Writing for ComputerWeekly, Warwick Ashford confirms that cyber attackers are increasingly exploiting vulnerabilities in mobile computing to infiltrate corporate networks.
“Most organizations are allowing employees to access corporate data from mobile devices, but with varying levels of security controls and a varying mix of company and employee-owned devices,” said Ashford. “This varies from sector to sector and from country to country.”
Rambus vice president of Information Technology Mark Grimse concurs with Ashford’s assessment, emphasizing that it is difficult for many organizations to maintain the delicate balance between BYOD security and usability.
“Of course it is easier for a company or organization to take the easy way out and completely ban the practice of BYOD,” Grimse told Rambus Press on the sidelines of a recent mobile security symposium held at VMware’s HQ. “However, this is somewhat of an unreasonable approach in 2014 – and actually has been for quite some time.”
According to Grimse, Rambus encourages and promotes innovation, although it obviously recognizes security as an important part of the IP equation.
“Clearly, personal mobile devices such as smartphones and tablets differ significantly from a laptop, which, for many corporations, remains very enterprise focused and almost exclusively used for business applications,” Grimse explained.
“This contrasts sharply with mobile devices offering a much more personal, interactive experience. Remember, some app stores inadvertently stock malware packed with nefarious goodies on their virtual shelves. So what does it boil down to? Swipe, touch and infect. Three simple steps – that’s all it takes to compromise a BYOD.”
As Grimse notes, the threat landscape is much greater on BYOD mobile devices than traditional laptops.
“I think we all can agree mobile users probably won’t be limiting themselves to editing a document or updating a spreadsheet. Moreover, employees take their smartphone everywhere, whereas a laptop generally remains at home, locked in a hotel room or stored in the trunk of a car,” he continued.
“Mobile is everywhere, which means it is far easier to pick up unwanted hitchhikers, especially since many apps require broad permissions as well as access to other software. So it can be quite challenging to build and maintain a layered security approach to counter advanced persistent threats (APT) in an age rife with industrial espionage. In short, I probably wouldn’t have a problem with a CFO reviewing confidential statements in his living room. However, I definitely wouldn’t want the CFO to read the same document in a hotel room abroad, at least not without implementing pre-determined security protocols.”
At the end of the day, says Grimse, Rambus achieves a precise balance between security and usability by carefully choosing the level of corporate data access on employee tablets and smartphones.
“We work with our employees to raise awareness of an evolving threat landscape, particularly with respect to preventing spear phishing. This is characterized by a careful rollout of BYOD services paired with the active role our employees play in helping to maintain a secure computing in a dynamic business environment. In addition, we believe implementing a hardware root of trust in mobile devices is the most effective way to protect gigabytes of sensitive data from unauthorized access. Essentially, we take a holistic approach to security at Rambus,” he concluded.