Security "Bits"

Smartphone Kill Switch Won't Help BYOD Security

By Rich Campagna | August 26, 2014 at 4:39 PM

smartphone_kill_switch_byod_securityCalifornia's smartphone kill switch law is a big step forward in protecting the consumer by allowing them to lock and wipe a mobile phone in the event of loss or theft of the device.  The ruling does very little to curb the BYOD security concerns at the top of every CISOs priority list.

The law, which applies to phones manufactured after July 1, 2015, is geared towards curbing theft of mobile devices for resale purposes. These kill switches will be designed to render the phone inoperable if it's lost or stolen, likely driving resale value for these devices to near $0.

For the enterprise, however, this does little to counter data security concerns with BYOD.

The enterprise must still grapple with employee reluctance to install management software on their personal devices, devices being carelessly left unattended, and employees going rogue or leaving the company. A determined bad actor can exploit any of these channels to extract company data without causing the user to trigger the kill switch. 

Another issue? Data continues to reside on the device after it has been disabled, a potential challenge for security conscious organizations and those in regulated industries.

The net? A kill switch handles loss or theft - the primary concern of the consumer. For the enterprise, however, physical loss or theft of the device is only one of many ways that corporate data can be exposed via BYOD, so it's really only part of the answer, at best.

Learn more about how Bitglass can provide a kill switch for corporate data to handle any of the issues discussed above.

Bitglass for BYOD




see all