Playing catch-up to the BYOD security threats


Playing catch-up to the BYOD security threats

The debate about how to offer security and allow employees to bring their own devices is a live one causing plenty of head scratching as Ryan Farmer, Senior Resourcer, Acumin Consulting, finds out.

At the RANT Forum (Acumin's monthly information security networking event), attendees often complain that they are playing catch up to cybercriminals.

It is in fact the hackers that define the market; they are at the cutting edge as they try to find vulnerabilities, attack vectors, and exploit the weaknesses in security that will allow them to break into a network.

It is difficult enough for the CISO and Information Security Manager to ensure that they are recognising and mitigating the appropriate risks, let alone trying to factor in emerging threats such as zero days and second guessing the nature of the next generation of hack attempts.

This idea of playing catch up in IT security also extends into new technology areas. The corporate line often requires some maturity before the widespread implementation of these new products but this has not necessarily been the case with smartphones. By smartphones I refer here not to the old school PDA-type devices we enjoyed at the turn of the millennium but the combating trinity of iPhone, Android and Blackberry.

There must be few technologies that have been so rapidly integrated into a corporate environment or so driven by users. While early adopters spent hours going blue in the face trying to explain why gadgets like the Psion Series 3 were the 'next big thing', with the emergence of shiny and gimmicky apps, the 'Wow factor' of the modern smartphone has spread like wildfire and has been adopted by almost everyone.

So, when the CEO knocks on the door of the information security team, it is a brave IT Security Manager who will lean out from behind the firewall cluster and inform them that the proper security controls haven't been developed and implemented yet to let the boss' new toy run riot on the network. So what do you do?

The information security industry, both in terms of vendors and internal security, is looking to develop protective measures for what is essentially a pocket computer, but with such rapid technical innovation in terms of hardware and software it is difficult to keep abreast of emerging threats and how to counteract them.

Android stands as more of a challenge than the iPhone here - its users are typically more technical and are allowed greater freedom by the OS to chop and change. This means that control becomes difficult, especially with the wide number of devices and various incarnations of the operating system.  The iPhone with its proprietary nature is an easier beast to tame.

To find out more about the threat landscape on Android, as well as some of the potential vulnerabilities and counter actions you can take as both a personal and business user, take a look at the Acumin white paper on Android Security

This was first published in November 2011

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.