Avoiding basic BYOD blunders
Each company has to work out its own correct mix of technology and policy safeguards. But most have figured out how to sidestep these fundamental BYOD security errors - have you?
By Michael Fitzgerald
February 14, 2013 — CSO —
For all the sophistication and power of the modern cell phone or tablet, people think of them more or less like pens: You can use the generic ballpoints they have at the office, or you can bring the one you like from home. That's a consequence of high technology becoming pervasive. People use technology widely, and they might prefer what they use on their own time.
Pens, of course, can't access corporate networks (yet). But cell phones and tablets represent powerful computing devices; people might even be able to get more done using their personal devices for work. That's given rise to the BYOD (bring your own device) phenomenon. Just five [almost] years ago, in January 2008, only 10 percent of U.S. companies responding to an Aberdeen survey said they allowed workers to use their home devices. In July 2012, that jumped to more than 80 percent of U.S. respondents. The same trend exists outside the U.S., though fewer companies elsewhere allow BYOD, with companies in the Asia-Pacific region most resistant.
Companies mostly allow BYOD for mobile phones and tablets, aiming to get the productivity benefits of mobile technology without having to shell out a lot of money for corporate cell phones. Notebook computers still tend to be provisioned by corporations.
One looming problem with BYOD: Just because workers have smart phones does not mean they'll be smart about security.
"I have no trouble with people bringing their own machines to work if, and only if, they are competent to run them," Dan Geer, a security researcher and chief information security officer at In-Q-Tel, the CIA's venture capital arm, said in an email. "If they are mere subscribers with a penchant for shiny things, then keep them out of the network."