What’s the deal with BYOD and security?

TwitterFacebookGoogle+LinkedInRedditStumbleUpon

Many of us carry around devices that contain a mix of personal and business information, which creates an issue for security teams.

For example, using your phone to entertain a toddler while dining out becomes a bad idea if you have any kind of corporate confidential data on your phone. Worse, if there is Protected Health Information (PHI) data on your phone. What happens if data is accidentally forwarded, lost, or shared inappropriately? These are some of the challenges of the bring your own device (BYOD) trend, the market progression where employees to want to have the ability to be connected to work on their own devices.

In the context of this blog, I’m speaking to mobile, but really, the issues around security, data governance and privacy apply to any device one would personally own and then connect to an employer private network.

With an increasing trend around BYOD in a corporation, there will be adoption issues. Among those issues are data breaches and data governance. How do you control data as a corporation if an employee leaves and takes their personal tablet with them? Corporate data may go with it. That’s a big problem.

It’s easy to institute corporate standards around how a device can be setup and used but without any serious controls it’s also very easy as an employee to ignore those rules, either actively or through ignorance.

ibm endpoint manager appIBM requires Tivoli Endpoint Manager on mobile devices used for work.  One thing about this piece of corporate software that could give a user pause is the ability to remotely wipe a device. Companies that care about security, and want to join the BYOD bandwagon must have carefully constructed policies around the devices, and a plan to enforce those policies.

We have to deal with long passwords, lock screens, malware detectors, power hungry VPNs and now monitoring software. All of these technologies enable us to do work on our toys.

The problem that corporations have with this new wave of mobile devices are all the personal types of uses they have and how employees view the devices as their own.

A new trend now is for people to carry two devices to satisfy these requirements. There is also work on mobile devices running the OS in a VM, allowing a locked down work VM and a second personal VM.

In my case, as long as I can still use Strava to map my bike rides, and take pictures with the camera, I’m fine with all of the corporate software on my mobile.

strava app

TwitterFacebookGoogle+LinkedInRedditStumbleUpon
Comments Off
Jonathan Barney

About Jonathan Barney

Jonthan Barney is an enterprise security architecct at IBM. His is based in New York.
This entry was posted in Security and tagged , , , , , , , , , , . Bookmark the permalink.