Over the last few years, tech enthusiasts have been encouraging the BYOD or Bring Your Own Devices as a concept in corporate environment firstly to reduce the costs and then to bring in more convenience to the employees in operating in a seemless fashion at Office and Out of Office. Over time, some are even suggesting “Bring Your Own Cloud” to encourage employees using their own cloud storage even for storing corporate data assets handled by them.
However, security professionals have always raised a red flag for such innovative measures since it is a security nightmare to manage the IS principles of protecting the confidentiality of information.
Companies have tried to manage the issue with a firewall control that checks the integrity of the device every time it is connected to the corporate network. But this is hardly sufficient security for the risk of possible deliberate or inadvertent misuse of the device when it is connected to other networks at home or in public and the possibilities of stealth viruses sneaking in. The only control for such possibilities is the updated anti virus which may however be updated only when connected to the corporate network and cannot prevent a zero day malware getting in in between the two working days when the device is off the corporate network.
Now the risks are expanding with mobile phones becoming smarter than what they should. There are malwares that are known to activate the microphone or camera and record conversations in the vicinity and send them out through the network to some command and control center for futher exploitation. This was countered by the companies trying to ban use of mobiles in some sensitive operational areas in the company though many ignore such precautions.
Now, in an interesting security measure, the UK Government has banned the wearing of “Apple Watch” in cabinet meetings since it is considered a spying threat.
In the Corporate world, the use of “Wearables” is the next craze and one can see all top executives looking smart with smart wearables to monitor their health and substitute the use of mobiles for some functions such as checking on messages. There is no doubt that today most of us check the messages on the mobile more often than checking time on the watch and hence it makes sense to display the messages on the wearable watch.
But it is time to recognize that Companies need to start the practice of discouraging too much of gadgetry to be brought by the employees into the sensitive corporate environment putting the security at risk. At the same time it is time to add the “Wearables” to the list of monitored BYOD devices in the Corporate network.
When ITA 2008 undergoes the next revision, perhaps the Government needs to recognize the cyber crime threats arising out of such gadgets as part of the Cyber-eco system it should protect through legislation.
Naavi