Your BYOD Security Cheat Sheet


By David Abbou - Nov-11-2014

Regardless of whether you work in the IT field or not, technology has likely changed the way you work in recent years and consequently bombarding you with a seemingly endless combination of alphabet soup and tech mumbo jumbo that might overwhelm and cloud (pun intended) all you really need to know about handling the freedom and responsibilities that come with the Bring Your Own Device phenomenon. With that in mind, this cheat sheet will help you or your less tech savvy colleagues understand the phenomenon and industry behind it.

Free @ Last: The BYOD Industry

Enterprise Mobility: The trend towards employees working out of the office and using mobile devices and cloud services to access corporate resources and perform business tasks.

Bring Your Own Device (BYOD): This is the policy to make enterprise mobility happen and can differ greatly from one company to the next. At the heart of this trend is letting employees work on their personally-owned mobile devices such as smartphones, tablets and laptops to connect to corporate network resources and access corporate information.

BYOD Policy: A set of rules designed to effectively govern IT management’s implementation of BYOD. These policies vary depending on the organization’s specific size, budget and security considerations.

Choose Your Own Device (CYOD): Like BYOD, CYOD lets employees use smartphones and tablets to get work done. But the employees must choose a device from a pre-approved list. Some companies have chosen this route to give IT more control and cut down on the security risks posed by different device types. Devices have security software and settings pre-installed.

Mobile Security Threats

Malware: Malicious software appearing to be executable code, scripts and other software that disrupts computer operation, gather sensitive information, or gains access to private computer systems. ’Malware’ is a general term used to refer to a variety of forms of hostile or intrusive software.

Phishing: Scams that use social engineering and computer programming to lure email recipients and web users into visiting fake sites in order to steal private and sensitive information such as credit card numbers, personal identification and account usernames and passwords. No longer bound to email, phishing scams are now using cloned mobile applications to dupe users and acquire their personal and financial data.

Man-in-the-Middle (MITM) attack: Attackers use an MITM to create false connections between two parties relaying fake messages between them. They intercept and record all messages that follow between the two parties and impersonate each party convincingly enough to gain confidential information from one or both of the victims.

Common Vulnerabilities

Vulnerability: A mistake in software that can be directly used by hackers to gain access to a system or network and violate a system security policy. These flaws allow attackers to execute commands as another user, access restricted data, impersonate another entity and cause a denial of service. There are both known and unknown vulnerabilities.

Known vulnerabilities: Once found, vulnerabilities are published and given a unique ID number, or
CVE identifier
. Even after being discovered devices need to patched in order to nullify the threat.

Unknown vulnerabilities: Vulnerabilities that simply haven’t been found yet. These gaps are often exposed so early that there has been no time for developers to patch the flaw before attackers can exploit it. This leaves applications and OSs prone to Zero-day attacks. Once the vulnerability has been found, developers need to work on a patch and distribute across the devices.

Zero-day attack: When unknown vulnerabilities are discovered and systems are attacked because programmers have not had sufficient time to realize and apply a patch. Zero-day attackers often sell information to government agencies for use in cyber warfare.

BYOD Security Solutions

Enterprise Mobility Management (EMM): The management and deployment of technology, processes and policies to manage mobile devices, wireless networks and related services relevant to an organization.

Mobile Application Management (MAM): A security management designed to secure software products, specifically mobile apps on smartphones, tablets and other mobile devices.

Mobile Device Management (MDM): Security software used by an IT department to monitor, manage and secure employees’ mobile devices that are deployed across multiple mobile service providers and mobile operating systems being used in the organization. Often combined with additional security services as part of a complete Enterprise Mobility Management solution.

Mobile Information Management (MIM): MIM describes cloud-based services like Dropbox and Google Drive that sync files and documents across different devices. There are also on-premise enterprise versions of these products available to store corporate data.

Virtual Desktop Infrastructure (VDI): Virtualization architecture that typically runs a Microsoft Windows operating system and reflects corporate apps and data onto desktop computers and laptops using remote display protocol.

Virtual Mobile Infrastructure (VMI): Sometimes referred to as “mobile-based VDI”, VMI is a security technology that runs an Android operating system on a cloud-based remote server or company datacenter and uses a remote display protocol to transfer all corporate data and apps to mobile devices. By using a thin client to display a flat image on devices, no actual corporate data is stored on the devices themselves. VMI was created specifically for enterprise mobility and BYOD organizations.

Dual-Persona: A technology that creates two separate environments on one device; one for IT to manage enterprise data and the other for the user to manage personal files and apps. This requires storing corporate data in a container on the device.

Multi-Persona: A device management platform that separates more than two environments on one device mainly to secure corporate data on the device.

Containerization: A technology used by EMM and MDM solutions to separate data and apps on a device. Corporate apps on the device are stored in a separate area that is password protected and encrypted.

App wrapping: MAM solutions initially used this approach to secure apps for corporate use by applying a management layer to mobile apps. This process allows administrators to add extra security features and modify apps to require connection to the VPN or further authentication using a local passkey.

Virtual Private Network (VPN) Tunnel: EMM products wrap data between the mobile apps and the corporate server inside a VPN connection to improve security and avoid data being captured by external intruders.