ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Why the ship has sailed on BYOD"
Episode Synopsis
Tom Dean of Consulting Adventures joins Felicia for part three of the analysis on mobile devices and the problems with them.
OKTA breach, IT admin’s password getting stored in gmail password synced manager
Two-way problems. Personal on business and business on personal
Lack of clarity around device wipe, device use policies, apps running on devices
Compliance is easier when business owns the asset and delineation of ownership of asset and data is clear.
If the configurations are not managed, the cost profile to the company is a lot higher.
Credentials and MFA spill over in both directions
Data compliance issues
DLP and encryption issues
Lack of ability to define device security settings like PINs
How are you doing effective device configuration backups?
How do you prevent malicious apps from being installed on the devices?
How do you have leveraged support capabilities from the mobile devices?
Asset inventory is mandatory
Compliance costs can be drastically reduced by having company owned assets that only get approved applications. This is another reason why end users CANNOT have admin access.
No VPN access until someone has been part of the company for 30 days.
Onboarding and offboarding is crucial to information security
Information security is not a technical controls issue, it is a HR management issue.
Verizon fell for fake “search warrant,” gave victim’s phone data to stalker
https://arstechnica.com/tech-policy/2023/12/verizon-fell-for-fake-search-warrant-gave-victims-phone-data-to-stalker/
As if all that wasn't bad enough, if an employee of a company has issues in their personal life, it will spill over to business and especially in the context of allowed personal use of company assets.
OKTA breach, IT admin’s password getting stored in gmail password synced manager
Two-way problems. Personal on business and business on personal
Lack of clarity around device wipe, device use policies, apps running on devices
Compliance is easier when business owns the asset and delineation of ownership of asset and data is clear.
If the configurations are not managed, the cost profile to the company is a lot higher.
Credentials and MFA spill over in both directions
Data compliance issues
DLP and encryption issues
Lack of ability to define device security settings like PINs
How are you doing effective device configuration backups?
How do you prevent malicious apps from being installed on the devices?
How do you have leveraged support capabilities from the mobile devices?
Asset inventory is mandatory
Compliance costs can be drastically reduced by having company owned assets that only get approved applications. This is another reason why end users CANNOT have admin access.
No VPN access until someone has been part of the company for 30 days.
Onboarding and offboarding is crucial to information security
Information security is not a technical controls issue, it is a HR management issue.
Verizon fell for fake “search warrant,” gave victim’s phone data to stalker
https://arstechnica.com/tech-policy/2023/12/verizon-fell-for-fake-search-warrant-gave-victims-phone-data-to-stalker/
As if all that wasn't bad enough, if an employee of a company has issues in their personal life, it will spill over to business and especially in the context of allowed personal use of company assets.
More episodes of the podcast QPC Security - Breakfast Bytes
AI Use Insights and the Dangers of UCaaS
30/07/2025
A Deep Dive into SaaS Risks and Backups
30/04/2025
In God we trust