Tom Dean of Consulting Adventures joins Felicia for part three of the analysis on mobile devices and the problems with them.
- OKTA breach, IT admin’s password getting stored in gmail password synced manager
- Two-way problems. Personal on business and business on personal
- Lack of clarity around device wipe, device use policies, apps running on devices
- Compliance is easier when business owns the asset and delineation of ownership of asset and data is clear.
- If the configurations are not managed, the cost profile to the company is a lot higher.
- Credentials and MFA spill over in both directions
- Data compliance issues
- DLP and encryption issues
- Lack of ability to define device security settings like PINs
- How are you doing effective device configuration backups?
- How do you prevent malicious apps from being installed on the devices?
- How do you have leveraged support capabilities from the mobile devices?
- Asset inventory is mandatory
- Compliance costs can be drastically reduced by having company owned assets that only get approved applications. This is another reason why end users CANNOT have admin access.
- No VPN access until someone has been part of the company for 30 days.
- Onboarding and offboarding is crucial to information security
Information security is not a technical controls issue, it is a HR management issue.
Verizon fell for fake “search warrant,” gave victim’s phone data to stalker
https://arstechnica.com/tech-policy/2023/12/verizon-fell-for-fake-search-warrant-gave-victims-phone-data-to-stalker/
As if all that wasn't bad enough, if an employee of a company has issues in their personal life, it will spill over to business and especially in the context of allowed personal use of company assets.