Thursday, March 27, 2014

Security,Smart-Devices and stretching Trust boundary - Are we losing control ?



We all know people are the weakest link and with smart devices it is easier to exploit.

This article discusses how Trust gets stretched and affects the security when it comes to Mobile Devices.

(Remember people  can also connect their mobile devices to  any WiFi networks increasing the risk.
Add IoT and it becomes a lot more fun)

Quote from the article:

“A process without input is a miracle, while one without output is a black hole. Either you’re missing something, or have mistaken a process for people, who are allowed to be black holes or miracles”



According to the article:- 

As a baseline, the company itself took the responsibility for trusting the OS to have provided a safe sandbox for all apps to play in, and the phone vendor to have only installed trustworthy apps as part of their customization. So our trust boundary is already extended beyond our company resources to the phone service provider, the phone manufacturer, the phone vendor, the phone OS developer and the security application company. All which we may have to just accept but should be aware of.


But our new employee has, unknown to the company, extended our trust boundary is several ways:

  • Adding Gmail account 
  • Adding games
  • Adding calendar app
  • Lastly the social media apps


I think that ultimately, none of this is all that egregious and should be a normal use case for IT distributing devices, but add this up over a 500 person company and your trust boundary grows far beyond your ability to manage it, making it effectively infinite. 



The links below has more information:-

No comments:

Post a Comment