Reading this on a mobile device? Try our optimized mobile version here:

December 15, 2011
Share|Sign up|Archive|Advertise

Spotlight on mobile security in a BYOD environment
As smartphones and tablets become more popular, employees increasingly expect to be able to use their favorite mobile devices at work. These devices have a variety of enterprise functions -- but they also come with security risks. As more companies adopt bring-your-own-device policies, they need to learn how to curtail data vulnerabilities without hampering productivity.

Once your company has adopted a BYOD policy, it can't put the genie back in the bottle. But your company can bring the chaos under control with a combination of sound management and cutting-edge tools. This special report looks at the problems presented by bring-your-own-device policies, as well as the steps companies can take to reduce the risks brought on by employee mobile devices.

We hope you enjoy this special report, share it with your colleagues and encourage them to sign up for the daily edition of SmartBrief on ExecTech.
Understanding the Challenges of BYOD 
  • What enterprises should expect from the consumerization of IT
    The world's workforce is becoming more mobile, with more workers using their own devices, creating new data risks and potential costs for businesses, Al Subbloie writes. Individual-liable devices will outnumber corporate-liable devices 99 million to 62 million by 2014, according to IDC. "Businesses will need to strategize how they can manage devices across the spectrum to prevent harmful security risks -- which begins with the employee," Subbloie writes. ZDNet (11/30) LinkedInFacebookTwitterEmail this Story
  • More employees mesh work and shopping, increasing cybercrime risk
    About a third of employees use the same mobile device for office tasks and for holiday shopping, a survey finds. Experts say that increases the risk that the employee will endanger company data by falling prey to cybercriminals. Companies must educate employees about the risks and make sure device-protection measures are up to date, experts warn. CNBC (12/12), USA TODAY (11/29) LinkedInFacebookTwitterEmail this Story
  • Experts foresee a rise in exploits targeting mobile devices
    Shipments of mobile devices are expected to exceed desktop computers and laptops in 2015, as businesses and consumers embrace the advantages of mobility; however, the added convenience could cost them in terms of security, experts say. Analysts predict the amount of malware targeting mobile applications will double next year, as hackers turn to more varied delivery methods such as Facebook and Twitter, while manufacturers of mobile devices and the businesses that use them struggle to keep pace with threats. CSO (11/27) LinkedInFacebookTwitterEmail this Story
  • Android apps show encryption weaknesses, report finds
    Android applications suffer from poor encryption, according to a report from Veracode. The company found that more than 40% of Android applications that failed initial testing relied on a hard-coded cryptographic key. "The problem is, once these keys are compromised, any security mechanisms that depend on the secrecy of the keys are then rendered ineffective," the company said. (12/7) LinkedInFacebookTwitterEmail this Story
Trust your software? While testing applications must be comprehensive, they should also be easy and cost-friendly. HP Fortify on Demand is a Security-as-a-Service testing solution that allows any organization to test the security of applications quickly, accurately, affordably and without any software to install or manage. Click here to read more.
Crafting a Device Policy 
  • Businesses need to look at BYOD policies from all angles
    Businesses considering whether to allow employees to use their own mobile devices for business purposes need to take into account several factors, Ramon Ray writes. Businesses should consider whether they could withstand even a small data breach before opening up their IT policies. Employers should also take into account how knowledgeable their workers are about their devices and make sure employees are aware of how to keep their device's security up to date, Ray writes. (11/16) LinkedInFacebookTwitterEmail this Story
  • Mobile security begins and ends with employees
    The best place to start assessing mobile risk is with the end user, Michael Davis writes. Start by analyzing who has access to what data and why, and make sure employees understand the warning signs of an infected device, Davis writes. As for the hardware itself, he writes, it's vital to have a plan for adding new and untested devices and to ensure that the ones being retired are adequately cleansed of data. InformationWeek (12/5) LinkedInFacebookTwitterEmail this Story
  • How businesses can limit their mobile-security exposure
    Businesses have their work cut out for them when trying to secure mobile devices used for company operations, but by following certain steps, they can greatly limit the threat of a breach, Michael Lustig writes. A comprehensive mobile-device management and security plan includes keeping an up-to-date inventory of authorized devices and installing remote "kill" capabilities that let administrators wipe lost or stolen devices. Companies also should maintain controls to limit unauthorized applications and work to separate personal and company data. (11/21) LinkedInFacebookTwitterEmail this Story
 Applications are mobile and in the cloud. Are they secure?
According to the National Institute for Standards and Technology, 92% of exploitable vulnerabilities are in software. Can your software be trusted? If the answer is anything but "yes," the HP Fortify Software Security Center is the solution to address your software security issues, reduce systemic risk and meet compliance goals. Read more here.

Enabling Device Management 
  • Ford brings in many departments to help ensure security for BYOD
    Implementing a bring-your-own-device policy requires companies to constantly react to a changing IT marketplace, Ford's Randy Nunez says. After a false start in 2007, Ford took a broad approach, assembling a management team from IT, legal, human resources and accounting to develop a secure program for e-mail on personal devices that balanced employee needs against company costs and concerns. ZDNet/UberMobile blog (12/7) LinkedInFacebookTwitterEmail this Story
  • Cloud, software offer different approaches to device management
    The software-focused approach to mobile-device management for desktop virtualization offers a high degree of sophistication but comes at a high price and requires extensive training, Elias Khnaser writes. Cloud-based solutions, however, have their own advantages, including the ability to offer security across multiple devices per employee, he writes. Some cloud-based approaches will secure sensitive data, while some will not. Insider blog (11/29) LinkedInFacebookTwitterEmail this Story
  • RIM gets into security for other companies' devices
    BlackBerry maker Research In Motion is known for its strong device-management platform, and now the company is offering device-management and security services for iOS and Android devices. BlackBerry Mobile Fusion brings into play RIM's BlackBerry Enterprise Servers, allowing companies to secure employee-owned devices from different manufacturers. GigaOm (11/29) LinkedInFacebookTwitterEmail this Story
  • Does your company allow employees to use their own mobile devices for work?

  • Does your company have a mobile-device management policy?

  • How concerned are you about employees' mobile devices as a potential source of data vulnerability?
Very concerned
Somewhat concerned
Not very concerned
Not at all concerned


SmartBrief delivers need-to-know news in over 100 targeted email newsletters to over 3 million readers. All our industry briefings are FREE and open to everyone—sign up today!
Aviation & Aerospace
Construction & Real Estate
Consumer Packaged Goods
Food Service
Health Care
Media & Entertainment
Travel & Hospitality

Subscriber Tools
Today's Brief - Permalink | Print friendly format | Web version | Privacy policy

Account Director:  Roger Leek (804) 803-1414
SmartBrief Community:
Recent SmartBrief on ExecTech Issues:   Lead Editor:  Susan Rush
Mailing Address:
SmartBrief, Inc.®, 555 11th ST NW, Suite 600, Washington, DC 20004
© 1999-2011 SmartBrief, Inc.® Legal Information