Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Don't Be Overprotective About BYOD
Newest First  |  Oldest First  |  Threaded View
bubbajones4u4
50%
50%
bubbajones4u4,
User Rank: Apprentice
12/10/2013 | 4:45:59 PM
Overprotective BYOD
BYOD is a big test of trust in a corporate enviornment, and the question to data access and security between personal and business data is the $1 millon question. I agree, there is a thing as being overprotective, but in terms of data security I don't know if there is such a thing.

We were looking to bring in a larger MDM system for BYOD at our hospital, but the doctors (who own the hospital) felt it was to intrusive since they all wanted to use their own devices, but didn't want IT to have total control over them. Still, they wanted the ability to send HIPAA compliant patient info (mostly text messages) to admin and other doctors.

In the end, we changed our stratagy and started looking for individual apps to deal with the various security issues. Example: to allow for HIPAA text messaging, we got an app (Tigertext) which is HIPAA compliant, and installed it on all the doctors devices. It auto-deletes the messages after X period of time, and IT can still wipe the device if it is lost or stolen, but the doctors didn't feel it violated thier 'privacy' which made it acceptable to them. More info: www.tigertext.com
WKash
50%
50%
WKash,
User Rank: Apprentice
12/10/2013 | 10:14:43 AM
Re: The Problem With Perfect
CIOs will always face a yin and yang dllemma between the need for information access and the need to keep that information secure.  Walling off corporations from mobile dangers at the expense of productive uses of mobile is clearly not the anwer.  Neither is giving into BYOD demands simply to satisfy your workforce.  As most enlighted CIOs understand, the answer is in learning how to find the pathway to "Yes, we can, if we do x,y,z" instead of "No, we can't because of a,b,c."
Laurianne
100%
0%
Laurianne,
User Rank: Apprentice
12/9/2013 | 2:30:13 PM
The Problem With Perfect
Practical post. Focusing on perfect can be dangerous, as you point out. In our quest for perfection we can miss out on a lot of productivity gains. Readers, do you feel IT faces too much pressure to provide "perfect" mobile security?


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...