@DXWorldExpo Authors: Elizabeth White, Pat Romanski, Yeshim Deniz, Liz McMillan, William Schmarzo

Blog Feed Post

BYOD will always be trade-off between convenience and security says Context

New research highlights limitations of leading Mobile Device Management solutions: Airwatch Blackberry Universal Device Service and Good for Enterprise

11 October 2013: Research by independent security consultancy Context Information Security has revealed limitations in current Mobile Device Management (MDM) solutions for Bring Your Own Device (BYOD) implementations. The report published today also concludes that BYOD will always be a trade-off between convenience and security as devices can only be locked down so much before users chose not to opt-in to the scheme.

Context researchers looked at three leading MDM solutions, Airwatch, Blackberry Universal Device Service and Good for Enterprise, when used with Android and iOS mobile devices. While they were all found to provide good levels of BYOD security, like all MDMs they are limited in what they can achieve by the underlying operating systems.

For example, MDM solutions in a BYOD environment cannot prevent unknown malicious applications from recording sound via the phone's microphone or tracking user location using the built in GPS. And while Jailbreak/Root detection is implemented by all the MDM solutions reviewed, they work in very much the same way as antivirus, only detecting known Jailbreak/Root methods and applications, which are often trivial to bypass by technical users or malicious hackers. Implementation weaknesses of MDM solutions may also inadvertently leak sensitive information and users can compromise security by downloading apps and disregarding operating system permissions requested by the applications.

"There is no realistic way to guarantee the security of a workable BYOD environment, but organisations can take significant steps towards mitigation of security risks if they combine technical security controls with clearly defined acceptable use policies," said Alex Chapman, Senior Consultant at Context. "To fully lock down these devices, a combination of fully restrictive MDM policies and network controls such as corporate firewalls and web proxies need to be implemented and enforced. But MDM solutions can only lock down mobile devices to the extent that underlying operating systems will permit and BYOD implementations can only lock down devices to a level that users are willing to accept."

The Context White Paper, available to download at www.contextis.co.uk/research/white-papers details the assessment of the three MDMs investigated and summarised below:

The Airwatch MDM solution provides access to corporate email via Exchange Active Sync and corporate documents, and MDM management via a dedicated MDM server within an organisation.
Pros: Provides advanced security settings on Android devices which support manufacturer extended APIs along with MDM management features over and above the built-in operating system features
Cons: No dedicated corporate email application on iOS devices; separate document viewer, email client and MDM applications; and relies heavily on external applications for viewing documents which can lead to data leakage

A number of encryption implementation and data leakage weaknesses were identified by Context during the review of the Airwatch MDM solution, which have been reported to Airwatch for remediation.

Blackberry Universal Device Service
The Blackberry Universal Device Service (UDS) solution provides MDM management and data access via dedicated Blackberry servers within an organisation. Blackberry UDS can extend existing Blackberry Enterprise Service infrastructure in order to manage Android and iOS devices.
Pros: Integrates into existing Blackberry Enterprise Service infrastructure and provides good authentication settings for enterprise data
Cons: Provides only basic MDM management features available in the operating systems built-in to the devices

Good for Enterprise
Good For Enterprise provides enterprise data and email access via a Good Network Operations Centre (NOC), which communicates with a dedicated Good server within an organisation. All MDM devices communicate with the Good NOC which relays data between a managed mobile device and the organisation.
Pros: Dedicated email and document viewer for office and PDF files and good authentication settings for enterprise data
Cons: All traffic must traverse a Good NOC, which could expose enterprise data to regulatory requirements of the country of residence of the NOC

The Airwatch and Good for Enterprise solutions were chosen based on Magic Quadrant market data available from Gartner, while the Blackberry solution was assessed because of the large number of organisations with a current Blackberry environment being repurposed for mobile device management.

"BYOD implementations carry an inherent risk and while fully restrictive security policies are possible to configure with corporately owned and maintained devices, ultimately these restrictions are unrealistic in a BYOD environment," said Context's Alex Chapman. "A successful BYOD implementation requires a fine balance of usability and security to ensure an appropriate level of user buy-in. Insecure settings, device use and software update frequency can all affect the security of the device and in turn, corporate data in a BYOD environment."

About Context
Context was launched in 1998 and has a client base that includes some of the world's most high profile blue chip companies, alongside government organisations. An exceptional level of technical expertise underpins all Context services, while a detailed and comprehensive approach helps clients to attain a deeper understanding of security vulnerabilities, threats or incidents. The company's strong track record is based above all, on the technical skills, professionalism, independence and integrity of its consultants.

Many of the world's most successful organisations turn to Context for technical assurance, incident response and investigation services. Context is also at the forefront of research and development in security technology. As well as publishing white papers and blogs addressing current and emerging security threats and trends, Context consultants are frequently invited to present at open and closed industry events around the world. Context delivers a comprehensive portfolio of advanced technical services and with offices in the UK, Germany and Australia, is ideally placed to work with clients worldwide.


For more information for editors, please contact:
Peter Rennison / Allie Andrews
PRPR, Tel + 44 (0)1442 245030 / 07831 208109
[email protected] / [email protected]

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

DXWorldEXPO Digital Transformation Stories
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Apptio fuels digital business transformation. Technology leaders use Apptio's machine learning to analyze and plan their technology spend so they can invest in products that increase the speed of business and deliver innovation. With Apptio, they translate raw costs, utilization, and billing data into business-centric views that help their organization optimize spending, plan strategically, and drive digital strategy that funds growth of the business. Technology leaders can gather instant recomm...
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
After years of investments and acquisitions, CloudBlue was created with the goal of building the world's only hyperscale digital platform with an increasingly infinite ecosystem and proven go-to-market services. The result? An unmatched platform that helps customers streamline cloud operations, save time and money, and revolutionize their businesses overnight. Today, the platform operates in more than 45 countries and powers more than 200 of the world's largest cloud marketplaces, managing mo...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...