Mobile security is becoming a huge concern for the business and enterprise world as the BYOD discussion is an expensive one – either companies enforce a corporate owned device or they pay the monthly plans for BYOD.
What should you do? At this point, there are a few options, as it falls firmly in the realm of data sensitivity and overall preference (ease of use). Most companies strictly enforce sandboxed applications on personally owned devices, like the email client ‘GOOD’. This prevents some functionality once the application is opened and requires strict security measures to be activated on the device. This is the common approach to DLP (Data Loss Prevention) concerns but it isn’t the best solution. It would become increasingly difficult to cater to several providers and restrict plan costs, and the management of such a system would be cumbersome.
Conversely, companies will purchase several brands of devices (covering each operating system) and offer those to employees. This method allows the organization to control the image on the device and a list of approved applications to be installed – it also allows the user to install his/her own applications onto the device. This is often referred to as a “corporate owned, personal use” device. The issue with this model comes with the legal ramifications of taking the device or copying (backups) the contents, as per security policies, but this can violate PIPEDA or PHIPA.
This topic should be discussed at the technical level and security policies need to fully address the legal element of this technology.
We are happy to help, contact the CDW Security Team!
We must be vigilant, we must be ready, and most of all, we must be educated!
Adam Zimmerman, Security Solutions Architect
With over six years of experience in the technology industry, Adam’s experience covers information security operations, cyber security advisory, penetration testing, and advanced exploitation. Adam’s primary focus is helping organizations build strong security practices and prepare for potential attacks.
Adam holds a Masters in IT Security from the University of Ontario Institute of Technology, where he successfully developed a malware classification tool with a security firm based in Ottawa. Additionally, he has worked on several cyber consulting engagements as a lead security researcher and was able to develop an exploit for the FAA’s NextGen Air Traffic Control Management System.
Adam currently serves in the Canadian Armed Forces as a Second Lieutenant where he holds a command position as a Troop Commander for 32 Combat Engineer Regiment of Toronto; specializing in mobility denial and facilitation, tactical breaching, controlled munitions disposal, and various humanitarian support operations.