New BYOD security issues
I've noted recently that the bring-your-own-device (BYOD) trend has heated up to the point that most people think that massive numbers of personal devices on the corporate network are essentially inevitable.
There's no effective way to keep these devices out of the enterprise. Employees (and executives) will barely blink if they are denied by the IT department. There are obviously some big security implications to this trend.
eWeek recently touched on this theme, essentially agreeing that the BYOD is inevitable. It noted that in October, the U.S. Department of Defense, "which maintains the highest security standards and would seem to be the ultimate Research In Motion stronghold—announced that it was expanding its device support beyond BlackBerry to include Apple iPhones and Android smartphones."
Some companies may assume that the security challenge amounts to incremental change, but that would be a mistake. The article notes that Gartner has "spelled out a three-level approach. In the first, the firm owns the device and is 100 percent responsible for it; in the second, the employee owns the device, IT puts in place 'isolation techniques,' also referred to as containerizing—secure data resides in a special 'container' on the device—and responsibility for the device is equally shared."
The article continues, noting that "The third level is for special cases," such as the "the crazy executive" who says, "I don't care what you say, I'm still going to use this device."
Such executives must be asked to "take full responsibility" for security. Gartner "concedes that this approach doesn't guarantee the lowest total cost of ownership (TCO)—a carrot that IT usually chases. But it does ensure choice and some degree of control."
- here's the article