Actu
BYOD: an increasing security challenge
November 2013 by
the challenges of ‘Bring Your Own Device’ (BOYD) for all business are increasing exponentially as highlighted recently by the case of The Rt Hon Francis Maude MP.
Maude grew so fed up with Whitehall’s ‘clunky and rubbish’ IT systems he had his own personal wi-fi network installed.
Talking about Maude’s frustration Colin Tankard, Managing Director of Digital Pathways, says, “Think about this... he is on a secure government network working in the House of Commons, there are specific data handling regulations put in place to make sure his, and everyone else’s, data stays secure. By circumventing these regulations he compromises the security process put in place to protect him and his data.
‘There are reasons why government systems, in particular, need to be secure. Government systems play host to a cornucopia of sensitive (and classified) data. Maude’s action could have actually opened the door for the UK’s (or at least his party’s) enemies, critics and adversaries to hack into various databases.’
This issue is not just one for the media and House of Commons however. Increasingly employees are bringing their own devices to the work place adding to the risk of data loss and compromise. The Maude issue crystallizes the conflict between the organisation’s security needs and the individual’s desire to work in the style they are accustomed to.
The whole issue of integrating BOYD is highly complex with the most basic challenge being that not all personal devices can be protected using enterprise level security packages.
At a larger, strategic level, how does the organisation clearly separate personal and company information when devices are attached to the network and sync’s, for example, backups?
One solution, according to Tankard, is to install appropriate software on the personal device that ensures that when linked back, on to the corporate network, the device is scanned for any non appropriate applications or settings that may have been applied whilst being away from the network and only allowing reconnection once such material has been removed.
Tankard says, “If employees are to use their own devices the organisation must ensure that its Terms of Employment clearly state that any company information stored on personal devices must be removed from the device when the employees contract is terminated.
‘Organisations should also ensure that it has ‘at will’ access to the personal device in order to conduct audits on its content to make sure there is no inappropriate information or images being stored that could be transferred onto its own networks. If such material were to transfer then the company could find itself liable.
‘Frankly, the issues, challenges and costs to an organisation for allowing BOYD are huge and in my opinion out-way any benefits of allowing personnel to use their own devices. I would advise that the best solution is to say no!’
