The Overlooked Vulnerability: BYOD Adoption Tests Enterprise Network Security


Published on

With the explosive growth in smartphone sales in recent years, employees in every global industry increasingly utilize their personal devices for work purposes in today’s connected world. Leveraging personal devices for work purposes, a practice termed bring your own device (BYOD), holds much potential to empower employee productivity. However, mobile devices are progressively targeted by hackers, leaving compromised devices as potential entry points into enterprise networks containing sensitive and proprietary business information. This briefing will discuss the criticality of this threat and compare various solutions to the BYOD security challenge.

Insight to gain from this webinar:

- Emerging risks associated with BYOD practices
- Available mobile security solutions and the potential for convergence
- Best practices in mobile security

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The Overlooked Vulnerability: BYOD Adoption Tests Enterprise Network Security

  1. 1. The BYOD Threat Facing the EnterpriseThe BYOD Threat Facing the Enterprise NetworkNetwork Secure Mobile Strategies Minimize Risk and Improve ProductivitySecure Mobile Strategies Minimize Risk and Improve Productivity Chris Rodriguez, Industry Analyst Network Security August 28, 2013 © 2012 Frost & Sullivan. All rights reserved. This document contains highly confidential information and is the sole property of Frost & Sullivan. No part of it may be circulated, quoted, copied or otherwise reproduced without the written approval of Frost & Sullivan.
  2. 2. 2 Today’s Presenter •Experience base in the information and communication technologies (ICT) sector, specializing in the areas of: Enterprise firewall, next generation firewall (NGFW) and unified threat management (UTM), vulnerability management, vulnerability research, intrusion prevention systems (IPS), network access control (NAC), endpoint security software •Six years of Industry Analyst experience Chris Rodriguez Industry Analyst Frost & Sullivan Follow me on:
  3. 3. 3 Focus Points • Why the Urgency? • But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales • Real Talk: Security is Not Easy • What are my Options? • But What Does This Mean for Me? • Q and A • Poll Results and Conclude
  4. 4. 4 Poll Question Why are you interested in mobile security? A. To empower employee mobility and productivity with secure BYOD strategies B. To defend against the mobile threat vector C. To achieve compliance with regulatory requirements D. To enhance asset management processes
  5. 5. 5 Why the Urgency? • The explosive growth in mobile device sales is unmanageable • Your organization cannot avoid the BYOD and mobility trend • BYOD introduces more risk Source: Frost & Sullivan Analysis.
  6. 6. 6 But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales Mobile malware is real and becoming commoditized. 1. There is no such thing as a secure operating system 2. Android operating system has more malware than Apple iOS devices 3. Mobile malware is becoming more commoditized and more pervasive Source: The Android Malware Genome Project and Frost & Sullivan Analysis
  7. 7. 7 But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales (continued) Source: Frost & Sullivan analysis. Mobile devices are platforms to transmit traditional malware and APTs, even through legitimate apps such as Dropbox. 1. These apps are bypassing email security and firewall inspection points 2. Legitimate apps can be leveraged by advanced persistent threats
  8. 8. 8 But iPhones (and Other Mobile Devices) Are Impervious to Malware, and Other Fairy Tales (continued) Mobile fraud is everyone’s problem. 1. Greyware can push ads, or collect a little bit too much information, or charge for premium services 2. It is easy to overlook these excessive permissions or these disclaimers 3. BYOD practices ensure that fraudulent activity also affects businesses Source: Frost & Sullivan analysis.
  9. 9. 9 Real Talk: Security is Not Easy Mobile threats require holistic solutions including data, device, and network protection. 1. Mobile devices present many challenges because of their ubiquitous and always connected nature 2. Mobile security has elements of data security, device security, and network- based protection Source: Frost & Sullivan analysis.
  10. 10. 10 Real Talk: Security is Not Easy (continued) Mobile security cannot impede the end-user experience. 1. The biggest challenge is to avoid reducing functionality and accessibility 2. Some solutions separate the corporate data from personal data using a concept of containers or application wrapping Source: Frost & Sullivan analysis.
  11. 11. 11 Real Talk: Security is Not Easy (continued) Budgetary constraints. 1. Ideally, mobile and BYOD security will follow a defense-in-depth strategy 2. Many organizations cannot afford large deployments of cutting- edge security technologies Source: Frost & Sullivan analysis.
  12. 12. 12 What are my Options? Network security solutions – NAC, NGFW, data protection. 1. NGFW adds much more contextual data with which to create policies 2. Content security solutions follow a data-centric approach with decisions being made for particular sets of data 3. NAC is a powerful tool that enables companies to leverage comprehensive and real-time endpoint intelligence in their access policies Source: Frost & Sullivan analysis.
  13. 13. 13 What are my Options? (continued) Mobile endpoint security software – e.g. Symantec, Webroot, McAfee, and ESET. 1. Protects against threats and malware 2. Helps end-users to understand which apps are high risk 3. Also protects against theft and loss Source: Frost & Sullivan analysis.
  14. 14. 14 What are my Options? (continued) MDM offers some security but no native cyber threat protection capabilities. 1. MDM is focused on asset management capabilities including user identity management and remote management capabilities 2. A proper mobile endpoint security strategy will involve a combination of endpoint-based security software in tandem with network-based tools Source: Frost & Sullivan analysis.
  15. 15. 15 But What Does This Mean for Me? Information security is a team sport from consumers to enterprise organizations to security vendors. 1. Unfortunately, the hackers are getting really good at this team sport 2. Further education is necessary to ensure that users understand the risks associated with jailbreaking and rooting their devices, and side-loading apps 3. BYOD means securing the devices that they do not control or own using network-based solutions Source: Frost & Sullivan analysis.
  16. 16. 16 But What Does This Mean for Me? (continued) Mobile device security is a critical Greenfield opportunity for traditional security companies. 1. Low-priced security apps enable consumers to try multiple solutions 2. Smaller vendors with quality security apps can quickly gain a large install base and make a strong brand name in the security industry Source: Frost & Sullivan market study entitled Analysis of the Global Mobile Endpoint Protection Market, 2013.
  17. 17. 17 But What Does This Mean for Me? (continued) Security vendors are developing MDM capabilities so MDM vendors must partner with or acquire security capabilities. 1. MDM vendors lack experience with threat prevention and malware detection capabilities 2. Endpoint security companies are developing MDM capabilities for their solutions Source: Frost & Sullivan analysis.
  18. 18. 18 Questions and Answers
  19. 19. 19 Next Steps Develop Your Visionary and Innovative Skills Growth Partnership Service Share your growth thought leadership and ideas or join our GIL Global Community Join our GIL Community Newsletter Keep abreast of innovative growth opportunities Phone: 1-877-GOFROST (463-7678) Email:
  20. 20. 20 Your Feedback is Important to Us Growth Forecasts? Competitive Structure? Emerging Trends? Strategic Recommendations? Other? Please inform us by “Rating” this presentation. What would you like to see from Frost & Sullivan?
  21. 21. 21 Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter
  22. 22. 22 For Additional Information Britni Myers Corporate Communications ICT (210) 477-8481 Chris Rodriguez Industry Analyst ICT (210) 477-8423 Michael Suby VP of Research ICT Stratecast (720) 344-4860 Craig Hays Sales Manager ICT (210) 247-2460