6 Reasons Why BYOD Security Will Become Essential

https://i1.wp.com/i1-news.softpedia-static.com/images/news2/Mobile-Security-Services-Against-Malware-2.jpgEvery customer and prospect I have talked to over the past year either already is embracing BYOD (bring your own device) for mobile phones and tablets, or plans to do so in the very near future.

It is no longer a matter of if they will but more when they will allow employees to use their own mobile devices in the workplace. BYOD provides great convenience to employees, allows IT departments to not have to worry about the expense associated with buying devices and shoulder the burden of managing them as well.

BYOD, however, comes with its own security implications and consequences. Companies need to protect corporate data that resides on these devices by preventing leakage from the device to external sources. To protect corporate data and be sensitive about personal data on employees’ devices, companies are increasingly turning to mobile device management solutions that offer containerization to encapsulate their corporate presence on these devices. This includes encrypting the data on the devices, encrypting data that is in transit and providing secure channels for communication between the apps resident in the container to corporate back-end servers.

Unfortunately, what happens on the personal side of the device can lead to a number of security concerns that will put the focus squarely back on the entire device, resulting in a need for increased visibility and vigilance outside of the container.

Here are six vectors for advanced attacks and data leakage. The results of these will determine why device security will be a focus for sec ops teams in BYOD environments:

  1. Apps installed on the devices—Users have the liberty to download apps and other software (such as custom ROMs) and run them on their devices. Many of these downloads come from stores or sources that are not trustworthy and can contain malware.
  2. Vulnerabilities in operating systems, native SDKs and frameworks such as webkit that are used to build mobile apps—Every version of Android and iOS and their respective SDKs have a known set of vulnerabilities. Older versions, if not patched in a timely manner, can be exploited, which leads to advanced attacks.
  3. Phishing and Smishing (phishing using text messages)—These are increasingly becoming the easiest and most popular mechanisms for attacks on mobile devices.
  4. Network-based attacks—Use of Wi-Fi hotspots available at almost all public locations leads to the sniffing of sensitive data, man-in-the-middle attacks and installation of malware.
  5. USB tether—Mobile devices typically get connected to multiple computers. We connect our devices to one or more computers at home or to a friend or colleague’s, sometimes just for quick charge. Each of these is a potential avenue for compromise via the USB tether if the host computer was already compromised.
  6. Apps that store your personal and corporate data—Even trusted publishers sometimes store user data in their cloud services, which can lead to the exfiltration of corporate IP.

These and other attacks can lead to the transfer of corporate data to third-party assets in the cloud or the compromise of the mobile device including rooting of the device; control of the camera, microphone or other sensors; recording of user credentials using key loggers; or access to data stored in memory caches or on disk for exfiltration to outside servers.

If the concerns voiced by security personnel is any indication, we are one high-profile advanced attack involving a compromised BYOD device away from total device visibility and security becoming a requirement in BYOD environments.

via 6 Reasons Why BYOD Security Will Become Essential | Bit9 Blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: