Why BYOD represents evolution not revolution

Is BYOD necessarily the panacea that some suggests? We explore the disconnect between the theory and reality.

Henrys says that corporates need to ensure that employees sign up to BYOD policies that allow the IT department to wipe devices should they become lost. But these are without problems.

It might be easier to reach an acceptance with the employees on strict security measures, as opposed to in a situation where they have no influence on the tool du jour.

He cited an example of a test case currently going through the courts in the US where a man had lost a phone and the corporate had wiped its data. The man in question was going through a messy divorce and, along with work data, the phone played home to texts related to that divorce. The removal of that data resulted in the man taking legal action against the company he worked for.

"Whether or not he finds the policy to say that was OK to do that, we will find how much water that holds as it goes through the courts," Henrys says.

He suggested one way to avoid this is taking home corporate-provided devices and having part of that device partitioned off for personal use.

Regardless of whether the employee brings their device into the organisation or it provides them with a business device sporting the consumer features the user feels they need to perform their job, there has to be policies in place. Such policies will not only separate the business concerns from personal matters but will also ensure that confidential corporate data can only be accessed in a safe and secure manner. What's more, these policies need to be communicated effectively to the user.

Margrete Raaum, Steering Committee member of the Forum of Incident Response and Security Teams (FIRST), an international umbrella organisation of trusted computer incident response teams, suggests that firms need to create a model where all devices are deemed insecure and valuable assets on the local network can be protected in much the same way as you safeguard something that is placed directly on the internet.

"This might actually be a good strategy, as protected client networks are often more insecure than assumed by the internal firewalls, and rogue equipment is likely to exist on most company networks," she says.

"Also, it might be easier to reach an acceptance with the employees on strict security measures, as opposed to in a situation where they have no influence on the tool du jour."

The key here is to ensure that the flow of valuable data or potential malware does not cross the company's perimeters without detection, Raaum says.

Alongside the financial arguments, any company needs to weigh up whether BYOD is worth the cost and effort of implementation. Users may want the latest sexy device, but if the arguments don't stack up, there is very little incentive for the organisation to allow or fund - this.

Visit the Intel IT Centre for further help and guidance for IT managers and professionals.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Most Popular

350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
Samsung Galaxy Note might be discontinued in 2021
Mobile Phones

Samsung Galaxy Note might be discontinued in 2021

1 Dec 2020