that  could  be  used  to  launch  a  man-in-the-middle  attack  or
            highjack a user session.
            The other concern is that most of these mobile applications are
            running on personal devices that may be infected or compromised
            without user knowledge.



            BYOD
            Organizations  are  embracing  the  concept  of  Bring  Your  Own
            Device (BYOD) or sometimes jokingly referred to as Bring Your
            Own Disaster! The BYOD approach makes a lot of sense from a
            business perspective. Everyone can use devices that they possess,
            including mobile phones, tablets, laptops - devices that they are
            comfortable with, and that may save the organization the cost of
            purchasing!

            This does, however, pose some security concerns. What happens
            when the person leaves the company - especially involuntarily -
            is it possible to remove all organizational data from the device?
            What  if  the  device  is  compromised,  lost,  or  stolen?  Is  the
            confidential data on the device protected?
            There are several solutions the security manager must consider,
            including first and foremost policy. It is also possible to declare
            which devices are allowed and which are not. A virtual machine
            that can be remotely wiped in case of loss can be set up on some
            devices. Some devices will also allow encryption and two-factor
            authentication for access.
            As with all new technologies, the security manager must often
            understand that it may be impossible to stop the use of the new
            technology, but it is possible to put in place security controls to
            protect the use of the new technology as much as possible.