Innovative Security Solutions

Protecting Digital Frontiers

Security Bytes – Sept 2012 – BYOD to work

This month I am addressing the concept of BYOD (Bring Your Own Device) to work and how it can help / impact you daily life at work. Technological improvements and modern cloud based business solutions have spawned the need to frequently be in touch with the workplace and people around the world. Many companies have started allowing employees to bring their own phones, tablets and laptops to work with them to be used in a dual role of work and private use. Granted this model does not apply to all businesses, however those that can take advantage of this model can save substantial capital expenditure by leveraging employees own devices; However there is a double edge sword in this scenario.

 

The employee has to realize that by using their device at work they may be subject to the rules and regulations set forth buy the company’s security policy and that in come cases they may have to surrender their device to the company for “cleaning” before they bring it into the organization or when they change jobs. Also one must take note that many employer hiring contracts have specific writing pertaining to personal devices in the workplace and one must fully understand the implications of such use before they agree to use their own device in the workplace. It is important for an employee to keep regular backups of their device in a safe place to ensure that their personal data is not lost. Also one essentially gives up a layer of privacy when using a personal device at work. Many employers reserve the right to audit personal devices at random, so be careful of those private photos and private text messages! Also in some cases one may be limited to the amount and type of applications they are allowed to install and use on their private phone so that they don’t violate corporate policy.

An employer has to ensure that any device that is being used within an organization must comply with the security policy of the organization and make sure that the employee is willing to comply with company policy when using the device for business use. In some cases depending on the device there may be a way to encrypt a portion of the device for business use and enable that portion to be remotely managed if the need arises. Employers must consider this option carefully since it may be difficult to manage many different brands of devices a unified way. Another benefit to employers allowing users to use their own device is no learning curve. People that have their own devices usually know how to manage that device and utilize it properly allowing them to hit the ground running.

 

Ultimately the decision to BYOD or not is best decided by what a company expects of the employee and the sector of business the corporation delivers products to. A basic rule of thumb is if there is any risk of loss of business or monetary damage for leaked information the BYOD model may not be a good one, but for the rest of businesses it is a great way to save substantial money while allowing users to utilize their favorite technology within the corporate environment.

 

-Paul Mavrovic, CISSP