iOS Exploit Highlights Importance of Policy Behind Tech
I tweeted earlier today about how the Fraunhofer-Gesellschaft iOS exploit that's getting a fair bit of press today illustrates the importance of policy and technology working in tandem.
It's a daily occurence that IANS receives a query from a concerned end user organization looking to put the most robust controls in place to protect information (both IP and Personal) that reside on the newest frontier of data protection - mobile devices. The fact is, this frontier is not new and from the first floppy, USB stick, optical recordable media, or laptop that left the door of your company, this has been a risk. And protections aren't new either; they're getting better and more comprehensive day by day but technology to protect technology isn't the silver bullet. It's just that compromises on mobile devices, as they are often more memory intensive devices and items that are personally-linked to individuals, provide a more tempting target, especially when the compromises appear as easy as this:
While the Fraunhofer video above gives a stark image of just how quick and easy it is to compromise information on a very popular mobile platform, it alone does not mean that we should redouble our efforts to increase the bits of entropy of a given password policy, nor does it mean that investing more heavily on a multi-platform mobile device management system should be top priority. These are critical steps that need to be considered and enacted, however, the initial focus should be on policy. Policy, after all is the foundation that allows the technology to protect data to come into play. All of the entropy bits in the world and myriad means for locking and wiping devices are all for naught lacking a policy of enforcement for the use of a tool or invocation of a strategy.
The questions "what do we need to protect; how; and how far do we go" are some that have been weighed countless times in your organization, likely dating back to decisions around media types that are no longer supported. The Fraunehofer exploit relies upon time as its best asset; time to get to an area where the exploit can be carried out. The best enemy against time is a clear, executable policy - in this case for device wipe - that is carried out consistently and decisively.
What's your policy?
Archives
- March 2012 (2)
- February 2012 (2)
- January 2012 (3)
- December 2011 (5)
- October 2011 (1)
- September 2011 (1)
- August 2011 (4)
- July 2011 (4)
- June 2011 (5)
- May 2011 (7)
- April 2011 (4)
- March 2011 (4)
Next Event
Space is limited, reserve your spot today