“Trusted Devices” Can Create a False Sense of Security
In the enterprise world, device security is of paramount importance. We’ve seen no end to the number of stories where companies have suffered breaches due to inadequate internal security, suffering substantial business and financial consequences in the process. As a result, securing the technology used by employees and offices is an important step undertaken by many companies today. With the “walled garden” Apple offers in iOS combined with its track record for very rigorous security, many companies have made the switch. More than three-quarters of all enterprises have some form of Apple mobile devices today.
So, does that mean problem solved? Not at all — in fact, the corporate culture surrounding the creation of the “trusted device” category could potentially have a negative impact on overall security. The goal of these “trusted devices” is to enable the company to know that the hardware connected to their network is as secure from outside hacking threats as much as possible. They are also important for remote working from home, as is increasingly common with the work conducted over a corporate VPN. What about the way employees treat these devices, though?
A “trusted” iPhone is only as secure as the user of the device. Even if an attacker cannot penetrate the device, there are other ways that sensitive corporate information can fall into the wrong hands. Loss and theft are two of the most common problems, and without a way to remotely wipe the device, the thief could gain access to the private network. Lax user practices and device sharing can also expose information that should not pass outside of the company. Without a remote method for managing the security of the data on these devices, there are still many risks.
For users who “bring their own device” to work, sending all their private and personal usage data through the corporate network is not a good solution, either. What about the potential situation where a hacker compromises the device and gains access to the network? Now employee data could be widely at risk of theft, too. Overall, it is time for businesses to rethink the concept of the “trusted device” — security goes far beyond providing a platform that is generally resistant to exploits and hacks. Without emphasizing data protection alongside device security, business data and personal information could remain vulnerable.