Solved

How are you admins addressing the BYOD revolution, security- and administration- wise?

Posted on 2013-11-04
5
324 Views
Last Modified: 2013-11-21
How are you admins addressing the BYOD revolution, security- and administration- wise?

What steps, policies, or software solutions have you put in place to minimize the risk to your organizations?

Note: this relates to non-Blackberry devices, namely iPhones and Droids.
0
Comment
Question by:LB1234
  • 3
5 Comments
 
LVL 91

Expert Comment

by:John Hurst
ID: 39623999
If the devices belong to the user, then you have little control over them. One possibility is to tell the user they must use their own cellular network and not your network.

Your management may overrule you, but the devices still belong to the user and you have no control over them.

.... Thinkpads_User
0
 
LVL 62

Accepted Solution

by:
btan earned 450 total points
ID: 39624174
Basic smartphone mgmt cannot adopt the same old control as in notebk or workstation to prevent the threats and risk as the smart device security robustness has not reach maturity and has become a deterence if overly lock down, hence no business value. The gain on securing is so much lesser compared to flexibility and agility of returns. The key is to strike a balance. The BYOD trend can be better termed as U(use)YOD - primarily the device cannot be managed, the apps cannot be easily trusted, the smart online services cannot be easily verified and user cannot be easily convinced to put security at first thought.

The challenge is to have top mgmt push to have the security mindset and awareness of its criticality and not just from the business angle. We transact securely and interact with trust.

You may want to see NIST recommendation as kickstart. Always good to see how the public adopt it as thety faced bigger challenge compared to industry. Also the Aus DSD is another good place to check out. Did know the US DoD has allowed smartphone but the recent spate of "listening" has gotten the public govt to hold back allow (even to reject phone in meeting and jam it...).

http://www.nist.gov/itl/csd/mobile-071112.cfm
http://www.asd.gov.au/publications/csocprotect/byod_considerations_for_execs.htm
http://www.informationweek.com/government/mobile/apple-ios-6-wins-dod-approval/240155244

Blackberry has its challenge when it engaged the middle east due to their hosted server in the middle of the device secure transaction. Too secure and to sieve into it make it tougher for the defender but good for the perpetrator.

IPhone gain traction for DSD and DISA (for DOD) as you can see hardening guides for IOS 6 (if I recall it correctly). Having said that, BlackBerrys and Samsung Galaxy devices also received the Pentagon's nod of approval.

Simply I see MRM (risk),  MDM (device), MAM (apps) and the use policy will make good starter to create your unique enterprise strategy to adopt mobile trends. But top mgmt support is critical so get the buy in and be careful not to put guard down to the leaking to cloud service, loss of privacy and identity theft aspects - these are hidden fear that user thought they are alright - but when it happened, the abandon mindset can set in hard..

just few cents thought..
0
 
LVL 14

Assisted Solution

by:Geisrud
Geisrud earned 50 total points
ID: 39643147
My org doesn't allow BYOD for legal reasons, but we use a 3rd party solution to manage issued mobile devices.  These typically allow you to specify policies such as lock-code, push other things such as WiFi config, apps, etc.  Also, these usually support multiple platforms.
0
 
LVL 62

Expert Comment

by:btan
ID: 39643247
Actually even development codes by original for mobile apps need to be stand guarded by admin as it is part of the push out package to end user, close working with development and it services team. See this interesting summary

http://www.veracode.com/blog/2013/08/developers-guide-to-building-secure-mobile-applications-infographic/
0
 
LVL 62

Expert Comment

by:btan
ID: 39643248
Actually even development codes by original for mobile apps need to be stand guarded by admin as it is part of the push out package to end user, close working with development and it services team. See this interesting summary

http://www.veracode.com/blog/2013/08/developers-guide-to-building-secure-mobile-applications-infographic/
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your app took Google’s lash recently, here are the 5 most likely reasons.
Note: This is the third blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   We’ve been talki…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now