Avoiding basic BYOD blunders
Each company has to work out its own correct mix of technology and policy safeguards. But most have figured out how to sidestep these fundamental BYOD security errors - have you?
By Michael Fitzgerald
February 14, 2013 — CSO —
For all the sophistication and power of the modern cell phone or tablet, people think of them more or less like pens: You can use the generic ballpoints they have at the office, or you can bring the one you like from home. That's a consequence of high technology becoming pervasive. People use technology widely, and they might prefer what they use on their own time.
Pens, of course, can't access corporate networks (yet). But cell phones and tablets represent powerful computing devices; people might even be able to get more done using their personal devices for work. That's given rise to the BYOD (bring your own device) phenomenon. Just five [almost] years ago, in January 2008, only 10 percent of U.S. companies responding to an Aberdeen survey said they allowed workers to use their home devices. In July 2012, that jumped to more than 80 percent of U.S. respondents. The same trend exists outside the U.S., though fewer companies elsewhere allow BYOD, with companies in the Asia-Pacific region most resistant.
Companies mostly allow BYOD for mobile phones and tablets, aiming to get the productivity benefits of mobile technology without having to shell out a lot of money for corporate cell phones. Notebook computers still tend to be provisioned by corporations.
[Also read BYOD keeps expanding and IT just has to deal with it]
One looming problem with BYOD: Just because workers have smart phones does not mean they'll be smart about security.
"I have no trouble with people bringing their own machines to work if, and only if, they are competent to run them," Dan Geer, a security researcher and chief information security officer at In-Q-Tel, the CIA's venture capital arm, said in an email. "If they are mere subscribers with a penchant for shiny things, then keep them out of the network."
ESSENTIAL READING
In-depth information on securing mobile devices and wireless networks. Smartphones, tablets, BYOD - policies, technologies and strategies for protecting corporate data and intellectual property.
20 security and privacy apps for Androids and iPhones
What's the most secure smartphone? | BlackBerry vs iOS vs Android
5 policy questions for mobile device security
Bad policy = bad security
5 questions on tablet security
What are the risks, the support requirements, the best security technologies?
Mobile security threats are heating up
Slow firmware updates, poorly vetted apps, and mobile-specific malware mean trouble
Wireless intrusion detection systems
- Modernizing Wireless Infrastructure for Today's Mobile and Data Driven Enterprise
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- Attacks from China: A survival guide
Chinese cyberattack activity is back in the news this morning, with new details emerging on new attacks. Here's a collection of stories to help infosec pros better understand the threat. - #FFSec: Infosec pros who bring value to Twitter
- B-Sides Boston is Saturday
More Salted Hash with Bill Brenner
