Cloud
7/22/2014
12:00 PM
Adam Ely
Adam Ely
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Infographic: With BYOD, Mobile Is The New Desktop

Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.

The convergence of mobile and cloud has increased employee productivity and increased the risk of data loss for enterprises. Because both technologies are data-centric and expose corporate data outside of the enterprise, we have to be aware of how we’re managing our resources and protecting our assets.

Not knowing how to protect corporate data, many organizations have been hesitant to adopt mobile and cloud technologies. However, with the rapid proliferation of user-owned devices, applications, and cloud services in the enterprise, we really have no choice but to embrace them because, as this infographic illustrates, it’s happening, whether IT or security teams believe it or not.

Source: Bluebox
Source: Bluebox

Organizations struggle because they can’t take mobile away, and employees use it because it increases productivity. It’s time to adopt and properly manage the solutions enterprise employees are using each day. There has been an explosion of data outside the four walls of enterprise IT. CISOs need to fundamentally rethink their strategies and approaches to securing that data. How do you do this? Let’s chat about the risks and opportunities in the comments below.

Adam Ely is the founder and COO of Bluebox. Prior to this role, Adam was the CISO of the Heroku business unit at Salesforce where he was responsible for application security, security operations, compliance, and external security relations. Prior to Salesforce, Adam led ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
7/25/2014 | 8:50:16 AM
Re: Ingrained Security
14000 give or take a fluctuation of 500 because we are a teaching hospital and onboard/offboard medical students/residents at different times of the year.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/24/2014 | 10:51:16 AM
Re: Ingrained Security
Sounds interesting. Keep us posted on your progress. BTW how many users do you support?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/24/2014 | 10:26:39 AM
Re: Ingrained Security
We are in the process of incorporating an MDM and EMM solution. I will have more metrics then but as an enforcement mechanism you cannot gain access to clinical apps without going through a VPN set up through an app client. The app client access is provided via Group Membership in AD. Essentially, if we haven't sanctioned you for access you can only use your cellular network or a guest wireless solution which doesn't have any internal ramifications.
ATG4
50%
50%
ATG4,
User Rank: Apprentice
7/23/2014 | 11:19:56 AM
Managing BYOD
BYOD will continue growing as mobile devices continue to play a greater role in our lives.  Does BYOD come with headaches?  Of course it does.  However, security issues and IT management headaches (how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping applications and data separate from personal devices.

Since AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, network connection, URL address and login details - IT staff end up with less support hassles. The volunteer or temporary employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.

Visit http://www.ericom.com/BYOD_Workplace for more info.

Please note that I work for Ericom
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 11:02:51 AM
Re: Ingrained Security
Ryan, how does your company monitor how many byo devices/apps employees are using on the network and whether appropriate safeguards are in place and being used. Functionality with security makes a lot of sense. But what is the enforcment mechanism?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/23/2014 | 8:55:39 AM
Ingrained Security
The bottom of the infographic is what I deal with most at my enterprise. The common thought process is functionality vs security when it should be functionality with security. The best way to accomplish this is to have security safegards in place on the vendor side before deployment. This can be more easily accomplished if organizations pushed harder to only incorporate solutions that have a strong security backbone. Instead of incorporation then addition. The previous method allows for minimal learning curve.

Also, as stated below in the comments awareness is a huge factor. Having safegards in place is not enough and it is our job as security professionals to reiterate and educate the public as to why taking proper actions with their devices and following protocols is so important.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 8:44:39 AM
Re: mobile ... the next challenge
Mobille is definitely the next challenge when one-third of all employees don't even know what their company mobile BYOD policy is and that each of them are using devices at work with 21 apps a piece. These number are quite startling!
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
7/22/2014 | 5:27:22 PM
mobile ... the next challenge
You are right ... mobile devices are comparable to desktop PCs in term of computational capabilities, the biggest issue related these platforms is the lack of awareness of principal cyber threats.

Users are unaware of the risk to use mobile devices without any defensive solutions, the risks increase if we consider the promiscuous usage (work/free time) of devices and bad habits of mobile users.

 

 

 

 
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2021
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

CVE-2014-3604
Published: 2014-10-24
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2014-6230
Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

CVE-2014-6251
Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

CVE-2014-7180
Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.