Sunday, February 3, 2013

Blog: Why device (BYOD) based differential access is required in the organization?

Here is the CIO of the Indian outfit of a US based manufacturing company and they do lot of software development here and all of it is proprietary code and forms the IP of the company. He says that he has a clear policy on BYOD and it is simple one: “just allow it connect onto the corporate network and is no different from connecting via laptop”. I was shocked and here is why…..

His is a typical organization using Microsoft AD for authentication and MS Exchange ActiveSync (EAS) for email synchronization. Uses EAS to detect all smart devices that are plying on the network and his argument was that I know all the devices that are on the corporate network any given time (via EAS). This was the “rebuking his theory” time for me and to show how to bypass this security. Real quick an AD test account was created for me and I used my new iPad to connect to AD for login and to connect to EAS for email download and his expectation was I would login and immediately connect to EAS so that he has complete details of the device and what I did was didn’t even go to the emails and completely bypassed exchange and mail server and started accessing intranet and including accessing his source repository!! He now has an unauthorized device accessing his source repository from an authorized user but his EAS has no info of that device!!!

 Manjunath M Gowda
CEO, i7 NetworksAgentless BYOD Control”, @i7networks

No comments:

Post a Comment