eBook - ePub
Security and Auditing of Smart Devices
Managing Proliferation of Confidential Data on Corporate and BYOD Devices
- 210 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Security and Auditing of Smart Devices
Managing Proliferation of Confidential Data on Corporate and BYOD Devices
About this book
Most organizations have been caught off-guard with the proliferation of smart devices. The IT organization was comfortable supporting the Blackberry due to its ease of implementation and maintenance. But the use of Android and iOS smart devices have created a maintenance nightmare not only for the IT organization but for the IT auditors as well. This book will serve as a guide to IT and Audit professionals on how to manage, secure and audit smart device. It provides guidance on the handling of corporate devices and the Bring Your Own Devices (BYOD) smart devices.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Security and Auditing of Smart Devices by Sajay Rai,Philip Chukwuma,Richard Cozart in PDF and/or ePUB format, as well as other popular books in Business & Revisione contabile. We have over one million books available in our catalogue for you to explore.
Information
PART I
BENEFITS AND RISKS OF SMART DEVICES
This section will assist the readers to understand smart devices. Chapter 1 focuses on the definition of smart devices. Chapter 2 explains the differences between corporate-owned devices and bring your own devices. Chapter 3 discusses the types of data that reside on these smart devices. Chapter 4 identifies the benefits of using smart devices, and Chapter 5 discusses the risks of using smart devices.
So, let’s get started.
1
DEFINITION OF A SMART DEVICE
1.1 Introduction
In developing countries, prior to the advent of cell phones and smart devices, the telephone was one of those things available only to the rich who could afford the official and unofficial price of owning one. It was a status symbol to own a landline phone. Then came cell phones and then smartphones. Communication became available to the masses, even in the developing countries. A street side vendor can now own a smart device and communicate with people far and wide. Just like the French Revolution liberated the French, smart devices have liberated the masses of the world. One wonders if IBM ever envisioned that Simon, the first cell phone, would be developed to become this global phenomenon.
What is this phenomenon that has so much global impact? So what is a smart device? How do we define a smart device? Ask many people, and you will get many devices that are included in the definition and many similar definitions. When defining a smart device, most people will immediately think of smartphones. Note, however, that we use smart devices here instead of just smartphones. While the definition of a smartphone as a smart device may be correct, it does not, however, identify and include various devices that may be defined as smart devices. The characteristics of a smart device are an important part of what a smart device is.
1.2 Characteristics of a Smart Device
A smart device must have certain characteristics to be identified as one. The characteristics of smart devices, at a minimum, include the following:
Connectivity: To be considered a smart device, the device must be connected to other devices, networks, appliances, and computer systems. This is possible because smart devices support various types of communication protocols, such as Wi-fi and Bluetooth. It must provide access to the Internet and have the ability to sync with multiple email accounts. The smart device must support virtual private networks (VPNs) for enterprises that require an additional layer of security to connect to the network. We hear the phrase bring your own device (BYOD), and this phrase is being embraced by many companies. BYOD allows companies to provide access to their network infrastructure and data to employees’ personal smart devices. In essence, the company is able to extend its network beyond company-owned devices. While this connectivity and the extension of the network increase productivity and reduce cost for the company, they come with the following threats and vulnerabilities:
• No physical control
• The use of untrusted devices and connection to untrusted networks
• The use of unknown content and applications created by unknown developers/publishers
• The use of location services
Interactive operation: This single attribute is the one reason why most people like smartphones and one of the main reasons that smartphones have been successful. If we say that desktops and laptops brought us the processing age, then we can safely say that smart devices brought us the access age. The interactive functions of a smart device include a touch screen for easy usability. It also includes a built-in keyboard that is either physical or software based. The built-in keyboard for smart devices has also led to an abbreviated form of texting communication language, which has substituted for the Standard English language but is still an effective communication medium. Texting has become a new communication language with a growing vocabulary. Some examples of the texting language include acronyms such as oh my God (OMG) and adult in the room (AITR). The built-in keyboard has also led to the instant messaging mechanism. This instant messaging is used by most people instead of an email to quickly contact people and send messages.
Autonomous: A smart device must have the ability to process information and data on its own. This means that a smart device must have its own processor. This processor must run one of the most recognized operating systems such as Google’s Android, Apple’s iOS, Nokia’s Symbian, or BlackBerry OS.
Form factor: The form factor for a smart device is very important. It must be small, thin, and considered sexy. The size will depend on whether the smart device is a phone, a tablet, or a watch. The form factor must be appealing, and, for this reason, smart device manufacturers spend a lot of time and money in improving the look of smart devices.
Multiple usages: For better usability, smart devices have built-in cameras for videos and still pictures. The picture functions have fueled a new culture of amateur publishers and instant publishing companies such as Twitter and Facebook. This ability with smart devices has also added words such as selfie to the English dictionary. With a smart device, a person can take a picture or record a video clip and instantly send that to friends or news media. It has made Twitter and Facebook the billion-dollar companies that they currently are because they have become the base of social media. Smart devices impact society in so many ways. The instant pictures and videos taken by people can also become evidence in court and an aid to the police. The cameras on smart devices raise questions about not only personal privacy but also a tool that can be used for potential corporate intellectual property theft.
Smart devices are also voice recorders, as well as a phone system. As such, they require a microphone for voice inputs. The microphones in smart devices have improved, and applications have been written to give voice commands to the smart device. Apple’s Siri is a very good example. This further improves the ease of use of the smart device and provides some safety for people who have to use their smart device while driving. (Remember that it is highly recommended not to use your smart device while you are driving.)
In recent times, smart devices have also entered the financial arena and are used as an authentication mechanism. As a financial instrument, it allows payment for goods without cash or credit card through services like Square, GoPayment, and Apple Pay. These services are becoming accepted instruments and are supported by all the major banks.
In addition, smart devices have become an authentication mechanism to various information technology (IT) networks and systems. It is now a two-factor authentication mechanism. Because every employee has a smart device, companies can implement a two-factor authentication software on the mobile device and thereby improve access control to its IT infrastructure.
Electronic: The electronic characteristics of a smart device define the smart device as an object with an embedded memory for storage and processing power. As such, the smart device must have computing power. In fact, most of the smart devices currently out in the market have more computing power than most old computers. A 16-GB Samsung S5 or an iPhone 6, with 16 GB, has much more computing power than a TRS 80 or an IBM desktop that was made in the 1990s. As smart devices continue to evolve, the processors will continue to be faster, and the storage capacity will continue to increase. This continuous improvement is also blurring the line between laptops and tablets. For example, is Microsoft’s Surface Pro 4 a laptop or a tablet? Or is it both because it performs both functions?
1.3 Definition of a Smart Device
So how do we define a smart device? Smart devices can be defined as an instant personal communication medium for the masses. It includes things such as smartphones, tablets, eReaders, smart watches, and smart eyeglasses. The list of smart devices will continue to grow as their adoption worldwide continues to grow, and new uses are developed. The application of smart devices also continues to grow and includes phones, photography, messaging, home, health monitoring, games, movie streaming, financial payment instrument, etc. as shown in the following list. What is apparent in this definition is that it does not include laptops.
Ever-growing list of smart device characteristics:
• Embedded memory
• Operating system (Android, iOS, etc.)
• Mobile browser
• Wi-fi
• Texting capability
• Digital cameras
• Remote control capabilities
• Synchronization with other devices
• Multitasking
• Internal storage
• Internet connection
• Hardware and/or software keyboard
• Touch screen
• Support for games
• Global Positioning System
• Email synchronization
• Third-party application support
eMarketer estimates the worldwide users of smartphones at 1.64 billion in 2014. But we know that smart devices include more than smartphones. Also, the graph in Figure 1.1 shows that, by 2018, the worldwide users of smartphones will grow to 2.56 billion.
The Pew Research Center estimates the following for American adults in 2014:
• About 58% have a smartphone.
• About 32% own eReaders.
• About 42% own tablets.
These numbers account for adults and do not include all the smart device ownership in the United States (Figure 1.2). So, we can only imagine how many smart devices there are in the world right at this time.
Figure 1.1 Growth of worldwide users of smart devices.
Figure 1.2 Ownership of different smart devices by American adults (Pew Research Center).
2
OWNERSHIP OF DEVICES
2.1 Corporate Owned versus Bring Your Own Device versus Company Owned, Personally Enabled
Now that we know what a smart device is, we will look at how these devices are introduced into the corporation. In the current computing environment, a smart device, as discussed in Chapter 1, is a small portable computer. Because it is a computer, organizations discovered that they can provide information quicker to their clients and customers by allowing their employees to use smart devices to connect to the corporate network and access data. Imagine that you are a salesperson with a prospective client. You realize that you will gain a new client if you can only show them what your company is about to introduce to the market that will solve their problem. Luckily, you have your connected iPad or Surface Pro. You whip out your tablet, connect to your corporate network, and demo the new widget to the prospective client. Voila! You have a new client just because you did not have to drive or fly back to your office so that you can get some pictures and brochures that you can share with the client.
The ability to delegate decision making and information where you need it is one of the reasons for the introduction of smart devices within the corporate environment. You can reach somebody with an email or text the person so that they have the requisite information on their smart device. It is the age of information where you need it. However, the introduction of smart devices into the corporate environment has not been a simple and easy road.
Corporations are just beginning to get a handle on how to manage their network perimeter, and here come smart devices that will poke holes into their network perimeter. Needless to say, smart devices were not readily accepted by some companies, especially information technology (IT), because there is a cost. The cost is not just money. For the trailblazers that accepted the new technology, they realized that they have to prepare the IT environment for smart devices. They enhanced their virtual private network (VPN), if they had one, or introduced one, if they did not. They enhanced their access control, and those corporations that did not prepare suffered the consequences. The three ways corporations introduce smart devices into their organizations are (1) through corporate ownership of the smart devices, (2) through user-owned devices, otherwise known as bring your own device (BYOD), or through a recent hybrid called company owned, personally enabled (COPE) (Figure 2.1).
Figure 2.1 Three types of ownership of corporate smart devices.
2.1.1 Corporate-Owned Devices
The smart devices’ introduction for trailblazing companies is mainly the organization issuing a company-owned smart device to the employees. Usually, the organization thinks that a particular group of employees using the smart device will benefit the company. Think back to the BlackBerry era, and you will find the same trend where organizations issued a BlackBerry to employees whom they think will use it to the benefit of the company. Not everybody was immediately issued a BlackBerry. Of course not. There is a cost that is associated with that. The advantage of a company-issued smart device is tha...
Table of contents
- Cover
- Half Title
- Title Page
- Copyright Page
- Table of Contents
- PART I BENEFITS AND RISKS OF SMART DEVICES
- PART II SECURITY OF SMART DEVICES
- PART III MANAGING SMART DEVICES
- PART IV COMPLIANCE
- PART V REPORTING, MONITORING, AND AUDITING
- PART VI SAMPLES
- INDEX