Skip to main content

Bring Your Own Device – Boom or Bust?

February 17, 2012

Mobile DevicesThe idea of “Bring Your Own Device” (BYOD) is nothing new, but with the advancement of certain technologies it’s a definite possibility for businesses. Consumers have access to a great many cutting-edge technologies that they want to bring with them into the workplace. The question though “Is it right for your business?” The answer is, as with many things that we deal with in information technology, “It depends.” That was not the insightful answer you were expecting, I’m sure, but let me explain further.

The research you do will show that some companies say that it — allowing employees to bring their own devices — shifts technology costs from the business to the employee. True enough, employees purchase their cutting-edge pieces of technology and do so with no issues. It increases employee happiness, giving them carte blanche on whatever technology they feel best fits their current needs and keeps them happy. Yet, as a information security professional, it’s my duty to rain on the parades of the collective and remind everyone that there are things to consider:

  • The enforcement of the corporate acceptable use policy becomes a little harder to enforce on hardware that is owned by the employee and not the business.
  • Does your company fall under certain compliance criteria? E.g., Payment Card Industry (PCI) standards, Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA).
  • Something that is often overlooked in some cases centers around portable devices, such as tablets and smart phones, is how applications access and share data on the device. There are varying degrees of requirements defined across each respective platform.
  • The cost is shifted from buying technology to managing it. Are you willing to spend the needed dollars?

These are only a few concerns, and they will vary depending on what industry your company is in, but as with everything, there are answers. One thing to remember, however, is that while business may be driving IT to support personal devices, the data they use is still owned by the company. This requirement forces IT to think of how to protect that data while providing the ability to move forward with BYOD. Nike has a well-documented BYOD policy in which it only allows certain devices, so clearly you can “do it."

There are certain technologies out there that will help with implementation of BYOD. The Mobile Device Management (MDM) space has grown exponentially within the past couple of years to help address this very issue. The industry is still evolving in that area, but there are some cool things waiting for you that help protect company data on portable devices.

Network access control (NAC) is another technology that helps protect a network from personal devices on that network. A company may choose to segment the devices off of the network or group them in such a way they are easily tracked. There are certain NAC vendors that can even inspect a client machine to check for compliance and further help mitigate risk to your environment. There are numerous ways to help with tackling this issue from a technology standpoint, but at the end of the day, it’s about the policies and top-down support. The policies put in place can help manage the vast hole that can be BYOD, while top-level support can help push those policies. The policies then need to be communicated A LOT and in as many ways as possible to the user base.

When taking on the decision on whether to venture into the BYOD territory, remember that ultimately your commitment is safeguarding customer data. When this is coupled with proper policies, adequate technology and BYOD, it can open the door to new ways of doing business.

Related Blogs

January 13, 2015

Protecting Personal Devices

The holiday season has come and gone, and 2015 is officially upon us. Many of us are back at work toting a shiny new tablet, phone or laptop we were f...

See Details

March 14, 2018

Observations on Smoke Tests – Part 1

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perfo...

See Details

April 24, 2013

Cyber Security Flaws We All Know and Love

Joseph Belans provided an excellent presentation at BSides titled "Hacking like it's 1999: Security Flaws We All Know and Love." Below is a video rec...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

September 28, 2016

Enterprise Security Program Assessment

Learn how Optiv's Executive Security Awareness program can find and address security vulnerabilities for your company's executives.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.