SlideShare uma empresa Scribd logo

BYOD eBook Part 1 DREW

Condition Zebra (CONZebra)
Condition Zebra (CONZebra)
1 de 8
Baixar para ler offline
Navigating the Waters of BYOD ©2013 Drew Williams Drew Williams Navigating the Waters of BYOD Part 1: Piloting the Perils
Navigating the Waters of BYOD ©2013 Drew Williams 2 So, you have decided that you’ve read enough, heard enough and thought about it enough, that you’re going to do something about your organization’s dramatic rise in how mobile devices have invaded the workplace. The idea that it’s Taboo to bring devices to work is being replaced with finding ways of developing an effective use policy to address the matter. Good news: Gaining the upper hand on BYOD requires some practical thinking, basic administrative management, and some common sense. This little document will give you some basic guidelines on what important matters to consider when navigating the waters of mobile computing, while still providing a safe harbor for your organization’s assets. Let’s start with what we need to know about mobile computing in general, and how the BYOD phenomenon is creating a sea of risk management concerns throughout every industry that relies on technology to communicate or advance. “Mobile Computing” includes everything from Androids and iPhones to Kindles, iPads, laptop computers—anything that can be used to store AND transmit data. BYOD Defined 1
Navigating the Waters of BYOD ©2013 Drew Williams Statistics can tell you anything to support any argument. The topic of BYOD is no different, and as a Value-added Services provider, Condition Zebra carries no bias toward any technology to support or prevent the case for BYOD in the workplace, although we do support the idea of implementing a good risk management policy to manage BYOD, and we think ours is the best. Charting the Course: Statistics tell part of the story Love-Hate Relationship When talking about BYOD in relation to its impact in a business, it’s almost like Mom and Dad arguing at the dinner table about why the kids should and shouldn’t get the keys to the car. On the one hand, the CFO (aka “Dad”), likes the sense of freedom and independence BYOD brings to the organization, and how mobile computing actually improves overall productivity in the workplace, which converts into greater revenue potential. “Mom” (the CIO), on the other hand, sees the risks of moving too quickly, of having too much independence and accessibility, which translates into inconsistencies in standard operating guidelines, poorly defined standards, complexities in supporting a constantly changing environment, and unpredictable security risks. Both are right! Based on a poll of 1,000+ mid-sized companies throughout the U.S., Europe and Asia: • 90% use personal devices; • 100% noted accessing IP & PI via personal devices. • More than 1 billion smartphones used worldwide. • More than 100 million new Androids were sold since Q3 ’12. • 80% will budget to address “Risk” relating to managing the usage of personal devices. 2
Navigating the Waters of BYOD ©2013 Drew Williams There are considerable (but manageable) risk factors associated with BYOD-related activities, including probably the most relevant concern: data security compromise. There are also statistics that show how, by working with staff, employers actually create a greater sense of organization-wide responsibility for protecting the assets of the group, recruiting every individual to take up the cause. The results: BFF’s can freely sail the same waters with FAQs and RFPs, without concern of course collisions. Before we address how to navigate the seas of success with BYOD, however, let’s first address some of the risks you might face. In the days of the ancient mariners, one of the most dangerous problems they faced was fog. Not being able to see the stars at night, or landmarks along the waterways during the day could mean delay or greater danger to the seafarer and his cargo. Data theft, like the fog of old, can slip in and out of an organization, often undetected, unless monitored for and managed. Laptop computers and mobile devices notwithstanding, smartphones—all with the ability to transmit communications exchanges between hosts—can carry between 8GB and 128+GB of storage space, include multiple SD cards, and automatically transact exchanges of critical information, without an organization even knowing what happened. The Fog of Data Theft 3
Navigating the Waters of BYOD ©2013 Drew Williams The ancient Greek seafarers of the Mediterranean included stories of fair maidens who brought song and beauty to the weary crew, only to replace both with disorientation, and death. Malware is a constant problem in today’s distributed computing environments. Mobile phones—especially Androids—are highly susceptible to problems incurred through cross- site scripting, which represents more than 80% of the root cause of hostile activities behind application security. Old-school processes of checking system configurations, updating system patches and even ensuring the latest versions of the applications are downloaded, are only a few of the reasons why this problem continues to sing tragedy for the unaware and misinformed. Beware of the Shifting Songs of the Sirens of Malware “AVAST There!” Being Boarded by Wireless Exploits While sailing the open waterways might sound difficult to pose a risk of gaining unauthorized access, pirates of old ran with impunity, threatening all trade routes, all ships and in all waters. The world has gotten a lot smaller in the Digital Age, and taking advantage of a wireless infrastructure seems to be getting more prevalent and more common. Risks and insecurities in WEP, for example, are so well-known, there are even “How-to” steps published online to describe WEP vulnerabilities. Passive attacks on unencrypted wireless backbones include eavesdropping, with more hostile threats, as a result of exploiting applications, could mean traffic floods and the all-evil Denial of Service. Argh Matey! 4
Navigating the Waters of BYOD ©2013 Drew Williams According to ancient Greek legend, the Cyanean Rocks, which stood at the inlet of the Bosporus Sea, randomly came together to crush any unsuspecting sea-goers. The key, as fabled Jason and his Argonauts discovered, was to manage the timing between clashes and crashes, by constantly monitoring the trends in how the rocks interacted with the sea. A top concern in BYOD security relates to the overall lack of monitoring and consistent management of access controls and privileges. Perhaps one of the easiest preventive actions an organization can take is also the action most neglected: establishing a consistent policy for remote file access, authentication and remote privilege management. Data, and the loss of contact, adrift and Lost At Sea Watch Out for the Rocks! 5 Those sailors who have experienced the unfortunate demise of being adrift in open seas, and have lived to tell their tales, have said that the sheer loss of contact with the rest of the world drove some of their greatest fears. Mobile devices are small and can be easily misplaced or lost. For many people, those devices contain everything from Grandma’s secret recipes to government secrets entrusted to device owners for safe keeping. Many people (my five daughters included), have become so dependent on mobile devices for even minute- to-minute communications, they even take them to bed with them! The idea of encrypting mobile devices is still a fresh concept in the category of BYOD security, and as a result, proprietary data loss is still the chief concern regarding mobile computing environments.
Navigating the Waters of BYOD ©2013 Drew Williams Desktop Virtualization is a growing floodgate trend for edge businesses. In fact, fewer security issues have actually been reported (internally) with personal mobile devices than with corporate devices. Fact is, people take better care of their own property. With the interest in BYOD on the rise—often leading from the top of the Corporate Food chain (namely: the C-levels themselves), the trend that is “BYOD” also often translates into innovation, enhanced “quality of work” for employees, a rise in productivity, and the chance for organizations to achieve faster rates of expansion and a higher level of achievement in goals and business objectives. As the tempest of technology continues to rage on the digital horizon, organizations worldwide continue to pursue faster, higher, stronger methods of doing more with less. Steering Toward Friendlier Shores Part 2: Sailing the Seven “C’s” To avoid sinking in the maelstrom, perhaps the following seven points of action can keep the tides even for those who are advancing toward uncharted waters: • Collaborative Staff Effort; • Configuration Policies; • Continuous System Monitoring; • Compartmentalized Virtualization; • Coordinated Carrier Support; • Control Systems (VPNs, Tokens); • Clarification of Roles & Ownership. See you next month with Part 2! 6
Navigating the Waters of BYOD ©2013 Drew Williams Available mid-September at www.conzebra.com Navigating the Waters of BYOD Part 2: Sailing the Seven “C’s” About Condition Zebra Blended from the Information Security, Defense, IT, and Software Engineering industries, the Condition Zebra team has a combined skill set of more than 100 years’ experience, with success histories that span decades of work. Our security architects, engineers and critical infrastructure analysts have participated with establishing critical infrastructure security and policy for the United States as well as having served on advisory boards and critical infrastructure committees and consulting groups for foreign governments and organizations ranging from Fortune 500 entities to even the smallest of businesses. Contact Condition Zebra today to learn how our team of risk management experts can help your business About the Author Drew Williams is the founder and CEO of international risk management consulting services firm Condition Zebra, which has operating offices in the United States and Southeast Asia. During the 1990's and into the 2K's, Drew was involved in early development of IT infrastructure frameworks and security standards, including work with the IETF on the organization of the Common Vulnerabilities Enumeration (CVE) format, the HIPAA security standard and development of some of the industry's pioneer host-based intrusion detection technologies. Drew has produced more than 40 short documentaries on educational and economic advancement in developing nations, and he authored one of the multi-million best-selling "Complete Idiot’s Guides."

Recomendados

Mrisks
MrisksMrisks
Mrisks
gprasad
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
COMSATS
 
Data Exceeding Voice
Data Exceeding VoiceData Exceeding Voice
Data Exceeding Voice
cr123
 
Mobile writing by the numbers
Mobile writing by the numbersMobile writing by the numbers
Mobile writing by the numbers
Ann Wylie
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
IBM Security
 
Why computers will never be safe
Why computers will never be safeWhy computers will never be safe
Why computers will never be safe
CAST
 
Consumers of tomorrow insights and observations about generation z
Consumers of tomorrow insights and observations about generation zConsumers of tomorrow insights and observations about generation z
Consumers of tomorrow insights and observations about generation z
★ Duong Vo ★
 
Technology media presentation
Technology media presentationTechnology media presentation
Technology media presentation
100139120
 

Recomendados

Mrisks
MrisksMrisks
Mrisks
gprasad
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
COMSATS
 
Data Exceeding Voice
Data Exceeding VoiceData Exceeding Voice
Data Exceeding Voice
cr123
 
Mobile writing by the numbers
Mobile writing by the numbersMobile writing by the numbers
Mobile writing by the numbers
Ann Wylie
 
Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
IBM Security
 
Why computers will never be safe
Why computers will never be safeWhy computers will never be safe
Why computers will never be safe
CAST
 
Consumers of tomorrow insights and observations about generation z
Consumers of tomorrow insights and observations about generation zConsumers of tomorrow insights and observations about generation z
Consumers of tomorrow insights and observations about generation z
★ Duong Vo ★
 
Technology media presentation
Technology media presentationTechnology media presentation
Technology media presentation
100139120
 
Evolution of technology v1.0
Evolution of technology v1.0Evolution of technology v1.0
Evolution of technology v1.0
jehanshann
 
Future Agenda Future Of Authenticity
Future Agenda Future Of AuthenticityFuture Agenda Future Of Authenticity
Future Agenda Future Of Authenticity
Future Agenda
 
Technology Creates Social Isolation and Neurosis
Technology Creates Social Isolation and NeurosisTechnology Creates Social Isolation and Neurosis
Technology Creates Social Isolation and Neurosis
100139120
 
The Wireless Evolution
The Wireless EvolutionThe Wireless Evolution
The Wireless Evolution
Ignite Partnership
 
Mobile marketing
Mobile marketingMobile marketing
Mobile marketing
Nick Hodge
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
SelectedPresentations
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your Users
Mike Murray
 
Next Generation Media Quarterly - October 2009
Next Generation Media Quarterly - October 2009Next Generation Media Quarterly - October 2009
Next Generation Media Quarterly - October 2009
dentsu
 
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommIf At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
Barbara Ludwig
 
Augmented reality- Why super powers lead to minor injuries and major memory l...
Augmented reality- Why super powers lead to minor injuries and major memory l...Augmented reality- Why super powers lead to minor injuries and major memory l...
Augmented reality- Why super powers lead to minor injuries and major memory l...
onvert
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social Engineering
Mike Murray
 
Next Generation Media Quarterly January 2011
Next Generation Media Quarterly January 2011Next Generation Media Quarterly January 2011
Next Generation Media Quarterly January 2011
dentsu
 
Next Generation Media Quarterly July 2011
Next Generation Media Quarterly July 2011Next Generation Media Quarterly July 2011
Next Generation Media Quarterly July 2011
dentsu
 
Next Generation Media Quarterly - April 2010
Next Generation Media Quarterly - April 2010Next Generation Media Quarterly - April 2010
Next Generation Media Quarterly - April 2010
dentsu
 
Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014
Spiceworks Ziff Davis
 
Next Generation Media Quarterly - July 2010
Next Generation Media Quarterly - July 2010Next Generation Media Quarterly - July 2010
Next Generation Media Quarterly - July 2010
dentsu
 
Next Generation Media Quarterly - January 2010
Next Generation Media Quarterly - January 2010Next Generation Media Quarterly - January 2010
Next Generation Media Quarterly - January 2010
dentsu
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To You
Ronald E. Laub Jr
 
Next Generation Media Quarterly October 2010
Next Generation Media Quarterly October 2010Next Generation Media Quarterly October 2010
Next Generation Media Quarterly October 2010
dentsu
 
Popular Issues in (Digital) Media Literacy
Popular Issues in (Digital) Media LiteracyPopular Issues in (Digital) Media Literacy
Popular Issues in (Digital) Media Literacy
Alec Couros
 
Manifesto_final
Manifesto_finalManifesto_final
Manifesto_final
Sarah Jarvis
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 

Mais conteúdo relacionado

Mais procurados

Evolution of technology v1.0
Evolution of technology v1.0Evolution of technology v1.0
Evolution of technology v1.0
jehanshann
 
Technology Creates Social Isolation and Neurosis
Technology Creates Social Isolation and NeurosisTechnology Creates Social Isolation and Neurosis
Technology Creates Social Isolation and Neurosis
100139120
 
The Wireless Evolution
The Wireless EvolutionThe Wireless Evolution
The Wireless Evolution
Ignite Partnership
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
SelectedPresentations
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your Users
Mike Murray
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social Engineering
Mike Murray
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To You
Ronald E. Laub Jr
 

Mais procurados (20)

Evolution of technology v1.0
Evolution of technology v1.0Evolution of technology v1.0
Evolution of technology v1.0
 
Future Agenda Future Of Authenticity
Future Agenda Future Of AuthenticityFuture Agenda Future Of Authenticity
Future Agenda Future Of Authenticity
 
Technology Creates Social Isolation and Neurosis
Technology Creates Social Isolation and NeurosisTechnology Creates Social Isolation and Neurosis
Technology Creates Social Isolation and Neurosis
 
The Wireless Evolution
The Wireless EvolutionThe Wireless Evolution
The Wireless Evolution
 
Mobile marketing
Mobile marketingMobile marketing
Mobile marketing
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your Users
 
Next Generation Media Quarterly - October 2009
Next Generation Media Quarterly - October 2009Next Generation Media Quarterly - October 2009
Next Generation Media Quarterly - October 2009
 
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At QualcommIf At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
If At First You Don't Succeed... The Mobile Learning Journey At Qualcomm
 
Augmented reality- Why super powers lead to minor injuries and major memory l...
Augmented reality- Why super powers lead to minor injuries and major memory l...Augmented reality- Why super powers lead to minor injuries and major memory l...
Augmented reality- Why super powers lead to minor injuries and major memory l...
 
Issa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social EngineeringIssa Seattle 5 09 Social Engineering
Issa Seattle 5 09 Social Engineering
 
Next Generation Media Quarterly January 2011
Next Generation Media Quarterly January 2011Next Generation Media Quarterly January 2011
Next Generation Media Quarterly January 2011
 
Next Generation Media Quarterly July 2011
Next Generation Media Quarterly July 2011Next Generation Media Quarterly July 2011
Next Generation Media Quarterly July 2011
 
Next Generation Media Quarterly - April 2010
Next Generation Media Quarterly - April 2010Next Generation Media Quarterly - April 2010
Next Generation Media Quarterly - April 2010
 
Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014
 
Next Generation Media Quarterly - July 2010
Next Generation Media Quarterly - July 2010Next Generation Media Quarterly - July 2010
Next Generation Media Quarterly - July 2010
 
Next Generation Media Quarterly - January 2010
Next Generation Media Quarterly - January 2010Next Generation Media Quarterly - January 2010
Next Generation Media Quarterly - January 2010
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To You
 
Next Generation Media Quarterly October 2010
Next Generation Media Quarterly October 2010Next Generation Media Quarterly October 2010
Next Generation Media Quarterly October 2010
 
Popular Issues in (Digital) Media Literacy
Popular Issues in (Digital) Media LiteracyPopular Issues in (Digital) Media Literacy
Popular Issues in (Digital) Media Literacy
 

Semelhante a BYOD eBook Part 1 DREW

A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
Alistair Blake
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!
Ludmila Morozova-Buss
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
Creus Moreira Carlos
 
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Tania Mushtaq
 

Semelhante a BYOD eBook Part 1 DREW (20)

Manifesto_final
Manifesto_finalManifesto_final
Manifesto_final
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Avoiding a BYOD Blowup!
Avoiding a BYOD Blowup!Avoiding a BYOD Blowup!
Avoiding a BYOD Blowup!
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
K.Jacobs COMM 303 Final Project
K.Jacobs COMM 303 Final ProjectK.Jacobs COMM 303 Final Project
K.Jacobs COMM 303 Final Project
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
 
Bo e v1.0
Bo e v1.0Bo e v1.0
Bo e v1.0
 
Cyber Security importance.pdf
Cyber Security importance.pdfCyber Security importance.pdf
Cyber Security importance.pdf
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
 
The maintenance you don't have to touch - v.07
The maintenance you don't have to touch - v.07The maintenance you don't have to touch - v.07
The maintenance you don't have to touch - v.07
 
1402.1842.pdf
1402.1842.pdf1402.1842.pdf
1402.1842.pdf
 
CYBER SECURITY SEMINAR.pptx
CYBER SECURITY SEMINAR.pptxCYBER SECURITY SEMINAR.pptx
CYBER SECURITY SEMINAR.pptx
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
 
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
Our Guide to Digital disruption Update 2019
Our Guide to Digital disruption Update 2019Our Guide to Digital disruption Update 2019
Our Guide to Digital disruption Update 2019
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 

Mais de Condition Zebra (CONZebra)

Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security Compliance
Condition Zebra (CONZebra)
 

Mais de Condition Zebra (CONZebra) (6)

AXENT-Everything-IDS
AXENT-Everything-IDSAXENT-Everything-IDS
AXENT-Everything-IDS
 
OS-Anatomy-Article
OS-Anatomy-ArticleOS-Anatomy-Article
OS-Anatomy-Article
 
Host-Based IDS LLifecycle
Host-Based IDS LLifecycleHost-Based IDS LLifecycle
Host-Based IDS LLifecycle
 
2 Day MOSTI Workshop
2 Day MOSTI Workshop2 Day MOSTI Workshop
2 Day MOSTI Workshop
 
BO2K Byline
BO2K BylineBO2K Byline
BO2K Byline
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security Compliance
 

BYOD eBook Part 1 DREW

  • 1. Navigating the Waters of BYOD ©2013 Drew Williams Drew Williams Navigating the Waters of BYOD Part 1: Piloting the Perils
  • 2. Navigating the Waters of BYOD ©2013 Drew Williams 2 So, you have decided that you’ve read enough, heard enough and thought about it enough, that you’re going to do something about your organization’s dramatic rise in how mobile devices have invaded the workplace. The idea that it’s Taboo to bring devices to work is being replaced with finding ways of developing an effective use policy to address the matter. Good news: Gaining the upper hand on BYOD requires some practical thinking, basic administrative management, and some common sense. This little document will give you some basic guidelines on what important matters to consider when navigating the waters of mobile computing, while still providing a safe harbor for your organization’s assets. Let’s start with what we need to know about mobile computing in general, and how the BYOD phenomenon is creating a sea of risk management concerns throughout every industry that relies on technology to communicate or advance. “Mobile Computing” includes everything from Androids and iPhones to Kindles, iPads, laptop computers—anything that can be used to store AND transmit data. BYOD Defined 1
  • 3. Navigating the Waters of BYOD ©2013 Drew Williams Statistics can tell you anything to support any argument. The topic of BYOD is no different, and as a Value-added Services provider, Condition Zebra carries no bias toward any technology to support or prevent the case for BYOD in the workplace, although we do support the idea of implementing a good risk management policy to manage BYOD, and we think ours is the best. Charting the Course: Statistics tell part of the story Love-Hate Relationship When talking about BYOD in relation to its impact in a business, it’s almost like Mom and Dad arguing at the dinner table about why the kids should and shouldn’t get the keys to the car. On the one hand, the CFO (aka “Dad”), likes the sense of freedom and independence BYOD brings to the organization, and how mobile computing actually improves overall productivity in the workplace, which converts into greater revenue potential. “Mom” (the CIO), on the other hand, sees the risks of moving too quickly, of having too much independence and accessibility, which translates into inconsistencies in standard operating guidelines, poorly defined standards, complexities in supporting a constantly changing environment, and unpredictable security risks. Both are right! Based on a poll of 1,000+ mid-sized companies throughout the U.S., Europe and Asia: • 90% use personal devices; • 100% noted accessing IP & PI via personal devices. • More than 1 billion smartphones used worldwide. • More than 100 million new Androids were sold since Q3 ’12. • 80% will budget to address “Risk” relating to managing the usage of personal devices. 2
  • 4. Navigating the Waters of BYOD ©2013 Drew Williams There are considerable (but manageable) risk factors associated with BYOD-related activities, including probably the most relevant concern: data security compromise. There are also statistics that show how, by working with staff, employers actually create a greater sense of organization-wide responsibility for protecting the assets of the group, recruiting every individual to take up the cause. The results: BFF’s can freely sail the same waters with FAQs and RFPs, without concern of course collisions. Before we address how to navigate the seas of success with BYOD, however, let’s first address some of the risks you might face. In the days of the ancient mariners, one of the most dangerous problems they faced was fog. Not being able to see the stars at night, or landmarks along the waterways during the day could mean delay or greater danger to the seafarer and his cargo. Data theft, like the fog of old, can slip in and out of an organization, often undetected, unless monitored for and managed. Laptop computers and mobile devices notwithstanding, smartphones—all with the ability to transmit communications exchanges between hosts—can carry between 8GB and 128+GB of storage space, include multiple SD cards, and automatically transact exchanges of critical information, without an organization even knowing what happened. The Fog of Data Theft 3
  • 5. Navigating the Waters of BYOD ©2013 Drew Williams The ancient Greek seafarers of the Mediterranean included stories of fair maidens who brought song and beauty to the weary crew, only to replace both with disorientation, and death. Malware is a constant problem in today’s distributed computing environments. Mobile phones—especially Androids—are highly susceptible to problems incurred through cross- site scripting, which represents more than 80% of the root cause of hostile activities behind application security. Old-school processes of checking system configurations, updating system patches and even ensuring the latest versions of the applications are downloaded, are only a few of the reasons why this problem continues to sing tragedy for the unaware and misinformed. Beware of the Shifting Songs of the Sirens of Malware “AVAST There!” Being Boarded by Wireless Exploits While sailing the open waterways might sound difficult to pose a risk of gaining unauthorized access, pirates of old ran with impunity, threatening all trade routes, all ships and in all waters. The world has gotten a lot smaller in the Digital Age, and taking advantage of a wireless infrastructure seems to be getting more prevalent and more common. Risks and insecurities in WEP, for example, are so well-known, there are even “How-to” steps published online to describe WEP vulnerabilities. Passive attacks on unencrypted wireless backbones include eavesdropping, with more hostile threats, as a result of exploiting applications, could mean traffic floods and the all-evil Denial of Service. Argh Matey! 4
  • 6. Navigating the Waters of BYOD ©2013 Drew Williams According to ancient Greek legend, the Cyanean Rocks, which stood at the inlet of the Bosporus Sea, randomly came together to crush any unsuspecting sea-goers. The key, as fabled Jason and his Argonauts discovered, was to manage the timing between clashes and crashes, by constantly monitoring the trends in how the rocks interacted with the sea. A top concern in BYOD security relates to the overall lack of monitoring and consistent management of access controls and privileges. Perhaps one of the easiest preventive actions an organization can take is also the action most neglected: establishing a consistent policy for remote file access, authentication and remote privilege management. Data, and the loss of contact, adrift and Lost At Sea Watch Out for the Rocks! 5 Those sailors who have experienced the unfortunate demise of being adrift in open seas, and have lived to tell their tales, have said that the sheer loss of contact with the rest of the world drove some of their greatest fears. Mobile devices are small and can be easily misplaced or lost. For many people, those devices contain everything from Grandma’s secret recipes to government secrets entrusted to device owners for safe keeping. Many people (my five daughters included), have become so dependent on mobile devices for even minute- to-minute communications, they even take them to bed with them! The idea of encrypting mobile devices is still a fresh concept in the category of BYOD security, and as a result, proprietary data loss is still the chief concern regarding mobile computing environments.
  • 7. Navigating the Waters of BYOD ©2013 Drew Williams Desktop Virtualization is a growing floodgate trend for edge businesses. In fact, fewer security issues have actually been reported (internally) with personal mobile devices than with corporate devices. Fact is, people take better care of their own property. With the interest in BYOD on the rise—often leading from the top of the Corporate Food chain (namely: the C-levels themselves), the trend that is “BYOD” also often translates into innovation, enhanced “quality of work” for employees, a rise in productivity, and the chance for organizations to achieve faster rates of expansion and a higher level of achievement in goals and business objectives. As the tempest of technology continues to rage on the digital horizon, organizations worldwide continue to pursue faster, higher, stronger methods of doing more with less. Steering Toward Friendlier Shores Part 2: Sailing the Seven “C’s” To avoid sinking in the maelstrom, perhaps the following seven points of action can keep the tides even for those who are advancing toward uncharted waters: • Collaborative Staff Effort; • Configuration Policies; • Continuous System Monitoring; • Compartmentalized Virtualization; • Coordinated Carrier Support; • Control Systems (VPNs, Tokens); • Clarification of Roles & Ownership. See you next month with Part 2! 6
  • 8. Navigating the Waters of BYOD ©2013 Drew Williams Available mid-September at www.conzebra.com Navigating the Waters of BYOD Part 2: Sailing the Seven “C’s” About Condition Zebra Blended from the Information Security, Defense, IT, and Software Engineering industries, the Condition Zebra team has a combined skill set of more than 100 years’ experience, with success histories that span decades of work. Our security architects, engineers and critical infrastructure analysts have participated with establishing critical infrastructure security and policy for the United States as well as having served on advisory boards and critical infrastructure committees and consulting groups for foreign governments and organizations ranging from Fortune 500 entities to even the smallest of businesses. Contact Condition Zebra today to learn how our team of risk management experts can help your business About the Author Drew Williams is the founder and CEO of international risk management consulting services firm Condition Zebra, which has operating offices in the United States and Southeast Asia. During the 1990's and into the 2K's, Drew was involved in early development of IT infrastructure frameworks and security standards, including work with the IETF on the organization of the Common Vulnerabilities Enumeration (CVE) format, the HIPAA security standard and development of some of the industry's pioneer host-based intrusion detection technologies. Drew has produced more than 40 short documentaries on educational and economic advancement in developing nations, and he authored one of the multi-million best-selling "Complete Idiot’s Guides."