Tag Archives: BYOD

Can you trust your handset?

16 Jun

For many years the Jericho forum has been talking about de-perimeterisation. The basic premise being that as more services become cloud oriented and are accessed with BYOD technology, large elements of the corporate data set are now stored outside of the corporate perimeter.

In looking at the security of such a system, a fundamental question arises. Can you trust the end user devices themselves?

The article “In 2015, security will start with the handset” looks at some of the progress needed in making the handset trustworthy. But this seems a very different position to most organisations looking at BYOD, where the basic premise is (or should be) the BYOD devices cannot be trusted, so you need to control the information flow to them.

I’d argue, today, there is not a right answer – you need to assess the risks in the specific context of a specific situation.

A managed end-user device, in a controlled environment where all the updates have been applied, where an anti-malware solution operates, with at-rest data encryption could offer a perfectly suitable solution to access corporate data from a set of known applications.

On the other hand, a 3 year old Android device, that has never been patched and been used to browse the Internet may not be a great choice for viewing secret data.

It all depends on understanding the risk. To understand the risk, requires understanding the specifics of the user handset. The document set “End User Devices Security and Configuration Guidance” is a really good starting point.

Can we help you with understanding the security risks of your device? An example of how we helped a customer with booting their device securely can be found in the Blog “Booting Linux Securely“.

The Insecurity of the Internet of Things

25 Nov

The Internet of things is a hot topic at the moment.

Continue reading

Heartbleed hype – Password killer

11 Apr

There are a huge number of news items, tweets and posts running around the Internet at the moment. I don’t pretend to know the details about Heartbleed, but I do not some of the expert opinion offered just adds to the general public’s confusion, and does not really help matters.
Continue reading

Security Predictions

23 Dec

At this time of year, it seems that one of the duties of a CTO of a security company to make predictions about the year ahead.
My prediction is somewhat generic, followed by a wish list. Please help me with my wish list, so we can prevent my prediction!

Continue reading

Logging on is becoming too hard to do securely

2 Apr

Unique passwords, unique user names, lie about your personal information, secure your recovery email, two factor authentication, OAuth caching.
ARRGGGHHH, all I want to do is log on.

Continue reading

How a strong BYOD password can make identity theft easier

21 Sep

I regularly take a train journey into London, it takes about an hour an a half.
During this time I learn a great deal from reading, not books, but the laptop of the person sitting next to me.
This is common problem, talked about in many blogs – but on a recent journey I came across a new variant!

Continue reading