jump to navigation

Difficulties of Mobile Security December 14, 2013

Posted by bkrugman in Security.
trackback

Throughout the semester we have looked at a variety of security issues that exist out in the wild.  I think that the article from Ericka Chickowski [1] sheds some light on the fact that no matter what the potential security flaw is, it exists in not only a corporate infrastructure but also a mobile one.  Applying concepts to secure mobile devices against malware, worms, and other malicious code is fast becoming a main focus for businesses rather than a second thought.  As mobile devices become more integrated within corporate culture, with some people using a thin mobile client to perform their daily work rather than sitting in front of a desktop all day, the decisions about what devices should be allowed, who controls the devices and how to manage the devices becomes a larger discussion point.

Like the Chickowski article mentions, if a company is going to embrace mobility through smaller devices they need to look at not only what devices they want to allow, but what type of impact that will put on the current infrastructure.  The assessment of what devices to allow should not be a one-sided decision with the business making the end all be all decision or the Information Technology department making that decision.  The company as a whole needs to decide what they are going to allow and strongly enforce it.  If one person is allowed to use a less secure device then the rest of the company that one person becomes a large target for someone who might have malicious goals.

In my opinion I am not a big fan of the current bring your own device (BYOD) concepts.  This is because by allowing employees to use personal devices to access the corporate infrastructure, the security aspect is partially removed from the business’s hands and put on the employee.  While this is a great concept the largest security flaw in almost every infrastructure is the user.  While they might not purposefully do something malicious, they can often open up security holes that can allow information to flow out or access granted without them actually knowing what is occurring.

Overall, I think that mobility within a company is a good and beneficial path to potentially increase productivity.  However, it needs to start to become a larger focus of companies that are thinking about allowing it.  If they do not put a strong emphasis on ensuring that the corporate infrastructure and data is protected from all forms of security breaches.  The company could end up costing themselves a lot more then the cost of doing things correctly.

References

[1] 10 Best Practices for Mobile Device Security,  Ericka Chickowski, 2/26/2009, [Online] http://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: