The challenge for Day Twenty-Seven is – How could BYOA (bring your own application) play a part in security?
I couldn’t find much information regarding BYOA issues, so instead I interpreted the task as looking at security implications of BYOD (Bring your own device).
I also felt it was more relevant as people bringing their own devices to a workplace will no doubt bring their own pre-installed applications along with them.
With businesses looking at having flexible workplaces, or leveraging work from the “gig” economy, workers can be expected to bring their own devices to work with them.
Where the business doesn’t have full control of the devices connecting to their network, they run a risk of introducing problems via these devices.
Consider this article from 2017.
Bithumb are a cryptocurrency exchange based in South Korea. Being that they are working in the financial sector, you could assume that their own network and infosec standards were kept high.
However, a reported 30,000 users had their personal information stolen when attackers targeted a Bithumb employee’s personal computer.
An organisation can spend thousands of hours and bajillions of dollars ensuring that their own network, devices, and applications are safe – but if employees are able to save or access sensitive information from their own devices it gets difficult to ensure the safety of that information.
Ways around this include limiting the amount of access external devices have to an application, enforcing a strict BYOD policy, using password protected VPNs for employees to use so they can stay on the secure company network, or providing employees with equipment that is set up and maintained by the organisation.
Thanks for reading my post and following my progress through the 30 Days of Security Testing.
Feel like joining in? Sign into the WeTest Slack group and get involved!