Heilbronn (GER), Dezember 2016 - Stefan Strobel is Managing Director of cirosec GmbH. He has twenty years of experience in consulting large companies with very high security requirements and in the formulation of concepts and policies. At LEARNTEC, Stefan Strobel will address the question of how security vulnerabilities that may result from the use of mobile devices and applications can be avoided or resolved.
What potential security vulnerabilities exist despite the use of company-owned smartphones or tablets?
Stefan Strobel: Independent of the use of mobile devices in the eLearning environment, smartphones and tablets create new security threats that each company has to evaluate for itself. These include, for example, the inadvertent leak of confidential data via mobile devices or unauthorized access to the company’s internal infrastructure via the devices and the login data stored on them.
The assessment of these potential threat scenarios depends heavily on the type of use, the design of the infrastructure, and the specific device. Although in recent years Apple devices had a putative security advantage over Android-based phones, new versions of the latter have caught up.
The threats actually have little to do with the use of eLearning. They begin with the inception of communication between the devices and the company servers and are also known to be related to the ubiquitous use of enterprise-based calendar and mail functions.
What can a company do to prevent BYOD-related security problems?
Stefan Strobel: Avoiding security problems begins with the selection of the devices permitted. Unfortunately, besides the operating system, the specific manufacturer and model must be looked at because - especially with Android devices - many of the devices’ security functions are not standardized. This also results in a typical BYOD-related problem because the company can hardly limit the permitted devices to a few individual models without undermining the basic idea of BYOD.
Likewise, corporate security depends on numerous settings that, logically speaking, the company should stipulate. This, too, creates a conflict of interests in regard to private devices, as users are rarely enthusiastic about giving control over important security settings to a third party, especially when it comes to control over the apps allowed.
Having said this, a standard configuration for all devices permitted by the company’s IT department via an MDM system is a typical basic requirement for corporate deployment of BYOD.
"Typical Security Problems with Smartphones, Tablets, and BYOD", Conference Room 8/9, 25 Jan 2017, 11:30-12:00