Android And BYOD – Two Evils That Are multiplying Risk To Your Company Data

  • Facebook
  • Twitter
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email

androidbyodWith the heightened spread of malware in the smartphone market, it seems like Android is going down the same road that PC did a few years ago. It is one of the occupational hazards of being so popular. Android is available to phone makers for free and its source is exposed, which means that anyone can use it – and misuse it. Google’s only way of screening apps on Google Play is by letting users review and rate them. This has led to hundreds of unsafe apps and has even prompted mobile carriers like Verizon to put their own Android app screening processes in place.

Android’s threat is very real since Android phones are in the hands of thousands of people across the world. The reality of this threat is only augmented when the concept of BYOD is brought into the picture. With blurring work-personal life lines, more employees are now turning towards BYOD – even large companies like IBM. An unsafe Android phone in the hand of one person is a threat, but when that same phone is brought inside the walls of an enterprise is becomes a disaster. Security analysts have predicted that 1 million high-risk Android apps are likely to enter companies, thanks to an infected operating system and lenient BYOD policies.

It is quite outrageous that, in spite of the increase in threats, companies are reducing the money they spend on security. That helps qualify recent studies that found that 92% of all incidents were identified are discovered by third parties, not by the company itself. 85% of all threats took up to two weeks to identify. This kind of speed and inaction could easily cost a company thousands of dollars, particularly if company employees are attaching their phones to the company network.

There are several tools that can help in these situations. A simple solution is to mandate that all employees that connect to the network should do so through a VPN SSL. This will ensure that all data transactions between the phone and the network are encrypted, and cannot be read by an invader. VPN software is usually available for free or really cheap. Other tools include MDM/MAM that remotely controls and manages all mobile devices, passwords, ACLs and Firewalls, Internet Security Suites and logfile alerts. A general level of security training among employees is also a very useful investment.

Subscribe to Comments RSS Feed in this post

One Response

  1. BYOD certainly presents serious security risks. One way to manage these security challenges is to separate data and applications from the end user devices. Data and applications can be securely hosted on VDI virtual desktops or on Microsoft RDS (Terminal Server) while mobile employees access those applications and desktops using HTML5-compatible browsers.

    That’s the idea behind solutions like Ericom AccessNow, an HTML5 RDP client that enables access to Windows applications and desktops from a browser. Basing access on the browser allows employees to get to their applications and data from iPads, iPhones, Android tablets and phones and other devices.

    Download this free white paper for some additional ideas on managing the mobile workforce:
    http://www.ericom.com/WP-MobileAccessSecurity.asp?URL_ID=708

    Please note that I work for Ericom

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*


× 9 = nine

Email
Print