By Josh Wright
[Editor's Note: On this blog, we often post articles. But other times, we post presentations because, for a lot of us, the best way to convey a lot of relevant information is to use slide format. Also, for many readers, an intense set of slides can really hammer home some points in a quickly digestible format (unlike Fogo, but don't get me started).
In this presentation, Josh Wright provides some AWESOME information about the infosec struggles organizations face as they deploy mobile platforms (whether they want to deploy them or not), and some tips for security pros (including pen testers, ethical hackers, incident handlers, architects, and operations folks) for dealing with the onslaught. Really good stuff — a must-read, IMHO. -Ed.]
I was recently honored to speak at the National Cybersecurity Innovation Conference in Washington DC where I delivered a presentation titled "An Intense Look at the Mobile Computing Threat". I had an attentive audience, since half of the attendees couldn't get their BlackBerry email due to the RIM outage, and because more and more organizations are being asked to deploy mobile devices securely without the support of mature enterprise controls.
I spoke about the problems of disparity between mobile devices and traditional computing platforms (and the disparity between mobile devices from different vendors), patching problems, mobile device malware, device encryption limitations and opportunities for an attacker to exploit mobile devices. My goal was to help the attendees understand that mobile devices are a threat today, and will continue to be a threat into the future until vendors introduce mature and comprehensive enterprise controls, something that is lacking in popular platforms today.
You can download the detailed slides here: IntenseLookAtMobileComputingThreat-20111012
We need more expertise on mobile devices to ensure they are deployed securely, something Kevin Johnson is tackling with his Mobile Device Security course debuting in December in Washington, DC.