BYOD Consumer Demand and Information Security - CYBR 620 Research Paper by Glenn Ford

My Notes on this paper: This is a MDM/BYOD paper I did for Cybersecurity Masters Program, CYBR 620 at UMBC Shady Grove campus.  The paper was to discuss problems and possible solutions with BYOD MDM. This paper was in APA format, with a few professor requested differences, but obviously posting to Blogger I lost some of the formatting. I'd love to hear feedback from any security people (or non-security for that matter).  I was very limited on the space allowed to write on this topic.  I know it could have been 100-200 pages and still not cover all the issues.  Please take that in mind when reading. In a related field?  Connect with me on LinkedIn --Glenn Ford

BYOD Demand and Information Security

Glenn Ford

UMBC at Shady Grove

Executive Summary

Having a BYOD policy without the proper security, device management and monitoring, and a positive user experience can put the enterprise at risk. Information can be monitored or leaked, devices and mobile infrastructure could enter into in an untrusted state, and users become frustrated and paranoid with the use of their device in the workplace. If the enterprise fails in their BYOD plan they will be at a competitive disadvantage for their current workers and ability to hire top talent.

Mobile security risks as well as threats by agents pose an ever growing and complicated problem to the information security of a mobile enterprise. Having the device compromised by authorized or unauthorized users or resources on the device, man in the middle, or end points compromised will lead to information being monitored or leaked. Other attacks such as DoS are at issue as well. Protecting the confidentiality, integrity and availability of the mobile device and infrastructure is at the core of mobile security. Mobile device management, monitoring, and user experience that can work across many platforms and be scalable also pose challenges. With BYOD users, privacy of the user’s personal assets is a great concern.

By providing security through defense in depth there is a known understanding that any single solution may have vulnerabilities but by applying layers of security there are levels of redundancy to increase security. Specific layered security solutions from the moment the device is turned on until the device is powered off are discussed. Solutions are discussed for the supply chain and physical security of the device. Combining the discussed critical solutions in a security policy such as transient authentication and FIPS 140-2 for data protection, dual layer FIPS 140-2 encryption for data in transit, and web based non-resident data only for sensitive information.

With 4 in 10 enterprise level organizations having had a BYOD related security breach, there needs to be fast response to solving the problems in the immediate future.