In many organizations “Bring Your Own Device” (BYOD) approaches are either subject to intensive discussion or are already practiced (with or without “proper governance”). Usually two security controls are of particular interest in BYOD scenarios, that are container solutions and acceptable use policies (AUPs). The speakers have contributed to BYOD “implementations” in several environments and – based on actual case studies – are going to discuss three main aspects in their talk:
<ul> <li>What’s the role of the supply chain of a device, in a BYOD setting? Is it possible to securely process – e.g. by means of a container solution – sensitive data on a device that was acquired on ebay or that the VIP using it received “as a present in the course of an industry fair in an emerging market country”?</li> <li>What level of security is actually provided by container solutions? Do they sufficiently secure data (including temporary data) and which user behavior might be required for this?</li> <li>When are good AUPs needed and which elements should be included in those?</li> </ul>
The goal of the talk is to enable the audience to realistically assess the security approaches and risks in BYOD scenarios.
Rene Graf leads the “Mobile Security” team at ERNW and has performed a number of BYOD projects including pentests of container solutions and forensic analyses of devices used by CxOs.
Enno Rey @Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999. In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level.