BYOD and the Security Nightmare
Jinfo Blog
4th April 2014
Abstract
FreePint writers have been commenting on BYOD - Bring Your Own Device - for a couple of years now. But recent developments suggest that it's poised to move into a different league - and the fear, uncertainty and doubt (or FUD) factor means that executives may be ill-prepared to deal with the security and other challenges that the "shadow IT" of mobile device use brings. In more recent articles, FreePint commentators have exposed the limitations of solutions such as Corporate Owned, Personally Enabled (COPE), and showed how the risks sometimes come from unexpected sources, and suggested that many of the changes required are behavioural, not technological.
Item
"Shadow IT" - the very phrase is calculated to strike fear, uncertainty and doubt (or FUD if you prefer) into the heart. Yet that's what's coming, according to FreePint's James Mullan, and many organisations seem ill-prepared for it.
Fed up with the firm failing to provide the functionality they need, a team may decide to use a consumer social media tool instead. The tool might work well, James warns - but the danger is that the data is lost or compromised in some manner.
It's just one more challenge posed by the Bring Your Own Device movement (BYOD), where employees find that they can work more efficiently (and at a time and place of their choosing) using powerful personal devices that may not meet the IT department's requirements. BYOD can also exacerbate data fragmentation, making it hard to know where everything is - but locking down desktops and drives probably won't help because, in James's experience, people will always find a way round that if it makes their lives easier.
BYOD or COPE?
So the threat of security breaches continues to grow as a result and, as another FreePint contributor Sophie Alexander discovers, firms are struggling to keep up. Reviewing some recent reports, she finds that although firms are moving in the right direction, their approach is still largely reactive, focusing on known threats - and that they're not doing nearly enough to train their staff in security awareness.
Some employers are trying to meet the BYOD challenge with a sort of halfway house policy called COPE, meaning Corporate Owned, Personally Enabled (some older background on that from James here). But, as I discovered recently, although COPE may possibly provide better corporate security, the benefit is lost if it comes at the expense of the user experience.
In any case, technology is only part of the answer. Many of the challenges are behavioural, as we'll all be aware if we've ever heard someone conducting a private conversation at full voice on the train, or taken a sneaky peek at what our commuter neighbour is working on.
The FUD Factor
But the FUD factor seems to be encouraging executives to bury their heads in the sand and focus on technological fixes, instead of concentrating on a whole host of other strategies like finding out what board members do with their confidential print-based material or checking out their third party business partners - a bigger threat than BYOD it seems. Other threats include using "111111" as a password or being taking in by phishing emails, which can apparently fool a fifth of employees.
BYOD may not make any of these behavioural threats worse, but they'll certainly make them more widespread. And the problem's getting urgent because, as Sophie Alexander perceptively observes, it looks as if large software vendors are taking a punt on BYOD.
With mobile application development projects set to outnumber native PC projects by four to one soon, Sophie draws attention to a raft of mobile acquisitions by some huge global software firms. These developments are going to take BYOD into a different league, she suggests - so if enterprises aren't taking it seriously yet, time may rapidly be running out.
Subscribe Now
Gain access to the full archive of FreePint Articles and Reports, plus have the ability to share these resources with anyone else at your organisation.
Complete our online form today to start your FreePint Subscription.
- Blog post title: BYOD and the Security Nightmare
- Link to this page
- View printable version
- Security Breaches? It's the Innocent Ones You Need To Worry About
Wednesday, 12th March 2014 - Cyber Security in the Enterprise
Thursday, 9th January 2014 - Large Software Vendors Bet on BYOD
Friday, 3rd January 2014 - Breach Fatigue or Plain Ol' FUD - the Human Factor is Still a Big Security Risk
Tuesday, 26th November 2013 - BYOD or COPE - Technology Isn't Always the Answer
Friday, 18th October 2013 - New IT Security Threats: The Rise of Shadow IT
Thursday, 17th October 2013 - Forget BYOD, It's Time to COPE
Wednesday, 31st October 2012
From information retrieval to integrated intelligence - with Dow Jones
23rd January 2025
AI contracting and licensing; Strategic information managers; End-user training
10th December 2024
- Jinfo Community session (TBC - Mar 2025) (Community) 20th March 2025
- Jinfo Community session (TBC - Feb 2025) (Community) 25th February 2025
- From information retrieval to integrated intelligence - with Dow Jones (Community) 23rd January 2025