Be the first to like this
Key message in this talk that Mobile Security goes beyond buying the right hardware. First of all I show that BlackBerry’s architecture is fundamentally insecure and should be avoided at all costs: it introduces a very easy attackable object in the infrastructure with many credentials on board. This is in contrast to the very convincing argument of BlackBerry that the devices are secure: generally people forget the vulnerability of the entire corporate infrastructure which is being exposed through the BES. Second point is that strict control of physical devices is unnecessary and even counterproductive. By being too restrictive you see people bypassing all policies and still fill their unprotected devices with confidential data. By introducing a more liberal “bring your own toys” security policy, combined with the right kind of policies on the Exchange server, you get a grip on these rogue devices. By doing so a comany can improve overall security while reducing friction with company employees.