Quick Definitions –
‘BYOD’ – ‘Bring Your Own Device’ is the practice of allowing employees to use their own computers, smartphones or other devices for use and connectivity on the secure corporate network.
The Rise of the Mobile…
Can you believe that the first mobile phone was created over 40 years ago?! But when it comes to technology, 40-years is like going back to the days of Moses or the Roman Empire!! – A lot can happen in that time. The first mobile was created by Motorola, weighed an incredible 1.1Kg, and took 10 hours to charge for a 30 minute call.
So, when did it become OK to use your own device for work? This happened around 2010, when smartphones and tablet computers really took off, the work place was suddenly flooded with them and employees who wanted to connect them to the corporate network. This as you can imagine created a huge hole in the security of information as identified in 2012, when the industry started to look at how we secure corporate networks from mobile devices. More recently we see that ‘BYOD’ really no longer exists, as it has morphed in to a much broader spectrum of ‘BYOx’ where we are not just talking phones and tablets but also wearables such as smart watches and fitness monitors etc.
How do we secure a BYO?
I think, first to understand how we can secure these devices is to understand and accept they pose a risk to the Confidentiality, Integrity and Availability to your Primary asset – your Information. BYO’s have been very hard to manage in previous years, it is essentially like having an opening in to your house, which has no door on it, what is to stop anyone from walking in?
It is important to ensure you have an awareness of what BYO’s exist within your environment and to develop a policy around the best practice when using these devices.
What might your policy say?
In very simple terms, the policy should say whether use of BYO is permitted, what devices are permitted and lay out some guidance on how they can be used securely within your environment. Examples of guidelines it may be prudent to implement:
Once you have decided on your BYO policy in line with your business risk appetite then you should ensure all users understand the BYO policy and your Acceptable Use policy, and finally ensure you have a robust exit strategy to promptly disable access for leavers.