Since ‘BYOD’ seems unavoidable, organizations should consider some basic steps, which will hopefully help with audit and regulatory requirements: Make the device stateless, or at least keep all the corporate data in a VM, whose configuration is managed. This protects against device theft leading to data loss; Require users to run an anti-malware program, to protect against basic attacks like keyloggers; Require users and IT to collaborate in ensuring that consumer devices meet these requirements; and Absolve IT from supporting the device, beyond basic security validation.
#securerobe #multifactorauthentication
Web: https://securerobe.school.blog/2021/11/15/the-itsj-interview-a-chat-with-gord-boyce-xdr-vs-edr-forescouts-ceo/