Why BYOD represents evolution not revolution

Is BYOD necessarily the panacea that some suggests? We explore the disconnect between the theory and reality.

Henrys says that corporates need to ensure that employees sign up to BYOD policies that allow the IT department to wipe devices should they become lost. But these are without problems.

It might be easier to reach an acceptance with the employees on strict security measures, as opposed to in a situation where they have no influence on the tool du jour.

He cited an example of a test case currently going through the courts in the US where a man had lost a phone and the corporate had wiped its data. The man in question was going through a messy divorce and, along with work data, the phone played home to texts related to that divorce. The removal of that data resulted in the man taking legal action against the company he worked for.

"Whether or not he finds the policy to say that was OK to do that, we will find how much water that holds as it goes through the courts," Henrys says.

Advertisement - Article continues below
Advertisement - Article continues below

He suggested one way to avoid this is taking home corporate-provided devices and having part of that device partitioned off for personal use.

Regardless of whether the employee brings their device into the organisation or it provides them with a business device sporting the consumer features the user feels they need to perform their job, there has to be policies in place. Such policies will not only separate the business concerns from personal matters but will also ensure that confidential corporate data can only be accessed in a safe and secure manner. What's more, these policies need to be communicated effectively to the user.

Margrete Raaum, Steering Committee member of the Forum of Incident Response and Security Teams (FIRST), an international umbrella organisation of trusted computer incident response teams, suggests that firms need to create a model where all devices are deemed insecure and valuable assets on the local network can be protected in much the same way as you safeguard something that is placed directly on the internet.

"This might actually be a good strategy, as protected client networks are often more insecure than assumed by the internal firewalls, and rogue equipment is likely to exist on most company networks," she says.

"Also, it might be easier to reach an acceptance with the employees on strict security measures, as opposed to in a situation where they have no influence on the tool du jour."

The key here is to ensure that the flow of valuable data or potential malware does not cross the company's perimeters without detection, Raaum says.

Advertisement - Article continues below

Alongside the financial arguments, any company needs to weigh up whether BYOD is worth the cost and effort of implementation. Users may want the latest sexy device, but if the arguments don't stack up, there is very little incentive for the organisation to allow or fund - this.

Visit the Intel IT Centre for further help and guidance for IT managers and professionals.

Featured Resources

2,000 days: the CIO's world in 2025

What the role of the CIO will look like in five years time

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now

The IT roadmap from modernisation to innovation with consistent hybrid cloud

A guide to a modern, cloud-enabled IT infrastructure

Download now

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020