Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Infographic: With BYOD, Mobile Is The New Desktop
Oldest First  |  Newest First  |  Threaded View
securityaffairs
securityaffairs,
User Rank: Ninja
7/22/2014 | 5:27:22 PM
mobile ... the next challenge
You are right ... mobile devices are comparable to desktop PCs in term of computational capabilities, the biggest issue related these platforms is the lack of awareness of principal cyber threats.

Users are unaware of the risk to use mobile devices without any defensive solutions, the risks increase if we consider the promiscuous usage (work/free time) of devices and bad habits of mobile users.

 

 

 

 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 8:44:39 AM
Re: mobile ... the next challenge
Mobille is definitely the next challenge when one-third of all employees don't even know what their company mobile BYOD policy is and that each of them are using devices at work with 21 apps a piece. These number are quite startling!
RyanSepe
RyanSepe,
User Rank: Ninja
7/23/2014 | 8:55:39 AM
Ingrained Security
The bottom of the infographic is what I deal with most at my enterprise. The common thought process is functionality vs security when it should be functionality with security. The best way to accomplish this is to have security safegards in place on the vendor side before deployment. This can be more easily accomplished if organizations pushed harder to only incorporate solutions that have a strong security backbone. Instead of incorporation then addition. The previous method allows for minimal learning curve.

Also, as stated below in the comments awareness is a huge factor. Having safegards in place is not enough and it is our job as security professionals to reiterate and educate the public as to why taking proper actions with their devices and following protocols is so important.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 11:02:51 AM
Re: Ingrained Security
Ryan, how does your company monitor how many byo devices/apps employees are using on the network and whether appropriate safeguards are in place and being used. Functionality with security makes a lot of sense. But what is the enforcment mechanism?
ATG4
ATG4,
User Rank: Apprentice
7/23/2014 | 11:19:56 AM
Managing BYOD
BYOD will continue growing as mobile devices continue to play a greater role in our lives.  Does BYOD come with headaches?  Of course it does.  However, security issues and IT management headaches (how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping applications and data separate from personal devices.

Since AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, network connection, URL address and login details - IT staff end up with less support hassles. The volunteer or temporary employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.

Visit http://www.ericom.com/BYOD_Workplace for more info.

Please note that I work for Ericom
RyanSepe
RyanSepe,
User Rank: Ninja
7/24/2014 | 10:26:39 AM
Re: Ingrained Security
We are in the process of incorporating an MDM and EMM solution. I will have more metrics then but as an enforcement mechanism you cannot gain access to clinical apps without going through a VPN set up through an app client. The app client access is provided via Group Membership in AD. Essentially, if we haven't sanctioned you for access you can only use your cellular network or a guest wireless solution which doesn't have any internal ramifications.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/24/2014 | 10:51:16 AM
Re: Ingrained Security
Sounds interesting. Keep us posted on your progress. BTW how many users do you support?
RyanSepe
RyanSepe,
User Rank: Ninja
7/25/2014 | 8:50:16 AM
Re: Ingrained Security
14000 give or take a fluctuation of 500 because we are a teaching hospital and onboard/offboard medical students/residents at different times of the year.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40597
PUBLISHED: 2022-06-29
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.
CVE-2022-30467
PUBLISHED: 2022-06-29
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.
CVE-2022-33061
PUBLISHED: 2022-06-29
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.
CVE-2022-2073
PUBLISHED: 2022-06-29
Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
CVE-2022-33057
PUBLISHED: 2022-06-29
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.