Part II: Case Study Analysis:

Read Case Study below How Secure Is BYOD? and answer the questions that follow

answer question 1-4 ill give you thumbs up

Attention all businesses: Every employee is car- provide a direct path to confidential company data rying around a 5-ounce potential wireless net- through malware or open hacker access. work intrusion device: their smartphone. Thanks Hacker attacks on mobile devices are esca- to BYOD, smartphones and other mobile devices lating. Android is now the world's most popular pose one of the most serious security threats for operating system for mobile devices with 81 per- organizations today. cent of the global market, and most mobile mal- Mobile devices are opening up new avenues for ware is targeted at the Android platform. Few accessing corporate data that need to be closely smartphones are sold with anti-malware tools or monitored and protected. Sensitive data on mobile firewalls. devices travel, both physically and electronically, Apple uses a closed "walled garden" model for from the office to home and possibly other off-site managing its apps and reviews each one before locations. According to a February 2016 Ponemon releasing it on its App Store. A few vulnerabilities Institute study of 588 U.S. IT and security profes- have been detected, Android application security sionals, 67 percent of those surveyed reported that is considered weaker, but it is improving. Android it was certain or likely that an employee's mobile application security uses sandboxing, which con- access to confidential corporate data had resulted fines apps, minimizing their ability to affect one in a data breach. Unfortunately, only 41 percent of another or manipulate device features without user respondents said their companies had policies for permission. Google removes any apps that break accessing corporate data from mobile devices. its rules against malicious activity from Google More than half of security breaches occur Play, the official app store for the Android oper- when devices are lost or stolen. That puts all of the ating system. Google also vets the backgrounds personal and corporate data stored on the device, of developers. Recent Android security enhance- as well as access to corporate data on remote serv- ments include assigning varying levels of trust to ers, at risk. Physical access to mobile devices may each app, dictating what kind of data an app can be a greater threat than hacking into a network access inside its confined domain, and providing because less effort is required to gain entry. Expe- a more robust way to store cryptographic cre- rienced attackers can easily circumvent passwords dentials used to access sensitive information and or locks on mobile devices or access encrypted resources. Colin Minihan, director of security and best can more easily bring their own devices. The key practices at VMWare AirWatch, believes that questions to ask are called the "three Ws": Who understanding users and their needs helps a mobile needs access? What do they need to access? What security strategy progress further. VmAirWatch is the security posture of the device? categorizes similar groups of users and devises a specific plan of action for each group, choosing Sources: Howard Solomon, "Mobile Malware Trends: Trojans, Botnets, and More," Canadian CIO, April 2017; Michael Heller, "Mobile Security the right tools for the job. Strategy Matures with BYOD," and Kathleen Richards, "CISOs Battle According to Patrick Hevesi, Nordstrom's for- to Control Mobile Risk in the Workplace." Information Security Maga zine, June 1, 2016: Conner Forrest, "The State of Mobile Device Secu- mer director of security, if users need access to rity." ZDNer, July 11, 2016; Nathan Olivarez-Giles, "Android's Security critical corporate data that must be protected, the Improves-for the Few," Wall Street Journal, April 21, 2016; Ponemon firm should probably allow only fully managed, Institute, "The Economic Risk of Confidential Data on Mobile Devices in the Workplace." February, 2016, and "Dropbox Patches Android Security fully controlled, approved types of devices. Users Flaw," Zero Day, March 11, 2015 who only want mobile tools for email and contacts CASE STUDY QUESTIONS 1. It has been said that a smartphone is a computer in your hand. Discuss the security implications of this statement. 2. What kinds of security problems do mobile computing devices pose? 3. What people, organizational, and technology issues must be addressed by smartphone security? 4. What steps can individuals and businesses take to make their smartphones more secure