Recently, I attended a security seminar on the newest buzzword in the IT industry – BYOD, or Bring Your Own Device – to complete my CISSP CPE (Continuing Professional Education) requirement for the year. The seminar was sponsored by ISC2 and the speaker, Brandon Dunlap, is a seasoned, insightful, and very entertaining speaker. I highly recommend the seminar.
BYOD came about because of the popularity of mobile devices – iPhone, iPad, Android, Blackberry, etc.- , the consumerization of IT, and employees getting more flexible schedules. Companies are starting to allow their employees to use their own devices – to improve productivity, mobility, and supposedly save the company money. The millennials, in particular, are more apt to use their own devices. Owning these devices for them signifies status symbol or a fashion statement.
However, does it make sense to allow these devices into the company’s network? What are the security implications of the BYOD phenomenon?
From a technology standpoint, there are a lot of innovations to secure both the mobile devices and the company’s applications and data, for instance, using containers, to separate personal apps and company’s apps. Security companies are creating products and services that will improve the security of BYOD. But from a policy and legal standpoint, very little is being done. Companies who jumped into this BYOD buzz are getting stung by BYOD pitfalls as exemplified by one of the greatest IT companies in the world – IBM. In addition, recent studies showed that BYOD does not really save company money.
Companies need to thoroughly understand BYOD before adopting it. It is a totally new way of working.
The seminar highlighted the many problems of BYOD, and the immense work that needs to be done to make it successful. No wonder the organizer entitled it “Bring Your Own Disaster” instead of “Bring Your Own Device.”