Henrys says that corporates need to ensure that employees sign up to BYOD policies that allow the IT department to wipe devices should they become lost. But these are without problems.
It might be easier to reach an acceptance with the employees on strict security measures, as opposed to in a situation where they have no influence on the tool du jour.
He cited an example of a test case currently going through the courts in the US where a man had lost a phone and the corporate had wiped its data. The man in question was going through a messy divorce and, along with work data, the phone played home to texts related to that divorce. The removal of that data resulted in the man taking legal action against the company he worked for.
"Whether or not he finds the policy to say that was OK to do that, we will find how much water that holds as it goes through the courts," Henrys says.
He suggested one way to avoid this is taking home corporate-provided devices and having part of that device partitioned off for personal use.
Regardless of whether the employee brings their device into the organisation or it provides them with a business device sporting the consumer features the user feels they need to perform their job, there has to be policies in place. Such policies will not only separate the business concerns from personal matters but will also ensure that confidential corporate data can only be accessed in a safe and secure manner. What's more, these policies need to be communicated effectively to the user.
Margrete Raaum, Steering Committee member of the Forum of Incident Response and Security Teams (FIRST), an international umbrella organisation of trusted computer incident response teams, suggests that firms need to create a model where all devices are deemed insecure and valuable assets on the local network can be protected in much the same way as you safeguard something that is placed directly on the internet.
"This might actually be a good strategy, as protected client networks are often more insecure than assumed by the internal firewalls, and rogue equipment is likely to exist on most company networks," she says.
"Also, it might be easier to reach an acceptance with the employees on strict security measures, as opposed to in a situation where they have no influence on the tool du jour."
The key here is to ensure that the flow of valuable data or potential malware does not cross the company's perimeters without detection, Raaum says.
Alongside the financial arguments, any company needs to weigh up whether BYOD is worth the cost and effort of implementation. Users may want the latest sexy device, but if the arguments don't stack up, there is very little incentive for the organisation to allow or fund - this.
Visit the Intel IT Centre for further help and guidance for IT managers and professionals.
