Addressing the BYOD Trend
Ensuring the Security of Personally-Owned Mobile DevicesYou may be tempted to ignore - or even block - the BYOD trend. But that would be short-sighted.
See Also: Cybersecurity Awareness Engagement Toolkit: Elevate Your Security Culture
It's time to acknowledge that "bring your own device" is a trend that isn't going to go away. As more members of your workforce acquire the latest and greatest tablets and smart phones, they'll increasingly demand the ability to use personally-owned devices for some business purposes.
And as more organizations conclude that accommodating BYOD can slash their costs for acquiring and maintaining mobile technology, they'll come up with policies for addressing the security issues involved (see: BYOD: How to Minimize Risk).
Certainly, accommodating personally-owned tablets, smart phones and other mobile devices brings risks. The devices are easily lost, which can make any data stored on them vulnerable. And unless organizations make a concerted effort to ensure security controls, such as encryption and remote-wipe capability, are in place on these devices, they could be much riskier to use than corporate-owned devices, which routinely have security controls installed.
Some experts, including Roger Baker, CIO at the U.S. Department of Veterans Affairs, argue that the security issues involved when allowing personally owned devices are largely legal, rather than technical. For example, the VA is devising a legal agreement for those using personally-owned devices that gives the agency the right to wipe any VA information off the device and ensures the VA has access to the device when needed.
But the VA, and many others, also are turning to technology to deal with security issues. For example, the VA is investing in a more robust mobile device manager application to monitor the devices and enforce policies.
I believe many organizations, at least at first, will attempt to prohibit storage of sensitive information on personally-owned devices. That may be the most powerful way to mitigate risks. But will it prove practical and enforceable? We'll have to wait and see.
If your 2012 plans don't include addressing the BYOD phenomenon, it's time to add to your to-do list.