Solved

How are you admins addressing the BYOD revolution, security- and administration- wise?

Posted on 2013-11-04
5
339 Views
Last Modified: 2013-11-21
How are you admins addressing the BYOD revolution, security- and administration- wise?

What steps, policies, or software solutions have you put in place to minimize the risk to your organizations?

Note: this relates to non-Blackberry devices, namely iPhones and Droids.
0
Comment
Question by:LB1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 96

Expert Comment

by:Experienced Member
ID: 39623999
If the devices belong to the user, then you have little control over them. One possibility is to tell the user they must use their own cellular network and not your network.

Your management may overrule you, but the devices still belong to the user and you have no control over them.

.... Thinkpads_User
0
 
LVL 64

Accepted Solution

by:
btan earned 450 total points
ID: 39624174
Basic smartphone mgmt cannot adopt the same old control as in notebk or workstation to prevent the threats and risk as the smart device security robustness has not reach maturity and has become a deterence if overly lock down, hence no business value. The gain on securing is so much lesser compared to flexibility and agility of returns. The key is to strike a balance. The BYOD trend can be better termed as U(use)YOD - primarily the device cannot be managed, the apps cannot be easily trusted, the smart online services cannot be easily verified and user cannot be easily convinced to put security at first thought.

The challenge is to have top mgmt push to have the security mindset and awareness of its criticality and not just from the business angle. We transact securely and interact with trust.

You may want to see NIST recommendation as kickstart. Always good to see how the public adopt it as thety faced bigger challenge compared to industry. Also the Aus DSD is another good place to check out. Did know the US DoD has allowed smartphone but the recent spate of "listening" has gotten the public govt to hold back allow (even to reject phone in meeting and jam it...).

http://www.nist.gov/itl/csd/mobile-071112.cfm
http://www.asd.gov.au/publications/csocprotect/byod_considerations_for_execs.htm
http://www.informationweek.com/government/mobile/apple-ios-6-wins-dod-approval/240155244

Blackberry has its challenge when it engaged the middle east due to their hosted server in the middle of the device secure transaction. Too secure and to sieve into it make it tougher for the defender but good for the perpetrator.

IPhone gain traction for DSD and DISA (for DOD) as you can see hardening guides for IOS 6 (if I recall it correctly). Having said that, BlackBerrys and Samsung Galaxy devices also received the Pentagon's nod of approval.

Simply I see MRM (risk),  MDM (device), MAM (apps) and the use policy will make good starter to create your unique enterprise strategy to adopt mobile trends. But top mgmt support is critical so get the buy in and be careful not to put guard down to the leaking to cloud service, loss of privacy and identity theft aspects - these are hidden fear that user thought they are alright - but when it happened, the abandon mindset can set in hard..

just few cents thought..
0
 
LVL 14

Assisted Solution

by:Geisrud
Geisrud earned 50 total points
ID: 39643147
My org doesn't allow BYOD for legal reasons, but we use a 3rd party solution to manage issued mobile devices.  These typically allow you to specify policies such as lock-code, push other things such as WiFi config, apps, etc.  Also, these usually support multiple platforms.
0
 
LVL 64

Expert Comment

by:btan
ID: 39643247
Actually even development codes by original for mobile apps need to be stand guarded by admin as it is part of the push out package to end user, close working with development and it services team. See this interesting summary

http://www.veracode.com/blog/2013/08/developers-guide-to-building-secure-mobile-applications-infographic/
0
 
LVL 64

Expert Comment

by:btan
ID: 39643248
Actually even development codes by original for mobile apps need to be stand guarded by admin as it is part of the push out package to end user, close working with development and it services team. See this interesting summary

http://www.veracode.com/blog/2013/08/developers-guide-to-building-secure-mobile-applications-infographic/
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question