In-depth

Does BYOD really stand for Bolster Your Own Delusions?

Are the hardware savings of BYOD enough to compensate for the security risks it brings? Davey Winder doesn't think so

21 May 2014

I hate the BYOD (bring your own device) acronym with a passion. Whenever I put my journalistic feelers out among the security industry to get some comment for an unrelated article, you can bet your bottom dollar that no matter how precisely I've described the topic I'm writing about, someone will swing it round to BYOD.

"I'm looking for someone who can talk about developments in homomorphic encryption management as it applies to the cloud," I'll say, and the response I get from some idiot PR bunny will inevitably be: "We have someone who can discuss how BYOD can be managed in the cloud". Doh!

It's a combination of buzzword bingo syndrome (where certain tech terminologies get over-hyped to the point of press release saturation) and a need to jump on the mobile bandwagon.

Bring Your Own Device is nothing new, and security problems relating to the management of mobile devices did not start with smartphones or tablets. Laptops and netbooks have been causing security headaches for years.

Of course, laptops and netbooks never became commoditised to the point employees would rather buy their own and use them at work, which is what happened first with smartphones and more recently with tablets. As such, it's hardly surprising the need to manage these devices and control the data they access has verily exploded.

Unfortunately, the main place this combustion of need has occurred is in the media, rather than the enterprise. The smaller the enterprise, the truer this becomes. Which is why it's also hardly surprising that a newly released Gartner study has revealed that nearly a third of smartphone users who bring their own devices into the workplace have suffered a security issue and didn't tell their boss.

The report reckons only 15 per cent of respondents had signed any kind of BYOD usage agreement, and a third reported their employer had no formal policy

I did the math with the percentages in the study, and it turns out 59 per cent of employees are using their own devices in the workplace with no formal agreements or controls in place. With half of the people questioned using the device at work for more than an hour a day for social and productivity tasks, the risk to enterprise security is both obvious and potentially devastating.

The timing of the Gartner survey couldn't be better, coinciding as it does with the release of a warning from the Information Commissioners Office that businesses are failing when it comes to the security basics.

These include the storing of data in widely accessible locations. Forget Bring Your Own Device, maybe what BYOD really stands for is Bolster Your Own Delusions, both from the user who can't see the harm and the enterprise that can't see beyond the hardware cost savings.