BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Don’t Leave Mobile Devices Unchecked in the Enterprise

Posted May 21, 2012    Peter McCalister

In recent months, there has been a lot of publicity around BYOD (Bring Your Own Device). Respectfully, this forward thinking personalizes work culture for employees as well as provides cost savings by scratching mobile device purchases off the list of company spending. Since BYOD provides the opportunity for individuals to act as their own administrators in a sense, mobile security vulnerabilities pose an ever increasing challenge for many companies securing their sensitive data.

Leaving mobile security out of integrated security strategies opens your network to breaches, and with more people conducting work related projects on their mobile devices, the gap widens for malicious attackers to slip through and compromise information. In a May 2012 survey by Informationweek focusing on BYOD, 86 percent of respondents permit use of personally owned devices at work now, with 80 percent of mobile devices requiring only passwords for mobile devices that access enterprise data/networks. Even scarier, just 14 percent require hardware encryption, which leaves a large opening for vulnerability exploitation.

The threats to mobile phones and tablets have been around for a long time. As mobile technology skyrockets to the point that cell phones are now hand held computers, threats to PCs, smartphones and tablets are one in the same. There are initiatives striving to bring the same security measures for PCs and servers to mobile devices, while still allowing workers to personalize their work efforts. Staying ahead of the curve is key. Marc Maiffret, founder of eEye and now CTO of BeyondTrust believes, “desktops and servers are still much bigger targets, which means there’s still time to figure out the mobile security questions.”

Leave a Reply

Additional articles

6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,
Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    BeyondTrust Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , , ,