Page 30 - Mobile Data Loss
P. 30

24    Mobile Data Loss


          especially important in the event of a breach and time-to-resolution;
          and is incredibly helpful in a liturgical and nonliturgical forensic inves-
          tigations. Mapping out these EMM data points is key to updating
          your incident response lifecycle and response procedures.


          MOBILE DEVICE UPDATES AND PATCHING

          In sharp contrast to the PC world, users are in control of when mobile
          device updates and patches are applied. This is very much the case
          with iOS and Android, and is becoming more of the case with
          Windows such as in Windows Phone 8/8.1 and forthcoming in
          Windows 10. This can be problematic for specific use-cases where an
          organization would like to test an update with all of their apps to
          avoid software issues. Single-app mode (iOS) or Kiosk-mode
          (Android) can limit the user from performing an update.

             EMM solutions can provide a way to enforce updates to ensure that
          vulnerabilities are patched. This can be performed through a security
          policy that blocks network access or other enforcements to encourage
          users to perform the update. But there are obstacles and a lack of APIs
          (Application Program Interface) to enforce the mobile operating system
          updates from the EMM.



          WEARABLES
          Wearables and smartwatches didn’t become a topical risk concern for
          most organizations until the release of the Apple Watch. There was
          certainly the fear of the unknown. Are these devices risky or not?
          What happens if a device is hacked or lost? The fact is that wearables
          and smartwatches have been around for years prior to the Apple
          Watch, and some can be paired with an iOS device in addition to
          Android and Windows devices.

             There are fundamental differences between wearables and smart-
          watches versus their mobile device counterparts. These smartwatches
          typically require a pairing app on the mobile device to allow the smart-
          watch to be paired over the air. The most important difference of a
          smartwatch versus a mobile device is that the built-in security for
          smartwatches is more proximity based rather than PIN or passcode-
          based. With mobile devices typically the first security requirement
   25   26   27   28   29   30   31   32   33   34   35