Of all the things we’ve lost, we miss the company devices the most.
Well, that’s probably not true for most people. Bring your own device (BYOD) has exploded in popularity over the past decade, a change accelerated by remote work and the Covid-19 pandemic.
But some companies may well be missing the aspect of control they had over staff—at least when it came to security. While many organizations have warmed to the idea that staffers do better with their own devices, the complications of an added threat surface remain. For Apple users, who have long been insulated from the worst of attacks when compared to their PC-using counterparts, that has meant a shift in threats in recent years.
On April 29, Oligo Security revealed they had uncovered 23 vulnerabilities, leading to 17 CVEs, related to Apple’s AirPlay and AirPlay Software Development kit that could potentially affect millions of devices; consequences of the exposures include taking control of devices and the implementation of spyware. And with the increase in BYOD, Apple devices are open to attacks that users often aren’t prepared for.
Stay connected. Michael Covington, VP of portfolio strategy at Apple software development firm Jamf, told IT Brew at the RSAC conference in April that his company is monitoring the expanding threat surface. Controlling that danger is part of the plan.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“It’s allowing new entry points, new data export points, and it also is making it so that there are some features that, before they have any enterprise level controls around them, they become a point for data in and out that the company has no visibility into or the ability to control,” Covington said.
In order to facilitate management of those challenges, Covington said, Jamf is using AI—including but not limited to Apple Intelligence capabilities—and containers that, as IT Brew reported in October 2023, can be used for data partitioning between work and home devices. Covington said that he’s still using that separation tech with his own phone.
Control group. It’s important for firms, he added, to be sure that they’re staying on top of internal challenges. This often means paying attention to how staff are using their devices and permissions, something that, paradoxically, becomes easier when you have to assess controls over their BYOD phone and/or computer.
“It forces us to make a decision for certain classes of workers that are using certain information on the device that we care about, how it is working its way into other services that we don’t understand,” Covington told IT Brew. “That’s just one example of the attack surface that businesses very much want to control.”