Risks of BYOD
Posted on: 20-Aug-2012Author: cmk
A BYOD article that I was reading on the net started “BYOD is becoming a rule rather than an exception.” That set me thinking. Really? How many of the large corporates that I have worked with allow BYOD? Surprisingly (or unsurprisingly, if you wish) None. I looked at the article again. It is written by a company that sold MDM (Mobile Device Management) software. Now, I am sure the article was written in good faith by honest and unbiased people, but I want to explore a bit more. As you can see, I am not exactly the biggest supporter for BYOD. However, as a security professional, I do understand the pressures faced, especially from top management. So, I tried to look practically at this entire BYOD conundrum to see if I could clear the smoke a bit. The key point I want to focus on are the risks in BYOD (You can take the consultant out of consulting, but you cannot take the consulting out of the consultant) and the organization can decide for itself.
- Theft/Loss of device - The first problem that comes to mind.
- What if the user has downloaded organization’s critical data on his phone?
- What if he has set the device to ‘remember’ logins to corporate networks and applications?
- What if he has not set a complex password to unlock the device?
- The mobile and the cloud - Dig deeper for more dirt
- Insecure applications - The feral little (ad-based) rogues sitting on my phone
- Admin login - Can never get rid if that…