BYOD and Your Security Part II

Panseh Tsewole continues his discussion on BYOD . BYOD is a security challenge for most enterprises . Panseh discusses the benefits and challenges of having a BYOD program ,

Traditionally , the enterprise IT infrastructure team is used to manage all the OS in an enterprise . However, with the advent of BYOD , heterogeneous systems are introduced into the network . We know different mobile operating systems support different ways to manage device and application security . On Android , if we need to install an application we would have to give either all the permission to the list or cancel the install. Apple IOS based devices are different . We can choose not to give permission to a specific service and still install the application . The level of security can also be compromised if the device is jail broken and allows installation of applications from unrecognized application sources .

Mobile access to enterprise brings in its fold additional threats and vulnerabilities. These are three fold : the mobile devices , carriers and enterprise data centers . At the mobile device level , there are OS related vulnerabilities , data at rest vulnerabilities , mobile malware and device theft . Many OS vulnerabilities have led to the compromise of mobile devices . Android OS has been a target for malware writers and hackers for some time now and enterprises still do not prefer Android for the enterprise.

Some applications might store user credentials to applications such as Facebook locally on mobile device. Theft or unauthorized access can lead someone to steal that data . Data at rest vulnerability should be addressed by the application preferably through encryption.