confidential company data on it, and I leave the company with that phone, can you really be sure that this person didn’t just walk out with your customers’ credit card numbers, sensitive information regarding mergers and acquisitions, competitive intelligence, etc.? Yup, that just happened.

Sensitive company data is walking around in your employee’s pants… unprotected. Is this data encrypted while it’s on your tablet or is it floating around in sites like waiting to be scooped up, stolen, or accidently released into the wrong hands?

Check out the rest of the article here: