Some days ago I attended a webinar about Cyber security. While discussing the challenges of BYOD someone stated:
‘In a hyper connected world thousands of trusted devices connect to your trusted company network.’
In my opinion, trusted devices in a trusted network are a contradiction in itself.
Let me clarify this by an example from daily life.
The moment you are connecting with your company owned laptop across the internet to your company network, you lost the game. Even if you use a VNP tunnel to secure the network connection, your laptop is in a potentially insecure state, since likely infected with malware.
Back in the company network this computers state remains insecure because your malware detection system may not detect the malware. Therefore your company network is compromised as well.
That reminds me of the blockbuster ‘Independence Day’ from 1996. The aliens allowed a fighter jet, that was lost fifty years ago, to dock at the mothership. A trusted device in a trusted network! It was the first and last mistake in their life.
The good news are: This laptop is under your control. You are able to reinstall it with a hopefully not compromised golden image.
But in the hyper connected world of the Internet of Things (IoT) and BYOD most of the devices are not under your control. Moreover, they are in a completely undefined security state, with outdated and unpatched operating systems and applications and insecure SSL certificates for communications. Just a giant black security hole!
To master the challenges of IoT and BYOD, we have to develop completely new concepts for securing devices, applications and the communication between the devices and the company network. Trust no one!
In the meanwhile we have to do our best to create awareness for the new threats, and to secure the data in the company network.
By the way, the aliens would have done well to destroy the fighter jet!