Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 28 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Questions asked of MDM security

by The Gurus
November 22, 2013
in Editor's News
Share on FacebookShare on Twitter

The problems in mobile device management (MDM) were highlighted at an event in central London.

Hosted by Context Information Security at its Context Oasis event, it revealed ways MDM can be bypassed or prove to be ineffective on iPhone and Android. Speaking at the event, Rob Sloan, head of response at Context said that “on the mobile side, the hacktivists know we’re here and they know what to go after”.
The theme of the afternoon was the complications posed by bring your own device (BYOD) policies, and Sloan said that often the main challenge was in knowing what devices are in an organisation, what operating systems and versions they were running.
Also speaking from Context was senior consultant Alex Chapman, who said that BYOD presents “untrusted devices that you need to trust enough”. Commenting on updates to operating systems and software, he said: “Fixing vulnerabilities on your desktop involves rolling out updates, but it is different with BYOD as there are a small number of devices but lots of versions and extensions and they all need to be considered.
“What I would like to see from MDM solutions is to be able to force system updates and ensuring that they can be applied. We also recommend looking at the security of the operating system before you deploy Apple or Android devices.”
Speaking to IT Security Guru, Chapman and head of research at Context, Michael Jordon, said that when pushing out policies to personal devices, a user will have to submit this to a policy of a minimum version of the operating system which would specify what is allowed and what version is supported.
Chapman said: “A policy will say what a company is happy to support, but some companies will have it forced upon them.” Jordon said: “If a company really wanted to do BYOD, I would say do it, but I would always advise against it.”
A report published on BYOD by Context concluded that there will always be a trade-off between convenience and security, as devices can only be locked down so much before users chose not to opt-in to the scheme.
Its research found that MDM solutions in a BYOD environment cannot prevent unknown malicious applications from recording sound via the phone’s microphone, or tracking user location using the built in GPS. Also while Jailbreak/Root detection is implemented by all the MDM solutions reviewed, they work in very much the same way as anti-virus, only detecting known Jailbreak/Root methods and applications, which are often trivial to bypass by technical users or malicious hackers.
“BYOD implementations carry an inherent risk and while fully restrictive security policies are possible to configure with corporately owned and maintained devices, ultimately these restrictions are unrealistic in a BYOD environment,” said Chapman.
“A successful BYOD implementation requires a fine balance of usability and security to ensure an appropriate level of user buy-in. Insecure settings, device use and software update frequency can all affect the security of the device and in turn, corporate data in a BYOD environment.”
Speaking at a recent roundtable, Quentyn Taylor, director of information security at Canon, said that a problem is that BYOD allow a user to bring the device in, but policy also needs to de
termine when a personal device is subject to searches and e-discovery procedures.
He said: “In a modern office you have a personal machine and a corporate device, and while the generational activities are different, it is a question of how you manage them.
Speaking at the same roundtable, Adrian Davis, principal research analyst at the Information Security Forum (ISF), said that BYOD can be many things, and a lot of businesses are struggling to keep pace with technology as they cannot keep up with the “gamification”.
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Rapid7 website hijacked by KDMS Group

Next Post

Avast announce they beat DNS hackers in real time

Recent News

Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information