We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
The growing prevalence of Bring Your Own Device (BYOD) approaches to staff working has a great deal going for it, particularly as an integral part of a cloud services environment. But it does bring with it some justifiable fears about security. And the latest annual security report data from Juniper Networks has highlighted one of the main potential culprits of the moment – smartphones and tablets running Google’s Android operating system.
What the survey also highlights is that most of the benefits of BYOD can be maintained while significantly reducing the current risk potential with some simple management and policy changes within the business.
Juniper’s Mobile Threat Center has analysed some two million mobile applications, year on year. Between Q1 of 2011 and Q1 a year later the number of malicious Android apps available rose by over 600 percent. No figures are available for Q1 this year, as yet, but if the same growth rate is maintained there are now likely to be over a million and half suspect apps floating around by now.
Android is, of course, widely available and is the OS of choice for a large number of smartphone and tablet suppliers. It is therefore likely to be a favourite for staff working in a BYOD environment. And it appears that it is the outlets for the apps which is one of the causes of the problem.
Google itself maintains good control over its own outlet, Play Store, but the number of independent apps stores that have sprung up can be numbered in the hundreds. The largest number, 173 of them offering malicious apps, are based in China, according to the Juniper survey. Russia is the next largest source, with 132 apps stores, while the US is third with 76 of them.
Many of the apps available on these sites are free, and therefore particularly enticing. Appearing enticing is, of course, the object of the exercise.
The types of malware most commonly buried in the free apps from such stores work classic scams, such as sending SMS messages to premium rate lines, where the scammer is usually long gone with the cash before anyone realises what has happened. Mobile banking is also a lucrative target, and third-party mobile wallet systems are also gaining attention.
From a BYOD perspective, it is more worrying that the survey also identified a rise in botnet software for smartphones. Towards the end of last year, the Tascudap Trojan began spreading on handsets. This works with command and control servers at a remote host to upload attack code into any enterprise network to which the handset is connected.
IT managers at business running a BYOD policy therefore need to be aware of such possibilities and institute policies that can inhibit the chances of infection. Some of these policies may require inhibiting the freedoms of staff just a bit. One of the easy steps, for example, is for the IT department to resource an app store of its own. This would contain all the apps staff are likely to require, each of which can be tested and validated before being placed in the store.
Should staff need new apps they can easily nominate them to IT and, if approved, IT can test their validity. The biggest issues here may well be licence management so that apps providers can be properly recompensed.
Another simple tactic will be to create centralised backup routines that run on BYOD devices when they are connected to the central services. The backups can then be checked for malicious code as part of that process and known malicious apps removed from the client device.
The biggest issue of course, is that IT staff need to be aware that steps such as this need to be an integral part of any policies for managing a BYOD environment.
