Bring Your Own Device Bring Your Own Data? Thursday 10th April 2014 Dai Davis Solicitor and Chartered Engineer Partner, Percy Crow Davis & Co Tel: 07785 771 721 E-mail: mail@daidavis.com
Overview BYOD in Context BYOD Benefits BYOD Risks and Threats Operating Systems Apps Other risks BYOD Security BYOD Policy, Guidance and Solutions
What do we mean by BYOD Types of device Smartphone Tablets and PC (Laptop) As with public/private/hybrid cloud : different policies / risks for each
Guidance in Sales Brochures (2) Vodafone Use device manager s lock and wipe Back-up data Create a SIM lock Install security (app) software Report lost or stolen phones See ICO guidance!
Devices being sold? (1 st ¼ 2013) Android -75.0% ios - 17.3% Windows Phone - 3.2% Blackberry OS 2.0% Linux 1.0% Symbian - 0.6% (Nokia phasing out) Others - < 0.1%
Devices in Corporate Use Decisive Analytics, August 2012 Android 69% Blackberry 69% Apple - ios 54% Windows 50% Symbian 24%
BYOD Benefits Staff satisfaction Empowerment, best of breed Flexibility => work harder! Competitive advantage Formal BYOD policy reduces staff work-around Tax break bicycles and childcare Health benefits?
Risks Operating Systems Operating systems Tablets and PC (Laptop) Better update / antivirus Blackberry Apple ios7 40 Nokia - Microsoft Android More than11,000 instantiations < 6½ % current (Source TrendMicro)
Apple: Linked In Calendar Data Caught using ios app to copy data from iphone and Android calendars on 5 June 2012 Subject, location, time of meeting and meeting notes One day later issued a miscellaneous bug fixes and Improvements in Calendar
HTC Issue Taiwanese manufacturer HTC 18 Million Android and Windows Mobile (not Windows 8) phones Not used reasonable security practices E.g. text-message toll fraud Charged by FTC (and settled) in February 2013
Other Device Governance Blackberry OS (RIM) - for sale! Do operate an approval scheme Similar to Apple? Windows Mobile No control over apps Nokia - Symbian now open source Tizen Samsung and Intel, Linux Foundation (OS), user consistency
App Issues Security Firm Lookout 47% of Android Apps 23% of Apple Apps Collect some form of user data May only be location data Research University of California ⅓rd ask for unnecessary permissions Blackberry BBM 17 permissions audio recording
Blackberry BBM App on Android 1 1. Your messages: Send SMS messages 2. Storage: Modify or delete the contents of your USB storage 3. Your location: Precise (GPS) location 4. Microphone: Record audio 5. Camera: Take pictures and videos 6. Your applications information: Retrieve running apps 7. Your personal information: Add or modify calendar events and send e-mails to guests without owners' knowledge, read calendar events plus confidential information 8. Your accounts: Add or remove accounts, create accounts and set passwords 9. Phone calls: Read phone status and identity
Blackberry BBM App on Android 2 10. Network communication: Control near-field communication, full network access 11. Your social information: Modify your contacts, read your contacts 12. System tools: Test access to protected storage 13. Affects battery: Control vibration 14. Your applications information: run at start up 15. Wallpaper: Set wallpaper 16. Network communication: View WiFi connections, view network connections 17. Your accounts: Find accounts on the device
Additional Risks and Threats E-mail risks do not distinguish between device Example: Phishing How robust is the Antivirus software? Additional threats Information-stealing malware Zitmo Apps
Additional Threats WiFi Loss E-mail phishing Insufficient management tools, access to APIs limits to core architecture for antivirus software Near Field Communication and proximity hacking
Bring Your Own Device Bring Your Own Data? Thursday 10th April 2014 Dai Davis Solicitor and Chartered Engineer Partner, Percy Crow Davis & Co Tel: 07785 771 721 E-mail: mail@daidavis.com