What do you do when your employee leaves their phone at Oktoberfest (or any other drinking establishment!)? On his way to Oktoberfest in Munich, Raimund talks about the risks and difficulties in securing mobile devices.
(If you are having difficulties with the accent, here is a transcript!:)
[Transcript] I’m dressed funny today and why? Because it’s Oktoberfest in Munich and the German team of Trend Micro will be at Oktoberfest this afternoon. We will celebrate, we will have a little bit of beer and we will have a good time. When you look inside the tents you see all the people now using mobile devices tweeting, texting, taking pictures. Actually you have 7 million visitors at Oktoberfest every year. And I would say most of them have these devices so it’s actually a distributed denial of service attack infrastructure of the telecoms who try to provide the bandwidth so people could text or tweet, could do everything. If you think about it people get drunk, the beer’s pretty strong there so what’s happening, they are leaving their device on the table, they are just losing their devices. It’s not only one device you have now a days. Its multiple devices. People are carrying around different phones. People are carrying around tablets and whatever. It’s all kind of devices. So the big question is with this Consumerization of IT with bringing more and more devices, private and corporate devices into an Enterprise, is it possible to protect these devices? Is it possible to protect your infrastructure? Of course you can project your infrastructure your server farm behind the DMZ. You could separate the internet from your intranet. You could protect your data by encrypting them. But what if the device gets lost or stolen. If the mobile phone gets lost or stolen, maybe corporate information is on it. So I think we all have to rethink and say infrastructure, it could get lost and does it matter. Is it really that expensive to replace a $400-$500 device which you could easily backup and restore? No, the value of the device is actually the data. So we need to start to look at data access control. We need to start to look at how to protect the data while it’s resting, how to protect the data while in transit, how to protect the data while on the move, start with mobile devices. We’re talking data access control , we’re talking about encryption we’re talking about proper backup and restore for all this data because what needs to be protected is not the infrastructure any more. What needs to be protect is the data because that’s the real value for the company, for the competition and for the attacker… unfortunately