Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
How Mobile Security Lags BYOD
Newest First  |  Oldest First  |  Threaded View
sharronstone
sharronstone,
 User Rank: Apprentice
12/27/2013 | 4:21:32 PM
BYOD

For BYOD, data security on smart mobile devices is a difficult issue, especially with the use of all the various apps avalable. Some companies are combating this issue with their own data security apps. Example, we are developing our own app for our employees and doctors, using the Tigertext Tigerconnect API for HIPAA compliant texting and Dropbox integration, this will allow an increase in security and compliance but not burden the users will a lot of security protocols and restrictions. The other benefit is that it will work across OS and platforms and it give staff one app that allow IT to control the BYOD situation without making the user feel that they are in control of their deveice. I think the companies are going to have to be innovative with their BYOD policies and technologies in order to give drives that flexibility they need and give the companies the security they need. More info: http://developer.tigertext.com/
NickLee1
NickLee1,
 User Rank: Apprentice
12/17/2013 | 9:26:58 AM
Device management
Hi Michael, an interesting article and statistics from your survey especially with 78% of respondents saying their top concern is lost or stolen devices. Vodafone Global Enterprise provide complete global device management for enterprise with Vodafone Device Manager. Addressing concerns highlighted in your survey Vodafone Device Manager allows IT Security Managers to lock stolen or lost devices, encrypt data and secure them with passwords greater than 4 characters. This short video explains more.
http://bit.ly/1cqtKcv
ramakol
ramakol,
 User Rank: Apprentice
12/9/2013 | 9:06:47 PM
Enable BYOD by protecting your content
Very good data on mobile security. Mobile security policies should not be just for top security conscious companies in government and financial services. Companies need to find tools that will allow mobile workers to truly embrace BYOD with secure access to critical business data they need, anytime, anywhere, on their own devices. Check out this whitepaper by Accellion on best practices for secure enterprise content mobility: http://www.info.accellion.com/5-best-practices-for-secure-enterprise-content-mobility-whitepaper.html?sdet=5-best-practices-secure-enterprise-content-mobility
Muthu LeesaJ889
Muthu LeesaJ889,
 User Rank: Apprentice
12/9/2013 | 7:27:14 AM
RE: How Mobile Security Lags BYOD
Hi Michael,

Data Security is the biggest roadblock to BYOD. Businesses are still trying to figure out best ways to tackle lost devices and data. A lot of discussions are happening over the effective use of MDM solutions and MAM solutions. But the security issue has to addressed at a higher level. Businesses should literally own their apps. Think of enterprise app stores. A private app store for your business where you get to host, administer and monitor your enterprise apps. BYOD will not be a pain for the IT department anymore. Already Intel, SAP, now even the Department of Defense own private app stores.The benefits are ofcourse undeniable. Here is a quick list of the benefits of having enterprise app stores: http://mlabs.boston-technology.com/blog/why-do-we-need-enterprise-mobile-app-stores
asankar
asankar,
 User Rank: Apprentice
12/5/2013 | 1:08:08 PM
Protect the data not the device
"Company data residing on personal devices is a done deal" -  I am not sure this is the right answer especially if corporate (or any others for that matter) data is critical and/or sensitive.  I think the true protection for this is keeping data off the device.  After all, it is about data protection and it does not have to reside on the device; virtualization and secure redisplay technologies can greatly enhance data security while preserving the user experience (InformationWeek story at http://add.vc/fZy).  It is interesting to note that the top concerns always are around data leakage and stolen devices but solutions are very device-centric. 
BobH088
BobH088,
 User Rank: Apprentice
12/5/2013 | 12:05:15 PM
phone security strategy
Lots of people get their lost phones back because they have one of these tracker tags on them, check it out - mystufflostandfound.com


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file