Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Infographic: With BYOD, Mobile Is The New Desktop
Threaded  |  Newest First  |  Oldest First
securityaffairs
securityaffairs,
User Rank: Ninja
7/22/2014 | 5:27:22 PM
mobile ... the next challenge
You are right ... mobile devices are comparable to desktop PCs in term of computational capabilities, the biggest issue related these platforms is the lack of awareness of principal cyber threats.

Users are unaware of the risk to use mobile devices without any defensive solutions, the risks increase if we consider the promiscuous usage (work/free time) of devices and bad habits of mobile users.

 

 

 

 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 8:44:39 AM
Re: mobile ... the next challenge
Mobille is definitely the next challenge when one-third of all employees don't even know what their company mobile BYOD policy is and that each of them are using devices at work with 21 apps a piece. These number are quite startling!
RyanSepe
RyanSepe,
User Rank: Ninja
7/23/2014 | 8:55:39 AM
Ingrained Security
The bottom of the infographic is what I deal with most at my enterprise. The common thought process is functionality vs security when it should be functionality with security. The best way to accomplish this is to have security safegards in place on the vendor side before deployment. This can be more easily accomplished if organizations pushed harder to only incorporate solutions that have a strong security backbone. Instead of incorporation then addition. The previous method allows for minimal learning curve.

Also, as stated below in the comments awareness is a huge factor. Having safegards in place is not enough and it is our job as security professionals to reiterate and educate the public as to why taking proper actions with their devices and following protocols is so important.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 11:02:51 AM
Re: Ingrained Security
Ryan, how does your company monitor how many byo devices/apps employees are using on the network and whether appropriate safeguards are in place and being used. Functionality with security makes a lot of sense. But what is the enforcment mechanism?
RyanSepe
RyanSepe,
User Rank: Ninja
7/24/2014 | 10:26:39 AM
Re: Ingrained Security
We are in the process of incorporating an MDM and EMM solution. I will have more metrics then but as an enforcement mechanism you cannot gain access to clinical apps without going through a VPN set up through an app client. The app client access is provided via Group Membership in AD. Essentially, if we haven't sanctioned you for access you can only use your cellular network or a guest wireless solution which doesn't have any internal ramifications.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/24/2014 | 10:51:16 AM
Re: Ingrained Security
Sounds interesting. Keep us posted on your progress. BTW how many users do you support?
RyanSepe
RyanSepe,
User Rank: Ninja
7/25/2014 | 8:50:16 AM
Re: Ingrained Security
14000 give or take a fluctuation of 500 because we are a teaching hospital and onboard/offboard medical students/residents at different times of the year.
ATG4
ATG4,
User Rank: Apprentice
7/23/2014 | 11:19:56 AM
Managing BYOD
BYOD will continue growing as mobile devices continue to play a greater role in our lives.  Does BYOD come with headaches?  Of course it does.  However, security issues and IT management headaches (how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping applications and data separate from personal devices.

Since AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, network connection, URL address and login details - IT staff end up with less support hassles. The volunteer or temporary employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.

Visit http://www.ericom.com/BYOD_Workplace for more info.

Please note that I work for Ericom


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35606
PUBLISHED: 2022-08-18
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
CVE-2022-35598
PUBLISHED: 2022-08-18
A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
CVE-2022-35599
PUBLISHED: 2022-08-18
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
CVE-2022-35601
PUBLISHED: 2022-08-18
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
CVE-2022-35602
PUBLISHED: 2022-08-18
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.