August 01, 2012
Features

Embracing BYOD: Mobile challenge

Embracing BYOD: Mobile challenge
Embracing BYOD: Mobile challenge

A multilayered approach

BYOD adoption consists of a multilayered security approach that includes protecting the content on the device, ensuring that the applications running on it are trustworthy, and providing strong authentication services directly through it, says Bret Hartman, CTO of Bedford, Mass.-based provider of security, risk and compliance management solutions provider RSA, the security division of EMC.

“Something that's important to remember is that when we think about securing the mobile devices, there's always two halves to the equation,” Hartman says. “There's the client/device side, and then there's the server side.”

Hartman says a smartphone or tablet could have the proper security attributes in place, but if the right security mechanisms on the server side aren't able to validate those things, then only one part of the equation has been solved.

While not every enterprise may be fit for a BYOD environment, Hartman says that most believe they don't really have a choice. Even government institutions, known for their highly sensitive data and lockdown stance, are in search of security solutions for mobile devices.

Further, when it comes to employee-owned devices, one of the major concerns for the enterprise is the apps in use. With apps constantly being released and employees downloading whatever catches their attention, there's a new obstacle: bring-your-own-software (BYOS), says Domingo Guerra, president and founder of Appthority, a San Francisco-based mobile app risk management company.

“What's driving the consumption of these devices is not how cool the device is, it's how many apps the device can play,” he says.

Thus, the security focus should be geared more toward the apps, rather than the device itself, since the apps host a majority of the vulnerabilities, he says. 

“[The apps] are what do the violations of privacy or the mismanagement of username and passwords,” Guerra says. “They present the way to break into the corporate server, not the device itself.” 

Although mobile device management (MDM) software and mobile app management (MAM) solutions can block any app an administrator deems is unsafe, Guerra says it's difficult to determine which is benevolent and what is unsafe.

“Companies need the ability to be able to differentiate by job role, then be able to categorize those apps,” he says.

From the August 2012 Issue of SCMagazine »
Page 2 of 3
Related Articles
Related Topics

Sign up to our newsletters

More in Features

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.

Urgent care: Safeguarding data at health care providers

Urgent care: Safeguarding data at health care providers

Health providers have pressing reasons to now embrace security, says INTEGRIS Health's John Delano. Karen Epper Hoffman reports.

Deciphering cloud strategy

Deciphering cloud strategy

There are steps security pros can take to achieve greater peace of mind with cloud implementations, reports Alan Earls.