Skip Links

Using forensics to deeply understand the security impact of iOS and Android in the enterprise

IT Best Practices Alert By Brian Musthaler, Network World
February 24, 2012 12:28 PM ET
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Faced with the realities of the consumerization of IT, many organizations feel pressured to increase their support and management of consumer mobile devices. At the same time, IT and information security organizations are responsible for providing acceptable levels of data protection and enterprise security. It's a tall order to meet user demand for the devices while still maintaining an adequate security posture.

Recently viaForensics, researchers and practitioners in mobile forensics and security, published an in-depth analysis of the risks mobile devices pose in their report, "Mobile Security Risk Report - Understanding the security impact of iOS and Android in the enterprise." What sets this report apart is the research is based on forensic analysis of what's actually on the devices. The viaForensics team uncovers information that would be overlooked by common mobile device management (MDM) tools.

THE BYOD STRUGGLE: From writing custom apps to defining security

The report provides forensic insight on mobile device threats, data exposure risk and the benefits of most common security measures for these consumer platforms. Furthermore, viaForensics examines enterprise security questions, such as whether popular platforms (iOS and Android) are secure enough for enterprise use and how these platforms compare to the commonly used BlackBerry platform. The report addresses other questions that nag InfoSec specialists, such as: Can passcode security be broken, and if so, how? What does data encryption really accomplish? How secure are devices from malware threats?

From a risk/threat perspective, the authors present device and organizational risks and their likelihood in a way that gets the attention of both the less technical manager and a mobile security administrator. For the less technical, the report outlines in easy to understand language the risks associated with the popular mobile device platforms, the likelihood of occurrence, and recommendations for remediation.

For the more technical professional, the report describes in relative technical detail the specific risks posed, how the devices can be compromised using varying techniques, and how to remediate the risks where possible. For example, there are discussions on the iOS Keychain, the central database in iOS where credentials and sensitive data are stored, which can be broken into to retrieve data stored on the device. Also covered is how to extract or recover data on an Android device using either logical or physical imaging processes. The logical image can be used to recover allocated data on the device, whereas a physical image will recover both allocated and unallocated (deleted) data.

The following is an excerpt of numerous recommendations designed to reduce the overall risk posed by mobile devices in a security-conscious enterprise environment:

Enforce strong security on mobile devices to the extent supported by the platform. Require alphanumeric passcodes, limit failed passcode attempts and require encryption. When using MS EAS, do not enable "Allow non-provisionable devices," so that only devices respecting the security controls will sync. Consider MDM systems for provisioning and management, recognizing that device data security may not be significantly enhanced by the MDM software.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News