28 May 12 Industry Insights

Bring Your Own Device (BYOD) and Information Security

It is well known that it is near impossible to complete all your daily tasks in an 8-10 hour day in the office, with employees constantly on the move at meetings, conferences, events etc. Traditionally, a company would provide their employees with a work phone and computer that is connected to the company network, allowing access to necessary information when not in the office. However, with the emergence of technology, the majority of people now own sophisticated devices such as smart-phones, tablets and high-performance laptops which can easily connect to the company network. The trend of “Bring your own device” (BYOD), is hot in information technology at the moment with more enterprises going down this route and doing away with the company owned devices, but the question is why?


In a recent blog by Evy Schwartz on[1] she cites the top 10 motivating factors that emerged from a survey by Citrix as to why organisations are adopting the BYOD strategy.


Top 10 Motivators for BYOD

  1. Ease of working off-site.
  2. Employees have relevant equipment.
  3. Attract and retain top talent.
  4. Decrease device management costs.
  5. Attract and retain younger workers.
  6. Attract and retain other worker types (such as home-based).
  7. Reduce training and on-boarding costs.
  8. Enable self-service IT.
  9. Bolster business continuity.
  10. Best way to handle proliferation of devices.


These are all great reasons for using BYOD, and for me personally the biggest ones being: Decrease device management costs and reduce training and on-boarding costs. All businesses are looking to be as cost efficient as possible and BYOD is an area where a business can save money and possibly increase profit, with employees able to work and drive business outside of the office.


So BYOD is the perfect answer to saving costs and getting workers to put in overtime? Well not necessarily. There’s the small issue of security!


Devices provided by the employers have a minimal security threat as it is all controlled by the company with access to information monitored and security software in place. However, with BYOD the owner has “power” over the device with no restrictions in place. Therefore, it poses risks to sensitive data and information i.e. if a user goes on a website (usually blocked on a company device), spyware or malware virus can develop and in an instant confidential company information/property is leaked into the wrong hands.


So what’s the answer?

A solution to this would be to control the employee’s personal device and put Mobile Device Management policies and security software in place which would restrict the employee on their own personal device, reducing the functions they could utilise. But no employee would sign up for that! Pay for an iPhone on a monthly contract costing £35+ a month and not being able to download applications from the app store because your boss has blocked it?!


BYOD was a topic of discussion at Symantec’s Vision 2012 conference in Las Vegas this month[2]. Their solution involves mobile application management software provided by Nukona (recently acquired by Symantec) which would allow a company to put the authentication, encryption and copy controls to the particular applications containing the confidential data, allowing security without having to completely take control of the individuals device. Similarly BYOD is a focus of mobile security leaders, Good Technology. They also provide software that can secure a personal device without completely taking over. Their offering “places an un-breachable partition between personal and business data”[3]


A consultant’s view:

Ian Benfell CISM – Head of Information Security & Compliance at Mclaren F1 Group 2009-2012 [4]


“Bring Your Own Device is a game-changer in the security world. And, it is a game-changer that must be embraced whether we like it or not. BYOD is coming our way, fast. The reason is simple: freedom of choice. Given the option to choose between a corporate maintained PC laden with layers of services that takes 15 minutes to start-up, and is so restricted it makes doing your job hard work; Or, your employer gives you a few quid and tells you to go and pick whatever device you like (including that shiny MacBook you’ve always lusted after), which one will you choose? OK, so it is now my problem to look after it, but that is a small price to pay.

How many businesses will turn away the chance to save money and have a workforce happier with their IT provision than ever before?

Security professionals need to be agile now or risk being left behind and spending their time playing catch-up, or worse still missing the boat completely. Strategies built on restriction and blocking are no longer viable, old strategies must be renewed and embrace the brave new world. Security solutions for BYOD are still thin on the ground, so creativity is called for to find the best approach for your business. However, there are already a great many answers already out there, from the sandbox to mobile device management to the shrinking perimeter. Stand back and take a fresh look at your options; you might be surprised by what you can see.”


There are still a number of issues with BYOD and some grey areas; however, with the likes of Symantec and Good Technology citing it as of massive importance and high on their list of priorities in terms of security, I feel BYOD will soon be the norm.


You might also like 








[4] – Ian Benfell CISM


by Pratap

Like our content? You'll love our newsletter