Saturday Dec 09, 2023

Why the ship has sailed on BYOD

Tom Dean of Consulting Adventures joins Felicia for part three of the analysis on mobile devices and the problems with them.

  • OKTA breach, IT admin’s password getting stored in gmail password synced manager
  • Two-way problems. Personal on business and business on personal
  • Lack of clarity around device wipe, device use policies, apps running on devices
  • Compliance is easier when business owns the asset and delineation of ownership of asset and data is clear.
  • If the configurations are not managed, the cost profile to the company is a lot higher.
  • Credentials and MFA spill over in both directions
  • Data compliance issues
  • DLP and encryption issues
  • Lack of ability to define device security settings like PINs
  • How are you doing effective device configuration backups?
  • How do you prevent malicious apps from being installed on the devices?
  • How do you have leveraged support capabilities from the mobile devices?
  • Asset inventory is mandatory
  • Compliance costs can be drastically reduced by having company owned assets that only get approved applications. This is another reason why end users CANNOT have admin access.
  • No VPN access until someone has been part of the company for 30 days.
  • Onboarding and offboarding is crucial to information security

Information security is not a technical controls issue, it is a HR management issue.

 

Verizon fell for fake “search warrant,” gave victim’s phone data to stalker

https://arstechnica.com/tech-policy/2023/12/verizon-fell-for-fake-search-warrant-gave-victims-phone-data-to-stalker/

As if all that wasn't bad enough, if an employee of a company has issues in their personal life, it will spill over to business and especially in the context of allowed personal use of company assets.

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright QPC Security All rights reserved.

Podcast Powered By Podbean

Version: 20241125