#delete Facebook, MDM-agent, CASB-agent ..


This post was originally published here by Nat Kausik.

It is now widely known that Facebook takes our personal data and hands it over to advertisers, “app developers,” and others in less than savory pursuits.   Then we learn that the Facebook mobile app sniffs your phone calls and text messages.   But what about those MDM agents or CASB agents on your BYOD?

When you install an MDM agent on your personal mobile device, you are ceding control of your phone to your employer.  As succinctly stated by an MDM administrator

Here’s the short list of the information you can collect with a MDM system: damn near everything.

I can pull the full hardware and software inventory. I can see your phone number, carrier, IMEI, serial number, OS version, app inventory, GPS location, network IPs, is encryption enabled, do you have a PIN set, etc. I could force a trusted Certificate Authority on your device, set a required proxy, and break SSL on all your web traffic. I could also force your device to connect to my VPN at all times.

Basically, you put your trust in your company to not be evil. 

In brief, an MDM agent has access to pretty much everything on your smartphone.  Yes, even copies of all your text messages maybe sent to your employer.

On Android specifically, IT can relay SMS messages from the device to corporate email archival systems. 

Likewise, CASB agents on laptops can proxy all of your traffic, defeat SSL encryption to inspect all of your communication, both personal and corporate.    If your company uses an agent-based CASB, when you log in to a corporate application from your personal laptop, a CASB agent gets installed.  Thenceforth, the CASB agent may forward any and all of your traffic via a proxy that inspects both personal and business communication, compromising your privacy, and that of your family, permanently.

If you are concerned about Facebook invading your privacy, you should be very concerned about MDM-agents and CASB-agents on your personal smartphones and laptops respectively.

Only Bitglass agentless architecture respects user privacy!  

Photo:Information Security Buzz


No posts to display