Published/updated: June 2014
By Jack Vile
By now we’ve all heard the term Bring Your Own Device (BYOD). This phenomenon is becoming increasingly popular as people have access to far more advanced consumer tech in their personal lives and wish to replicate this in the business environment.
As a result many are worried about the security of business data stored locally on devices. While this is a legitimate concern, that in reality also applies to company owned devices, there is a bigger threat – the credentials stored on mobile equipment. This was brought up in the recent X-Force document, a quarterly report on the state of cyber security published by IBM, and prompted me to consider the issue further.
Think about how many passwords are saved on the average smartphone. Whether it be email, mobile apps, web applications, or even simple web pages, there are probably quite a few because users like the convenience of immediate access. But what if the device is compromised? The bad guy(s) responsible now also gain immediate access to all of the same applications and services.
Now for the average smart device owner this may not be much of a concern. However when we consider who is currently using mobile technology in a business context, we find it’s a lot of execs or managers. Should their stored credentials fall into the wrong hands, potentially far more sensitive information could be accessed than that actually resident on the device. This could be anything from intellectual property to financial data all the way through to personal information.
This is a real risk, so how can it be dealt with? Below are solutions that represent a good starting point:
Of course besides managing people, technology can be also used to help minimise the risk. Relevant solutions include:
The main point is that the risk of stored credentials is often overlooked or set aside in the name of convenience. No matter how much users grumble, however, it is a threat that needs to be taken seriously. By not protecting yourself from these dangers you could provide the first step for more severe security breaches.
ORIGINALLY PUBLISHED BY
By Dale Vile
By Bryan Betts and Dale Vile
Yesterdays software delivery processes are not up to dealing with today’s demands, but modernising you approach is not just about implementing Agile, even creating a DevOps culture. You need to focus on some specific, hard-core principles. ...more
By Dale Vile & Jack Vile
Cloud services are increasingly becoming part of the IT delivery mix, but a recent study of 378 senior IT professionals suggests a parallel commitment to ongoing investment in the datacentre. This in turn shines a light on the key role of modern application platforms. ...more
By Tony Lock & Dale Vile
Despite the advent to cloud computing the datacentre remains central to corporate IT. But with demands continuing to escalate, how do you ensure your infrastructure is powered robustly and efficiently? ...more
By Bryan Betts
Many are exploiting cloud computing to drive business advantage, while others are enjoying the flexibility and efficiency of DevOps. But what happens if you use both together in a coordinated manner? The answer is a significant amplification of the benefits of each. ...more
By Dale Vile
Securing the applications and services that underpin your online and mobile presence is one thing, but keeping them secure secure on an ongoing basis is another. How well do your business execs understand this? ...more