“Wall of Sheep” sounds like an adorable Angry Birds clone involving woolly farm animals. But as I learned during BlackBerry Security Director Alex Manea’s webinar earlier today, it’s not cute at all: a huge televised projection at the annual Black Hat conference that displays the names and (partial) passwords of attendees using non-secured devices – into which other attendees have hacked.
It’s embarrassing frontier justice, but appropriate – Black Hat is the premier security hacker conference, and its attendees should know better. Alas, too many IT managers still fail to take steps to prevent simple hacks like the one above.
“I talk to lots of IT managers and many of them, when asked, can’t tell me exactly what their devices are connecting to,” Manea said during his presentation, entitled To BYOD or Not BYOD. “Well, if you don’t know, then you don’t know what your real risks are.”
(Quick plug for BES12: its two-factor authentication lets users of BlackBerry, iOS and Android devices securely log in via VPN to work servers with a quick finger tap.)
Part of the problem is the alphabet soup of today’s mobile deployment models, from BYOD and CYOD to COPE and COBO, that many IT managers continue to wrestle with. Manea laid out the advantages, risks and tradeoffs of each platform. For COPE (Corporate-Owned, Personally-Enabled), one risk is MDM software that does a poor job of separating work and personal data, while a tradeoff is the hassle of switching between the containers to access content that users would prefer to be unified (calendars being a good example).
Finally, for COBO (Corporate-Owned, Business Only), the tradeoff of strict management is the potential for unhappy users to revolt, installing workarounds such as insecure, non-approved cloud apps. For BYOD, risks include much-higher-than-expected total cost of ownership (due to diversity of devices) and security that is “only as strong as the weakest link,” said Manea.
You’ll also get automatic access to download a free, new 100-page e-book from BlackBerry: The Definitive Guide to Enterprise Mobile Security: Strategies and Tactics for Business and IT Decision-Makers.
This brand new resource will give you comprehensive strategies and actionable tips to help you deploy and manage mobile devices in a secure environment. (Or go straight to download the book at www.blackberry.com/SecurityeBook)
You can also register for these webinars hosted by BlackBerry security experts, who will stick around to answer your questions live: