Skip to main content

BYOD Security – A Huge Pain for Companies


Today, the cyberpower in the pockets of private individuals far surpasses that of entire corporations a generation ago. But today’s workers don’t just use that power to check out their friends on Facebook. Naturally, they also use it to access confidential company data.
Network administrators deal with this high-risk factor by either enforcing strict control over all hardware equipment or by setting up software solutions and restrictions. The second option is most coming, allowing employees to use their personal devices in the company’s interest.
The pros and cons of bringing your own devices (BYOD) to work can cause massive headaches to system administrators as it takes elite management systems and security measures to keep all sensitive data away from possibly corrupted devices.

Companies with high tolerance for BYOD often use virtual machines, virtual app integration, web servers, and even virtual desktops so all access to sensitive data can be filtered, monitored and highly secure.
These implementations are not always successful and mid-level companies don’t have the financial resources for this type of infrastructure. We’ve all heard of company data breaches and security vulnerabilities exploited to illegally access sensitive corporate information. In most cases this was the result of a compromised device that managed to sneak into a company’s network through carelessness.
Financial losses caused by poorly implemented security measures can range in the millions and accountability is tossed around. Small and mid-level companies often embrace the idea that employees should bring their own devices because it will cut maintenance costs and increase productivity while everyone can be available 24/7. However, disaster strikes when an infected device is granted remote access to file servers or other vital systems.
With companies strongly embracing the BYOD policy, too few security measures are in place to ensure critical data is only accessed through safe terminals and networks. Tokens, certificates, and passwords are susceptible to attack if the right set of tools is used, especially if it’s an infected device plugged into the company network.
Companies are faced with the lack of secure system that not only detects all types of devices, but also identifies their security clearance. Managing BYOD is like catching a bullet in your teeth. The implementation of an efficient and self-guided system designed to detect low-risk systems and high-risk system still eludes us, but we can take comfort in the fact that VPNs, closed-circuit networks and aggressive antivirus solutions are somewhat effective, if updated and managed properly.

A system based on the “red/green paradigm” could be reliable, but no one has been able to implement such a scenario. System administrators could tag with green low-risk devices while red should be for high-risk devices, while keeping both systems logically or physically separated.
The number one threat that all BYOD devices are exposed too is the lack of control over software. Smartphones, for instance, have the most fragmented operating systems yet, thus the chances of having an exploit for an unpatched version are extremely high. A company’s inability to identify and secure a connection with a more recent/old version of a mobile OS paves the way for data breaches.
Handhelds and smartphones equipped with IPV6 support provide an extra security measure, but the fact that you can’t set up a VPN connection to your workplace is still a major shortcoming. With companies investing too much in security and too little in employee training and awareness, security breaches are inevitable.

Comments

Popular posts from this blog

CIA Triad for- Base of Information security

The essential security principles of confidentiality, integrity, and availability are often  referred to as the  CIA Triad. All security controls must address these principles. These three  security principles serve as common threads throughout the CISSP CBK. Each domain  addresses these principles in unique ways, so it is important to understand them both in  general terms and within each specific domain: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their veracity and are intentionally modified by  authorized subjects only. Availability is the principle that authorized subjects are granted timely access to objects  with sufficient bandwidth to perform the desired interaction. Different security mechanisms address these three principles in different ways and offer varying  degrees of support or application of these principl...

List of Company Slogans

·          3M : "Innovation" ·          Agere Systems : "How Communication Happens" ·          Agilent : "Dreams Made Real" ·          Airbus : "Setting the Standards" ·          Amazon.com : "…and You're Done" ·          AMX : "It's Your World. Take Control" ·          Anritsu : "Discover What's Possible ·          AT&T : "Your World. Delivered" ·          ATG Design Services : "Circuit Design for the RF Impaired" ·          ATI Technologies : "Get In the Game" ·          BAE Systems : "Innovatin...

My Article :- હેકર બનવું છે? કઈ રીતે?

મારી ૨ વર્ષ ની કારકિર્દી માં મને કેટલાય  લોકોએ, ખાસ કરીને કોલેજ ના વિદ્યાર્થીઓએ ઘણી વાર પૂછ્યું છે કે "મારે હેકર બનવું છે. તો હું શું કરું? " અને મારા બ્લોગ્સ માં પણ પૂછવામાં આવે છે કે એક સારો હેકર કઈ રીતે બની શકાય? એવું હું શું કરું અથવા તો મારા માં કઈ લાયકત હોવી જોઈએ એક હેકર બનવા માટે? આ પ્રશ્ન નો સંતોષકારક જવાબ આપવા માટે મેં internet પર શોધખોળ કર્યા પછી મને જે કઈ માહિતી મળી તેને હું આજે અહી રજુ કરું છું. મિત્રો, સૌપ્રથમ હેકર કઈ રીતે બનવું એ જાણવા પહેલા એ જાણવું જરૂરી છે કે ખરેખર હેકિંગ શું છે ? અને હેકર કોને કહેવાય. હેકિંગ ની સીધી અને સરળ વ્યાખ્યા નીચે મુજબ છે.  "તમારા કમ્પ્યુટર,નેટવર્ક(ઈન્ટરનેટ કે LAN દ્વારા) કે કોઈ ડીવાઈસ માં (ફોન, ટેબ્લેટ) માં કરવામાં આવતા ગેરકાયદેસર પ્રવેશ અને ઉપયોગ એ હેકિંગ કહેવાય છે."અને હેકિંગ કરતા લોકોને હેકર કહેવાય છે. હવે તમને થશે કે આવું શું કામ કરવું જોઈએ? આ તો ક્રાઈમ છે. તો તમને જણાવી દઉં કે હેકર મુખ્યત્વે ૨ પ્રકારના હોય છે.    વાઈટ હેટ હેકર્સ (એથીકલ હેકર્સ) : ધારો કે તમે તમારો ફેસબુક નો પાસવર્ડ ભૂલી ગયા(ખરેખર ના ભૂલતા ક્યારેય..)કે ત...