Chapter 8 Interactive Session: Technology: BYOD: A Security Nightmare? What kinds of security problems do mobile computing devices pose?

Computer Networking: A Top-Down Approach (7th Edition)
7th Edition
ISBN:9780133594140
Author:James Kurose, Keith Ross
Publisher:James Kurose, Keith Ross
Chapter1: Computer Networks And The Internet
Section: Chapter Questions
Problem R1RQ: What is the difference between a host and an end system? List several different types of end...
icon
Related questions
Question

Chapter 8 Interactive Session: Technology: BYOD: A Security Nightmare?

What kinds of security problems do mobile computing devices pose?  

INTERACTIVE SESSION: TECHNOLOGY
BYOD: A Security Nightmare?
share files. There are also many instances where
employees are using Dropbox to store and exchange
files without their employers' approval. In early 2015
Dropbox had to patch a security flaw that allowed
cyberattackers to steal new information uploaded
to accounts through compromised third-party apps
that work with Dropbox services on Android devices.
There's very little a company can do to prevent
employees who are allowed to use their smartphones
from downloading corporate data so they can work
on those data remotely.
Text messaging and other mobile messaging tech-
nologies are being used to deliver all kinds of scam
campaigns, such as adult content and rogue phar-
macy, phishing, and banking scams, and text mes-
sages have been a propagation medium for Trojan
Bring your own device has become a huge trend,
with half of employees with mobile computing tools
at workplaces worldwide using their own devices.
This figure is expected to increase even more in the
years to come. But while use of the iPhone, iPad, and
other mobile computing devices in the workplace
is growing, so are security problems. Quite a few
security experts believe that smartphones and other
mobile devices now pose one of the most serious
security threats for organizations today.
Whether mobile devices are company-assigned or
employee-owned, they are opening up new avenues
for accessing corporate data that need to be closely
monitored and protected. Sensitive data on mobile
devices travel, both physically and electronically,
from the office to home and possibly other off-site
locations. According to a February 2016 Ponemon
Institute study of 588 U.S. IT and security profession-
als, 67 percent of those surveyed reported that it was
certain or likely that an employee's mobile access
to confidential corporate data had resulted in a data
breach. Unfortunately, only 41 percent of respon-
dents said their companies had policies for accessing
corporate data from mobile devices.
More than half of security breaches occur when
devices are lost or stolen. That puts all of the per-
sonal and corporate data stored on the device, as well
as access to corporate data on remote servers, at risk.
Physical access to mobile devices may be a greater
threat than hacking into a network because less
effort is required to gain entry. Experienced attack-
ers can easily circumvent passwords or locks on
mobile devices or access encrypted data. Moreover,
many smartphone users leave their phones totally
unprotected to begin with or fail to keep the security
features of their devices up-to-date. In the Websense
and the Ponemon Institute's Global Study on Mobil-
ity Risks, 59 percent of respondents reported that
employees circumvented or disabled security fea-
tures such as passwords and key locks.
Another worry today is large-scale data leakage
caused by use of cloud computing services. Employ-
ees are increasingly using public cloud services such
as Google Drive or Dropbox for file sharing and col-
laboration. Valiant Entertainment, Cenoric Projects,
horses and worms. A malicious source is now able
to send a text message that will open in a mobile
browser by default, which can be readily utilized to
exploit the recipient.
To date, deliberate hacker attacks on mobile
devices have been limited in scope and impact,
but this situation is worsening. Android is now the
world's most popular operating system for mobile
devices with 81 percent of the global market, and
most mobile malware is targeted at the Android plat-
form. When corporate and personal data are stored
on the same device, mobile malware unknowingly
installed by the user could find its way onto the cor-
porate network.
Apple uses a closed "walled garden" model for
managing its apps and reviews each one before
releasing it on its App Store. Android applica-
tion security has been weaker than that for Apple
devices, but it is improving. Android application
security uses sandboxing, which confines apps, mini-
mizing their ability to affect one another or manipu-
late device features without user permission. Google
removes any apps that break its rules against mali-
cious activity from Google Play, its digital distribu-
tion platform that serves as the official app store for
the Android operating system. Google also vets the
backgrounds of developers. Recent Android security
enhancements include assigning varying levels of
trust to each app, dictating what kind of data an app
can access inside its confined domain, and providing
a more robust way to store cryptographic credentials
Vita Coco, and BCBGMAXAZRIAGROUP are among
the companies allowing employees and freelance
contractors to use Dropbox for Business to post and
used to access sensitive information and resources.
Transcribed Image Text:INTERACTIVE SESSION: TECHNOLOGY BYOD: A Security Nightmare? share files. There are also many instances where employees are using Dropbox to store and exchange files without their employers' approval. In early 2015 Dropbox had to patch a security flaw that allowed cyberattackers to steal new information uploaded to accounts through compromised third-party apps that work with Dropbox services on Android devices. There's very little a company can do to prevent employees who are allowed to use their smartphones from downloading corporate data so they can work on those data remotely. Text messaging and other mobile messaging tech- nologies are being used to deliver all kinds of scam campaigns, such as adult content and rogue phar- macy, phishing, and banking scams, and text mes- sages have been a propagation medium for Trojan Bring your own device has become a huge trend, with half of employees with mobile computing tools at workplaces worldwide using their own devices. This figure is expected to increase even more in the years to come. But while use of the iPhone, iPad, and other mobile computing devices in the workplace is growing, so are security problems. Quite a few security experts believe that smartphones and other mobile devices now pose one of the most serious security threats for organizations today. Whether mobile devices are company-assigned or employee-owned, they are opening up new avenues for accessing corporate data that need to be closely monitored and protected. Sensitive data on mobile devices travel, both physically and electronically, from the office to home and possibly other off-site locations. According to a February 2016 Ponemon Institute study of 588 U.S. IT and security profession- als, 67 percent of those surveyed reported that it was certain or likely that an employee's mobile access to confidential corporate data had resulted in a data breach. Unfortunately, only 41 percent of respon- dents said their companies had policies for accessing corporate data from mobile devices. More than half of security breaches occur when devices are lost or stolen. That puts all of the per- sonal and corporate data stored on the device, as well as access to corporate data on remote servers, at risk. Physical access to mobile devices may be a greater threat than hacking into a network because less effort is required to gain entry. Experienced attack- ers can easily circumvent passwords or locks on mobile devices or access encrypted data. Moreover, many smartphone users leave their phones totally unprotected to begin with or fail to keep the security features of their devices up-to-date. In the Websense and the Ponemon Institute's Global Study on Mobil- ity Risks, 59 percent of respondents reported that employees circumvented or disabled security fea- tures such as passwords and key locks. Another worry today is large-scale data leakage caused by use of cloud computing services. Employ- ees are increasingly using public cloud services such as Google Drive or Dropbox for file sharing and col- laboration. Valiant Entertainment, Cenoric Projects, horses and worms. A malicious source is now able to send a text message that will open in a mobile browser by default, which can be readily utilized to exploit the recipient. To date, deliberate hacker attacks on mobile devices have been limited in scope and impact, but this situation is worsening. Android is now the world's most popular operating system for mobile devices with 81 percent of the global market, and most mobile malware is targeted at the Android plat- form. When corporate and personal data are stored on the same device, mobile malware unknowingly installed by the user could find its way onto the cor- porate network. Apple uses a closed "walled garden" model for managing its apps and reviews each one before releasing it on its App Store. Android applica- tion security has been weaker than that for Apple devices, but it is improving. Android application security uses sandboxing, which confines apps, mini- mizing their ability to affect one another or manipu- late device features without user permission. Google removes any apps that break its rules against mali- cious activity from Google Play, its digital distribu- tion platform that serves as the official app store for the Android operating system. Google also vets the backgrounds of developers. Recent Android security enhancements include assigning varying levels of trust to each app, dictating what kind of data an app can access inside its confined domain, and providing a more robust way to store cryptographic credentials Vita Coco, and BCBGMAXAZRIAGROUP are among the companies allowing employees and freelance contractors to use Dropbox for Business to post and used to access sensitive information and resources.
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 3 steps

Blurred answer
Recommended textbooks for you
Computer Networking: A Top-Down Approach (7th Edi…
Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON
Computer Organization and Design MIPS Edition, Fi…
Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science
Network+ Guide to Networks (MindTap Course List)
Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning
Concepts of Database Management
Concepts of Database Management
Computer Engineering
ISBN:
9781337093422
Author:
Joy L. Starks, Philip J. Pratt, Mary Z. Last
Publisher:
Cengage Learning
Prelude to Programming
Prelude to Programming
Computer Engineering
ISBN:
9780133750423
Author:
VENIT, Stewart
Publisher:
Pearson Education
Sc Business Data Communications and Networking, T…
Sc Business Data Communications and Networking, T…
Computer Engineering
ISBN:
9781119368830
Author:
FITZGERALD
Publisher:
WILEY