Not long ago, I published a commentary focused on Cortado and app wrapping (see NCP Engineering reached out and asked if I'd like to speak with Joerg Hirschmann, CTO of NCP Engineering.). As is often the case, a comment on a conversation with representatives of one company leads to conversations with others. This time, representatives of
Hirschmann is a strong proponent of an active defense system for corporate systems, data and applications. He believes that while end-point security tools — such as those offered by Cortado — can be very useful, they must be incorporated into a larger set of security management policies. Hirschmann's view: Wrapping applications is only a start.
IOS and Android have started down a useful path by adding access controls, Hirschmann says, but these are far from a comprehensive in-depth security framework.
The server operating systems, applications, databases, and networks must all be considered as well. This, Hirschmann believes, leads to the requirement for careful planning, monitoring, and sophisticated firewalls and even to the use of virtual private networks. He suggests that staff using their own devices should be mindful of the networks they are using. Coffee shop and hotel networks might be convenient, but they may not be really safe.
The questions he suggests IT planners address should include the following:
- Are the passwords people use really secure and safe?
- Are the networks protected so application conversations cannot be overheard and the proprietary data extracted?
- Are applications being developed with security in mind rather than security being an afterthought?
NCP Engineering believes that its firewall and its VPN clients and services should be a part of organization's planning for BYOD programs.
What is your company doing in this area?