Mar 28 2012

BYOD Is Good, but Not for Jailbroken and Rooted Smartphones

Companies should be open to workers bringing their own devices but wary of allowing hacked phones in.

The “bring your own device” movement has its adherents but also those who are more gun-shy about pulling the trigger on employees using personal devices on corporate networks.

Regardless of which side you’re on, it’s becoming increasingly difficult to deny that BYOD is a workplace trend on the rise. In a recent survey conducted by Cisco Systems, 51 percent of the respondents reported that the number of employees bringing their own devices to work is on the rise.

Bringing iPhones, iPads, Android smartphones and Windows phones to work is one thing, but what about users who’ve decide to jailbreak their iOS devices or root their Android devices?

John Sawyer, a writer for Dark Reading, attended the SANS Mobile Device Security Summit in Nashville, and he found that the majority of IT professionals he encountered were staunchly against allowing the modified devices onto the enterprise network.

The general consensus of the summit speakers and attendees is that these altered devices have no place in the corporate environment. Summit co-chair and Secure Ideas security consultant Kevin Johnson said that he is against jailbroken devices in the enterprise. He said there are certainly benefits to having a jailbroken/rooted device, but they also pose numerous risks to company networks and data.

What are those benefits and risks? The primary benefit is full access to the device's underlying operating system. Smartphone manufacturers put in controls to limit users' access to the underlying system. Jailbreaking and rooting bypasses those restrictions so the user has full rights over the system, similar to an administrator account on Windows, or root on Linux. This gives the ability to access files and data that were previously inaccessible, and for Apple devices, the ability to install applications from sources other than the Apple App Store.

This seems like a sensible compromise. Rooted and jailbroken devices are not supported by the device manufacturers, so it seems unwise for companies to assume the risk of malware and security vulnerabilities that come with these devices.

For more on Sawyer’s report about BYOD and altered devices, read the full story on Dark Reading. And for more great content from around the web, check out the 50 Must-Read IT Blogs from BizTech.