Many feel robbed upon seeing the price of phone insurance. Myself included! But I had no idea exactly how many devices are stolen (or, reported as stolen…).

Interesting read in the register this morning about phone theft. 9,751 phones stolen last month alone with the police expecting an increase in January - historically, the busiest month. How concerned should organisations be?

In November 2012, CSO Online published results of a device security audit covering iOS, Blackberry & Android. The report highlighting many issues that should be of concern to BYOD policy makers and raising the question, has the BYOD movement been more a rebellion uprising of, "Hello IT, I got this tablet for Christmas..", than a strategic decision (insert clever Star Wars reference on Freedom Vs. Control)?

Are organisations specifying what devices can 'securely' access corporate resources? And, if not, is it due to lack of context in their security tech?

Access policies need to interrogate device identity and device integrity in addition to user identity. Failing to do so is akin to delivering unsecured Wireless Access.

If an un-patched version of Android is known to have a serious vulnerability why provide it with a login prompt at all. Better still, turn this into a community service announcement, providing context specific messaging as to why access was denied, "Visit xyz.com for more information of securing your xxx phone running version n.n.n"

 

A short summary from the CSO Online report:

Android: "...Android applications have been caught sending and receiving premium rate calls and messages, recording users keystrokes or sounds, tracking user locations, or even containing botnet-style malware as might be found on a desktop machine"

Blackberry: "Security and control are some of the main selling points of Blackberry, with the ability to completely encrypt data, tightly control what is done with the device, restrict what individual applications can and cannot do, require tunneling of any and all internet traffic through the company's servers, control apps and much more. The downside is that this control comes at a cost, and the ease of management to keep your device secure can be time consuming for a non-enterprise user."

iOS: "iOS devices are a good balance when it comes to security, but this does come at a cost of flexibility that more experienced smartphone/tablet users may not like."

 

CSOOnline-Conclusion.png