Posted by Clay Miller, CTO, SyncDog
There is an old adage that says “when the tide goes out, you find out who’s swimming naked.” As it turns out, enterprise mobile security has been a party at a nude beach and no one even read the sign. Unfortunately, a recent report by Wandera has pulled the water miles from shore and may be signaling a tsunami. The report sheds light on facts that we at SyncDog have always known:
No Brand of Mobile Hardware Provides a Guarantee of Security
All operating systems are susceptible to vulnerabilities. Even though device manufacturers try hard to build secure environments, there is a big world of nefarious actors who work day and night to exploit any vulnerability they can find. The danger of that reality is that whenever attackers do find a security hole, it is almost certainly a creative exploit which remains unknown to OS makers. Once an exploit is discovered, manufacturers race to patch the leak. But fixes take time to build and even more time to deploy. During the window before discovery, during patch builds and prior to full deployment of patches, data is being lost and attacks are constantly occurring.
HTTPS Doesn’t Automatically Mean “Safe”
HTTPS provides security for the transport layer. Although TLS versions are vulnerable to exploit, it does provide some protection against man-in-the-middle attacks. However, that is the extent of HTTPS protection. Data stored on the device is still at risk and any data transmitted to the server is also vulnerable. This is why phishing attacks can steal sensitive information when submitted over the web, even via HTTPS.
Phishing Attacks Pose Serious Risks to Enterprise Data
Phishing attacks are becoming more and more sophisticated. Standing up fake websites that look exactly like the real thing is quite simple and many users are not familiar with checking URLs and other protections against phishing attacks. One click on the wrong link by an unsophisticated, or simply distracted, user can inject malware into the whole corporate network and put sensitive data at risk.
Users Who Are Unaware of How to Prevent Security Issues Are Doomed to Experience Them
Enterprises are full of different users with widely varying degrees of technical knowledge. Corporate training programs may or may not be absorbed by all employees. Certainly, best practices may not be followed, especially in a BYOD environment.
At SyncDog, creators of Secure.Systems, we understand the challenges of enterprise data protection. That is why we provide secure containers that avoid the vulnerabilities of operating systems, and protect data both in-transit and at-rest. BYOD deployments can be scary, but Secure.Systems containers can help users stay safe on both BYOD and corporate managed devices, providing security and IT teams peace of mind.